Solved Malware causing random ie popups, search redirects, sound files playing, etc..

Mevio

I found that all the soundfiles, although not popping up on my screen, were coming from a site called MEVIO. No clue what it is, but that is where its been popping up from.

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Thank you!

I am so glad to have your help!

But I must apologize again, for some reason aswMBR won't run... I even tried running it as administrator since I know how Vista is, I clicked allow when the it popped up asking for it, and nothing else happened after that...

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`40100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Once again I'm sorry, but same as when I wrote my original post, TDSSKiller will not run, even in safe mode. I've tried multiple times and it will pop up with the window asking whether or not to continue, I click continue, and nothing happens after that...

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

I attempted all the above methods, and although I got ComboFix to run, it would get into the scanning for infected files phase, and never leave it. I let it run all night last night after trying them both in safe mode, and when I woke up this morning the comp was frozen. I did get the RKill log, and I have a Hijackthis log as well.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/11/2011 at 7:24:17.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 11/11/2011 at 7:25:30.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:22:50 PM, on 11/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Frontier\Frontier Security Services\rps.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Frontier\Servicepoint\FrontierServicepointComHandler.exe
C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSMonitor.exe
C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kyle\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=NET_mmhpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Powered by Charter Communications
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
R3 - URLSearchHook: (no name) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3796973002-2924953103-1194441024-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Frontier Security Services (Radialpoint Security Services) - Frontier - C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe
O23 - Service: RadialpointIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
O23 - Service: Frontier Security Services Firewall (RP_FWS) - Frontier - C:\Program Files\Frontier\Frontier Security Services\Fws.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 7121 bytes

Don't know if Hijackthis will help at all...

I finally got TDSSKiller to work!

Here is the log from TDSSKiller, now that I was able to get it to run:

09:34:22.0971 5580 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
09:34:23.0545 5580 ============================================================
09:34:23.0545 5580 Current date / time: 2011/11/11 09:34:23.0545
09:34:23.0545 5580 SystemInfo:
09:34:23.0545 5580
09:34:23.0545 5580 OS Version: 6.0.6002 ServicePack: 2.0
09:34:23.0545 5580 Product type: Workstation
09:34:23.0545 5580 ComputerName: KYLE-PC
09:34:23.0546 5580 UserName: Kyle
09:34:23.0546 5580 Windows directory: C:\Windows
09:34:23.0546 5580 System windows directory: C:\Windows
09:34:23.0546 5580 Processor architecture: Intel x86
09:34:23.0546 5580 Number of processors: 2
09:34:23.0546 5580 Page size: 0x1000
09:34:23.0546 5580 Boot type: Normal boot
09:34:23.0546 5580 ============================================================
09:34:25.0412 5580 Initialize success
09:34:27.0693 6088 ============================================================
09:34:27.0693 6088 Scan started
09:34:27.0693 6088 Mode: Manual;
09:34:27.0693 6088 ============================================================
09:34:31.0763 6088 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:34:31.0768 6088 ACPI - ok
09:34:31.0815 6088 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
09:34:31.0822 6088 adp94xx - ok
09:34:31.0877 6088 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
09:34:31.0883 6088 adpahci - ok
09:34:31.0926 6088 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
09:34:31.0929 6088 adpu160m - ok
09:34:32.0018 6088 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
09:34:32.0022 6088 adpu320 - ok
09:34:32.0085 6088 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:34:32.0090 6088 AFD - ok
09:34:32.0243 6088 AgereSoftModem (7560f465f1ce69c53bf17559ee195548) C:\Windows\system32\DRIVERS\AGRSM.sys
09:34:32.0271 6088 AgereSoftModem - ok
09:34:32.0342 6088 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
09:34:32.0344 6088 agp440 - ok
09:34:32.0380 6088 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:34:32.0385 6088 aic78xx - ok
09:34:32.0428 6088 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
09:34:32.0429 6088 aliide - ok
09:34:32.0471 6088 Alpham1 (acd2f2df292b6cc28f58095bba63a068) C:\Windows\system32\DRIVERS\Alpham1.sys
09:34:32.0473 6088 Alpham1 - ok
09:34:32.0503 6088 Alpham2 (f4fafb2e74b83a156408b1b02302799e) C:\Windows\system32\DRIVERS\Alpham2.sys
09:34:32.0506 6088 Alpham2 - ok
09:34:32.0546 6088 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
09:34:32.0548 6088 amdagp - ok
09:34:32.0585 6088 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
09:34:32.0588 6088 amdide - ok
09:34:32.0619 6088 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
09:34:32.0624 6088 AmdK7 - ok
09:34:32.0702 6088 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
09:34:32.0705 6088 AmdK8 - ok
09:34:32.0796 6088 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
09:34:32.0799 6088 arc - ok
09:34:32.0826 6088 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
09:34:32.0829 6088 arcsas - ok
09:34:32.0860 6088 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:34:32.0861 6088 AsyncMac - ok
09:34:32.0901 6088 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:34:32.0903 6088 atapi - ok
09:34:33.0150 6088 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\Windows\system32\drivers\bdfsfltr.sys
09:34:33.0152 6088 bdfsfltr - ok
09:34:33.0183 6088 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:34:33.0186 6088 Beep - ok
09:34:33.0276 6088 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
09:34:33.0278 6088 blbdrive - ok
09:34:33.0315 6088 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:34:33.0317 6088 bowser - ok
09:34:33.0338 6088 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:34:33.0341 6088 BrFiltLo - ok
09:34:33.0368 6088 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:34:33.0369 6088 BrFiltUp - ok
09:34:33.0402 6088 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:34:33.0405 6088 Brserid - ok
09:34:33.0433 6088 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:34:33.0436 6088 BrSerWdm - ok
09:34:33.0465 6088 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:34:33.0468 6088 BrUsbMdm - ok
09:34:33.0499 6088 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:34:33.0502 6088 BrUsbSer - ok
09:34:33.0533 6088 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:34:33.0535 6088 BTHMODEM - ok
09:34:33.0641 6088 catchme - ok
09:34:33.0766 6088 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:34:33.0769 6088 cdfs - ok
09:34:33.0808 6088 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:34:33.0811 6088 cdrom - ok
09:34:33.0845 6088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
09:34:33.0848 6088 circlass - ok
09:34:33.0887 6088 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:34:33.0895 6088 CLFS - ok
09:34:33.0956 6088 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
09:34:33.0958 6088 cmdide - ok
09:34:33.0996 6088 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
09:34:33.0998 6088 Compbatt - ok
09:34:34.0035 6088 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
09:34:34.0036 6088 crcdisk - ok
09:34:34.0101 6088 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
09:34:34.0103 6088 Crusoe - ok
09:34:34.0165 6088 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\Windows\system32\drivers\DefragFS.sys
09:34:34.0168 6088 DefragFS - ok
09:34:34.0200 6088 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:34:34.0202 6088 DfsC - ok
09:34:34.0250 6088 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:34:34.0252 6088 disk - ok
09:34:34.0314 6088 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:34:34.0316 6088 drmkaud - ok
09:34:34.0364 6088 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:34:34.0381 6088 DXGKrnl - ok
09:34:34.0416 6088 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:34:34.0420 6088 E1G60 - ok
09:34:34.0470 6088 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:34:34.0476 6088 Ecache - ok
09:34:34.0534 6088 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
09:34:34.0541 6088 elxstor - ok
09:34:34.0584 6088 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
09:34:34.0586 6088 ErrDev - ok
09:34:34.0720 6088 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:34:34.0725 6088 exfat - ok
09:34:34.0760 6088 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:34:34.0764 6088 fastfat - ok
09:34:34.0830 6088 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:34:34.0833 6088 fdc - ok
09:34:34.0872 6088 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:34:34.0875 6088 FileInfo - ok
09:34:34.0907 6088 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:34:34.0908 6088 Filetrace - ok
09:34:34.0945 6088 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:34:34.0946 6088 flpydisk - ok
09:34:34.0984 6088 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:34:34.0986 6088 FltMgr - ok
09:34:35.0068 6088 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:34:35.0072 6088 Fs_Rec - ok
09:34:35.0193 6088 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
09:34:35.0197 6088 gagp30kx - ok
09:34:35.0240 6088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:34:35.0242 6088 GEARAspiWDM - ok
09:34:35.0285 6088 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:34:35.0289 6088 HdAudAddService - ok
09:34:35.0339 6088 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:34:35.0362 6088 HDAudBus - ok
09:34:35.0525 6088 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:34:35.0529 6088 HidBth - ok
09:34:35.0568 6088 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:34:35.0570 6088 HidIr - ok
09:34:35.0687 6088 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:34:35.0693 6088 HidUsb - ok
09:34:35.0779 6088 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
09:34:35.0781 6088 HpCISSs - ok
09:34:35.0830 6088 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:34:35.0838 6088 HTTP - ok
09:34:35.0870 6088 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
09:34:35.0871 6088 i2omp - ok
09:34:35.0897 6088 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:34:35.0898 6088 i8042prt - ok
09:34:35.0929 6088 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
09:34:35.0936 6088 iaStorV - ok
09:34:35.0979 6088 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:34:35.0982 6088 iirsp - ok
09:34:36.0074 6088 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
09:34:36.0076 6088 int15 - ok
09:34:36.0157 6088 IntcAzAudAddService (23ebcee9aaa4d6c88728791fab462456) C:\Windows\system32\drivers\RTKVHDA.sys
09:34:36.0198 6088 IntcAzAudAddService - ok
09:34:36.0234 6088 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:34:36.0235 6088 intelide - ok
09:34:36.0262 6088 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:34:36.0388 6088 intelppm - ok
09:34:36.0462 6088 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:34:36.0465 6088 IpFilterDriver - ok
09:34:36.0497 6088 IpInIp - ok
09:34:36.0534 6088 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
09:34:36.0536 6088 IPMIDRV - ok
09:34:36.0555 6088 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:34:36.0559 6088 IPNAT - ok
09:34:36.0582 6088 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:34:36.0584 6088 IRENUM - ok
09:34:36.0616 6088 is3srv - ok
09:34:36.0662 6088 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
09:34:36.0664 6088 isapnp - ok
09:34:36.0700 6088 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:34:36.0704 6088 iScsiPrt - ok
09:34:36.0730 6088 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:34:36.0732 6088 iteatapi - ok
09:34:36.0754 6088 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:34:36.0756 6088 iteraid - ok
09:34:36.0777 6088 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:34:36.0780 6088 kbdclass - ok
09:34:36.0815 6088 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:34:36.0817 6088 kbdhid - ok
09:34:36.0864 6088 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:34:36.0878 6088 KSecDD - ok
09:34:36.0915 6088 Lbd - ok
09:34:36.0948 6088 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:34:36.0951 6088 lltdio - ok
09:34:36.0991 6088 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
09:34:36.0994 6088 LSI_FC - ok
09:34:37.0017 6088 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
09:34:37.0050 6088 LSI_SAS - ok
09:34:37.0077 6088 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
09:34:37.0082 6088 LSI_SCSI - ok
09:34:37.0110 6088 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:34:37.0113 6088 luafv - ok
09:34:37.0151 6088 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
09:34:37.0154 6088 MBAMProtector - ok
09:34:37.0179 6088 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
09:34:37.0181 6088 megasas - ok
09:34:37.0210 6088 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
09:34:37.0218 6088 MegaSR - ok
09:34:37.0254 6088 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:34:37.0256 6088 Modem - ok
09:34:37.0292 6088 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:34:37.0295 6088 monitor - ok
09:34:37.0319 6088 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:34:37.0322 6088 mouclass - ok
09:34:37.0338 6088 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:34:37.0340 6088 mouhid - ok
09:34:37.0362 6088 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:34:37.0365 6088 MountMgr - ok
09:34:37.0386 6088 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
09:34:37.0390 6088 mpio - ok
09:34:37.0421 6088 MpKsla22ad28f - ok
09:34:37.0454 6088 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:34:37.0458 6088 mpsdrv - ok
09:34:37.0502 6088 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:34:37.0504 6088 Mraid35x - ok
09:34:37.0551 6088 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:34:37.0555 6088 MRxDAV - ok
09:34:37.0594 6088 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:34:37.0598 6088 mrxsmb - ok
09:34:37.0674 6088 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:34:37.0679 6088 mrxsmb10 - ok
09:34:37.0757 6088 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:34:37.0760 6088 mrxsmb20 - ok
09:34:37.0802 6088 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
09:34:37.0805 6088 msahci - ok
09:34:37.0845 6088 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
09:34:37.0849 6088 msdsm - ok
09:34:37.0900 6088 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:34:37.0904 6088 Msfs - ok
09:34:37.0931 6088 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:34:37.0932 6088 msisadrv - ok
09:34:38.0181 6088 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:34:38.0184 6088 MSKSSRV - ok
09:34:38.0218 6088 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:34:38.0220 6088 MSPCLOCK - ok
09:34:38.0255 6088 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:34:38.0257 6088 MSPQM - ok
09:34:38.0302 6088 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:34:38.0307 6088 MsRPC - ok
09:34:38.0345 6088 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:34:38.0349 6088 mssmbios - ok
09:34:38.0377 6088 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:34:38.0381 6088 MSTEE - ok
09:34:38.0420 6088 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:34:38.0422 6088 Mup - ok
09:34:38.0463 6088 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:34:38.0471 6088 NativeWifiP - ok
09:34:38.0524 6088 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:34:38.0541 6088 NDIS - ok
09:34:38.0665 6088 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:34:38.0667 6088 NdisTapi - ok
09:34:38.0694 6088 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:34:38.0696 6088 Ndisuio - ok
09:34:38.0746 6088 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:34:38.0750 6088 NdisWan - ok
09:34:38.0780 6088 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:34:38.0784 6088 NDProxy - ok
09:34:38.0861 6088 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:34:38.0863 6088 NetBIOS - ok
09:34:38.0899 6088 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:34:38.0904 6088 netbt - ok
09:34:38.0948 6088 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:34:38.0951 6088 nfrd960 - ok
09:34:38.0997 6088 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:34:38.0999 6088 Npfs - ok
09:34:39.0082 6088 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:34:39.0085 6088 nsiproxy - ok
09:34:39.0138 6088 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:34:39.0165 6088 Ntfs - ok
09:34:39.0205 6088 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:34:39.0207 6088 ntrigdigi - ok
09:34:39.0240 6088 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:34:39.0242 6088 Null - ok
09:34:39.0500 6088 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:34:39.0605 6088 nvlddmkm - ok
09:34:39.0754 6088 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
09:34:39.0757 6088 nvraid - ok
09:34:39.0801 6088 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
09:34:39.0803 6088 nvstor - ok
09:34:39.0850 6088 nvstor32 (fa7b8eca6e845b244b7e30a9dcd82c6c) C:\Windows\system32\DRIVERS\nvstor32.sys
09:34:39.0852 6088 nvstor32 - ok
09:34:39.0885 6088 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
09:34:39.0889 6088 nv_agp - ok
09:34:39.0914 6088 NwlnkFlt - ok
09:34:39.0937 6088 NwlnkFwd - ok
09:34:39.0976 6088 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:34:39.0979 6088 ohci1394 - ok
09:34:40.0042 6088 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:34:40.0047 6088 Parport - ok
09:34:40.0169 6088 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:34:40.0171 6088 partmgr - ok
09:34:40.0208 6088 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:34:40.0211 6088 Parvdm - ok
09:34:40.0267 6088 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:34:40.0271 6088 pci - ok
09:34:40.0305 6088 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:34:40.0307 6088 pciide - ok
09:34:40.0351 6088 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:34:40.0355 6088 pcmcia - ok
09:34:40.0416 6088 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:34:40.0439 6088 PEAUTH - ok
09:34:40.0559 6088 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:34:40.0561 6088 PptpMiniport - ok
09:34:40.0605 6088 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
09:34:40.0672 6088 Processor - ok
09:34:40.0759 6088 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Frontier\Frontier Security Services\BitDefender\profos.sys
09:34:40.0762 6088 Profos - ok
09:34:40.0856 6088 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:34:40.0860 6088 PSched - ok
09:34:40.0919 6088 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
09:34:40.0944 6088 ql2300 - ok
09:34:40.0990 6088 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:34:40.0994 6088 ql40xx - ok
09:34:41.0084 6088 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:34:41.0087 6088 QWAVEdrv - ok
09:34:41.0191 6088 RadialpointIDSDriver (bdbed9fc165faf04be644ec212ba4603) C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
09:34:41.0195 6088 RadialpointIDSDriver - ok
09:34:41.0255 6088 RadialpointIDSEH - ok
09:34:41.0364 6088 RadialpointIDSFilter (a6c0c7d9da55e5c3dd9c62b11916586b) C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
09:34:41.0366 6088 RadialpointIDSFilter - ok
09:34:41.0475 6088 RadialpointIDSShim (a79eeb6feace017928581ef13d573745) C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
09:34:41.0476 6088 RadialpointIDSShim - ok
09:34:41.0558 6088 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:34:41.0561 6088 RasAcd - ok
09:34:41.0600 6088 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:34:41.0604 6088 Rasl2tp - ok
09:34:41.0715 6088 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:34:41.0719 6088 RasPppoe - ok
09:34:41.0762 6088 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:34:41.0766 6088 RasSstp - ok
09:34:41.0808 6088 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:34:41.0813 6088 rdbss - ok
09:34:41.0863 6088 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:34:41.0866 6088 RDPCDD - ok
09:34:41.0914 6088 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
09:34:41.0921 6088 rdpdr - ok
09:34:41.0954 6088 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:34:41.0956 6088 RDPENCDD - ok
09:34:42.0004 6088 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:34:42.0009 6088 RDPWD - ok
09:34:42.0092 6088 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\Windows\system32\DRIVERS\rp_pkt32.sys
09:34:42.0093 6088 RPPKT - ok
09:34:42.0137 6088 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\Windows\system32\DRIVERS\rp_skt32.sys
09:34:42.0138 6088 RPSKT - ok
09:34:42.0183 6088 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:34:42.0187 6088 rspndr - ok
09:34:42.0227 6088 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:34:42.0231 6088 RTL8169 - ok
09:34:42.0270 6088 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:34:42.0274 6088 sbp2port - ok
09:34:42.0324 6088 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:34:42.0326 6088 secdrv - ok
09:34:42.0375 6088 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:34:42.0377 6088 Serenum - ok
09:34:42.0415 6088 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:34:42.0420 6088 Serial - ok
09:34:42.0454 6088 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:34:42.0456 6088 sermouse - ok
09:34:42.0525 6088 sfdrv01 (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
09:34:42.0528 6088 sfdrv01 - ok
09:34:42.0559 6088 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
09:34:42.0562 6088 sffdisk - ok
09:34:42.0596 6088 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
09:34:42.0598 6088 sffp_mmc - ok
09:34:42.0627 6088 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
09:34:42.0635 6088 sffp_sd - ok
09:34:42.0713 6088 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
09:34:42.0716 6088 sfhlp02 - ok
09:34:42.0759 6088 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:34:42.0761 6088 sfloppy - ok
09:34:42.0796 6088 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
09:34:42.0799 6088 sfsync02 - ok
09:34:42.0833 6088 sfvfs02 (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
09:34:42.0837 6088 sfvfs02 - ok
09:34:42.0902 6088 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
09:34:42.0904 6088 sisagp - ok
09:34:42.0998 6088 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
09:34:43.0001 6088 SiSRaid2 - ok
09:34:43.0054 6088 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
09:34:43.0059 6088 SiSRaid4 - ok
09:34:43.0166 6088 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:34:43.0170 6088 Smb - ok
09:34:43.0223 6088 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:34:43.0226 6088 spldr - ok
09:34:43.0278 6088 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:34:43.0285 6088 srv - ok
09:34:43.0326 6088 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:34:43.0330 6088 srv2 - ok
09:34:43.0363 6088 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:34:43.0366 6088 srvnet - ok
09:34:43.0413 6088 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
09:34:43.0415 6088 sscdbus - ok
09:34:43.0459 6088 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\Windows\system32\DRIVERS\sscdserd.sys
09:34:43.0464 6088 sscdserd - ok
09:34:43.0604 6088 StarOpen - ok
09:34:43.0724 6088 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:34:43.0726 6088 swenum - ok
09:34:43.0771 6088 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:34:43.0775 6088 Symc8xx - ok
09:34:43.0798 6088 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:34:43.0802 6088 Sym_hi - ok
09:34:43.0822 6088 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:34:43.0825 6088 Sym_u3 - ok
09:34:43.0854 6088 szkg5 - ok
09:34:43.0869 6088 szkgfs - ok
09:34:43.0962 6088 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
09:34:43.0987 6088 Tcpip - ok
09:34:44.0104 6088 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
09:34:44.0111 6088 Tcpip6 - ok
09:34:44.0154 6088 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
09:34:44.0156 6088 tcpipreg - ok
09:34:44.0187 6088 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:34:44.0189 6088 TDPIPE - ok
09:34:44.0214 6088 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:34:44.0217 6088 TDTCP - ok
09:34:44.0250 6088 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:34:44.0254 6088 tdx - ok
09:34:44.0290 6088 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:34:44.0293 6088 TermDD - ok
09:34:44.0396 6088 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Frontier\Frontier Security Services\BitDefender\trufos.sys
09:34:44.0399 6088 Trufos - ok
09:34:44.0482 6088 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:34:44.0485 6088 tssecsrv - ok
09:34:44.0545 6088 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:34:44.0549 6088 tunmp - ok
09:34:44.0574 6088 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:34:44.0577 6088 tunnel - ok
09:34:44.0619 6088 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
09:34:44.0695 6088 uagp35 - ok
09:34:44.0732 6088 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:34:44.0738 6088 udfs - ok
09:34:44.0781 6088 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
09:34:44.0784 6088 uliagpkx - ok
09:34:44.0812 6088 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
09:34:44.0818 6088 uliahci - ok
09:34:44.0843 6088 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:34:44.0848 6088 UlSata - ok
09:34:44.0874 6088 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:34:44.0877 6088 ulsata2 - ok
09:34:44.0900 6088 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:34:44.0904 6088 umbus - ok
09:34:44.0942 6088 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:34:44.0945 6088 USBAAPL - ok
09:34:44.0978 6088 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:34:44.0981 6088 usbccgp - ok
09:34:45.0013 6088 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:34:45.0016 6088 usbcir - ok
09:34:45.0061 6088 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:34:45.0063 6088 usbehci - ok
09:34:45.0084 6088 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:34:45.0089 6088 usbhub - ok
09:34:45.0124 6088 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:34:45.0126 6088 usbohci - ok
09:34:45.0161 6088 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:34:45.0164 6088 usbprint - ok
09:34:45.0187 6088 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:34:45.0190 6088 usbscan - ok
09:34:45.0211 6088 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:34:45.0213 6088 USBSTOR - ok
09:34:45.0248 6088 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:34:45.0251 6088 usbuhci - ok
09:34:45.0283 6088 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
09:34:45.0289 6088 VClone - ok
09:34:45.0329 6088 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
09:34:45.0331 6088 vga - ok
09:34:45.0361 6088 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:34:45.0364 6088 VgaSave - ok
09:34:45.0388 6088 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
09:34:45.0390 6088 viaagp - ok
09:34:45.0414 6088 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
09:34:45.0416 6088 ViaC7 - ok
09:34:45.0445 6088 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
09:34:45.0447 6088 viaide - ok
09:34:45.0481 6088 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:34:45.0484 6088 volmgr - ok
09:34:45.0519 6088 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:34:45.0528 6088 volmgrx - ok
09:34:45.0575 6088 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:34:45.0578 6088 volsnap - ok
09:34:45.0617 6088 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
09:34:45.0693 6088 vsmraid - ok
09:34:45.0781 6088 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:34:45.0785 6088 WacomPen - ok
09:34:45.0810 6088 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:34:45.0812 6088 Wanarp - ok
09:34:45.0820 6088 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:34:45.0822 6088 Wanarpv6 - ok
09:34:45.0859 6088 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:34:45.0861 6088 Wd - ok
09:34:45.0892 6088 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:34:45.0900 6088 Wdf01000 - ok
09:34:46.0034 6088 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:34:46.0039 6088 WmiAcpi - ok
09:34:46.0096 6088 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:34:46.0099 6088 WpdUsb - ok
09:34:46.0135 6088 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:34:46.0138 6088 ws2ifsl - ok
09:34:46.0204 6088 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:34:46.0207 6088 WUDFRd - ok
09:34:46.0244 6088 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
09:34:46.0277 6088 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
09:34:46.0277 6088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
09:34:46.0741 6088 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk7\DR7
09:34:46.0747 6088 \Device\Harddisk7\DR7 - ok
09:34:46.0788 6088 Boot (0x1200) (0f42a57ca89010094954bb1436aaf77b) \Device\Harddisk0\DR0\Partition0
09:34:46.0790 6088 \Device\Harddisk0\DR0\Partition0 - ok
09:34:46.0796 6088 Boot (0x1200) (0fe62a851327db71741672e9f4eac1d5) \Device\Harddisk7\DR7\Partition0
09:34:46.0820 6088 \Device\Harddisk7\DR7\Partition0 - ok
09:34:46.0820 6088 ============================================================
09:34:46.0820 6088 Scan finished
09:34:46.0820 6088 ============================================================
09:34:46.0840 0936 Detected object count: 1
09:34:46.0840 0936 Actual detected object count: 1
09:34:53.0144 0936 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
09:34:53.0144 0936 \Device\Harddisk0\DR0 - ok
09:34:53.0145 0936 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
09:35:07.0006 3332 Deinitialize success

Which then allowed aswMBR to work!

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-11 10:12:46
-----------------------------
10:12:46.581 OS Version: Windows 6.0.6002 Service Pack 2
10:12:46.581 Number of processors: 2 586 0x1706
10:12:46.583 ComputerName: KYLE-PC UserName: Kyle
10:12:48.483 Initialize success
10:15:36.003 AVAST engine defs: 11111100
10:15:40.208 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
10:15:40.210 Disk 0 Vendor: ST332081 SD23 Size: 305245MB BusType: 6
10:15:42.238 Disk 0 MBR read successfully
10:15:42.240 Disk 0 MBR scan
10:15:42.244 Disk 0 unknown MBR code
10:15:42.255 Disk 0 scanning sectors +625140400
10:15:42.418 Disk 0 scanning C:\Windows\system32\drivers
10:15:54.013 Service scanning
10:15:55.717 Modules scanning
10:16:02.002 Disk 0 trace - called modules:
10:16:02.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys storport.sys nvstor32.sys rassstp.sys
10:16:02.036 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87905ac8]
10:16:02.039 3 CLASSPNP.SYS[8afde8b3] -> nt!IofCallDriver -> [0x86781ae0]
10:16:02.046 5 acpi.sys[806956bc] -> nt!IofCallDriver -> \Device\00000061[0x86781710]
10:16:03.193 AVAST engine scan C:\Windows
10:16:06.910 AVAST engine scan C:\Windows\system32
10:18:57.656 AVAST engine scan C:\Windows\system32\drivers
10:19:23.757 AVAST engine scan C:\Users\Kyle
10:22:53.252 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
10:22:53.259 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

I am going to give DDS another try since the others have been running now.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Kyle at 10:26:29 on 2011-11-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1564 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Frontier\Frontier Security Services\Fws.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\REGSVR32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.comcast.net/?cid=NET_mmhpset
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\kyle\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{776B2AAC-54DD-4B4A-9919-42C18115253D} : DhcpNameServer = 192.168.1.1 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-4-29 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-9 366152]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-9 2253120]
R2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\frontier\frontier security services\avg\identity protection\agent\bin\AVGIDSAgent.exe [2011-6-27 5832712]
R2 ServicepointService;ServicepointService;c:\program files\frontier\servicepoint\ServicepointService.exe [2011-6-27 689464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-9 22216]
R3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\frontier\frontier security services\avg\identity protection\agent\drivers\AVGIDSDriver.sys [2011-6-27 122376]
R3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\frontier\frontier security services\avg\identity protection\agent\drivers\AVGIDSfilter.sys [2011-6-27 30216]
R3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\frontier\frontier security services\avg\identity protection\agent\drivers\AVGIDSShim.sys [2011-6-27 27800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Radialpoint Security Services;Frontier Security Services;c:\program files\frontier\frontier security services\RpsSecurityAwareR.exe [2010-12-18 167016]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-11 15:12:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-11 15:12:26 -------- d-----w- c:\users\kyle\appdata\local\temp
2011-11-11 14:46:05 -------- d-----w- C:\kylel
2011-11-11 14:37:31 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39daab91-ae67-4dee-9afa-44c87f524e03}\offreg.dll
2011-11-11 03:52:16 98816 ----a-w- c:\windows\sed.exe
2011-11-11 03:52:16 518144 ----a-w- c:\windows\SWREG.exe
2011-11-11 03:52:16 256000 ----a-w- c:\windows\PEV.exe
2011-11-11 03:52:16 208896 ----a-w- c:\windows\MBR.exe
2011-11-11 01:36:38 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-09 22:54:04 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-11-09 21:17:57 -------- d-----w- c:\program files\World of Warcraft
2011-11-09 21:06:49 -------- d-----w- c:\programdata\STOPzilla!
2011-11-09 20:32:13 -------- d-----w- c:\programdata\PC Tools
2011-11-09 19:40:42 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-09 19:40:42 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-09 19:40:41 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-09 19:40:40 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-09 19:40:40 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-09 19:40:40 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-11-09 19:40:40 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-11-09 19:40:40 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-11-09 19:40:39 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-11-09 19:40:39 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-11-09 19:40:39 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2011-11-09 19:40:39 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2011-11-09 19:39:58 487424 ----a-w- c:\windows\system32\msvcp70.dll
2011-11-09 19:39:58 344064 ----a-w- c:\windows\system32\msvcr70.dll
2011-11-09 19:39:57 974848 ----a-w- c:\windows\system32\mfc70.dll
2011-11-09 19:39:57 608448 ----a-w- c:\windows\system32\comctl32.ocx
2011-11-09 19:39:57 -------- d-----w- c:\program files\AML Products
2011-11-09 19:38:30 -------- d--h--w- c:\windows\msdownld.tmp
2011-11-09 19:38:25 -------- d-----w- c:\windows\system32\directx
2011-11-09 19:35:36 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-09 19:33:55 -------- d-----w- c:\program files\LSI SoftModem
2011-11-09 18:51:43 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-09 18:49:41 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-09 18:49:41 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-11-09 18:49:40 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-09 18:49:40 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-09 18:49:40 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-09 18:49:40 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-09 18:49:40 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-09 18:49:40 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-09 18:49:40 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-11-09 18:49:40 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-11-09 14:48:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 09:39:13 2409784 ---ha-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 09:39:09 913280 ---ha-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:39:09 31232 ---ha-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 09:39:08 707584 ---ha-w- c:\program files\common files\system\wab32.dll
2011-11-08 06:54:36 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{39daab91-ae67-4dee-9afa-44c87f524e03}\mpengine.dll
2011-11-05 23:40:40 -------- d-----w- c:\users\kyle\appdata\local\Conduit
2011-10-12 22:36:31 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 22:36:30 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 22:36:30 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 22:36:30 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 22:36:28 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 22:35:46 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 22:35:45 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 22:35:45 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 22:35:45 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
==================== Find3M ====================
.
2011-10-15 08:53:00 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53:00 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53:00 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-15 08:53:00 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53:00 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53:00 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-03 17:33:47 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-31 03:05:04 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05:04 73064 ---ha-w- c:\windows\system32\dnssd.dll
2011-08-18 13:51:37 0 ----a-w- c:\programdata\sear.exe
2011-08-18 13:51:37 0 ----a-w- c:\programdata\mgro.exe
2011-08-18 13:51:37 0 ----a-w- c:\programdata\dmup.exe
2011-08-18 13:51:37 0 ----a-w- c:\programdata\ccpd.exe
.
============= FINISH: 10:26:50.00 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/29/2009 4:30:47 AM
System Uptime: 11/11/2011 9:36:34 AM (1 hours ago)
.
Motherboard: eMachines | | EMCP73VT-PM
Processor: Pentium(R) Dual-Core CPU E2210 @ 2.20GHz | CPU 1 | 2203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 115.981 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP915: 11/9/2011 1:50:35 PM - Device Driver Package Install: NVIDIA Display adapters
RP916: 11/9/2011 2:03:57 PM - Windows Update
RP917: 11/9/2011 2:33:01 PM - Windows Update
RP919: 11/9/2011 2:40:08 PM - Installed DirectX
RP920: 11/9/2011 2:48:39 PM - Windows Update
RP921: 11/9/2011 4:04:31 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP923: 11/9/2011 4:42:52 PM - StopZILLA! Restore Point.
RP924: 11/9/2011 5:16:20 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP925: 11/9/2011 5:20:31 PM - Removed Bing Bar
RP926: 11/10/2011 7:30:08 AM - Restore Operation
RP927: 11/10/2011 4:04:46 PM - Windows Update
RP928: 11/11/2011 8:27:03 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Absolute Poker
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.6
Agere Systems PCI-SV92PP Soft Modem
AML Free Registry Cleaner 4.22
Any Video Converter 3.2.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Charter Browser Updater
Choice Guard
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Dell Driver Download Manager
Desktop Doctor
Diablo II
DivX Plus Web Player
eMachines Recovery Management
Frontier Security Services
Frontier Servicepoint 3.7.44
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet 6500 E710a-f Basic Device Software
HP Officejet 6500 E710a-f Help
HP Officejet 6500 E710a-f Product Improvement Study
HP Update
I.R.I.S. OCR
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Junk Mail filter update
K-Lite Codec Pack 2.72 Full
LSI PCI-SV92PP Soft Modem
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
NVIDIA Control Panel 285.62
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 285.62
NVIDIA Install Application
NVIDIA Update 1.5.20
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PerfectDisk 10 Professional
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RPS CRT
RPS PerfectDiskStub
RPS RpsCore
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spelling Dictionaries Support For Adobe Reader 9
StarCraft II
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
11/11/2011 9:38:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv Lbd RadialpointIDSEH StarOpen szkg5 szkgfs
11/11/2011 9:36:04 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
11/11/2011 10:08:54 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Sorry for swamping you with all this at once, but I was excited when things finally started working! Thank you so much for any and all help!

Very good

See if Combofix will run now.

I had already gotten it to run after TDSSKiller, just forgot to post the log. Here it is and Thank You!

ComboFix 11-11-11.02 - Kyle 11/11/2011 9:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1899 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\kylel.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\users\Kyle\AppData\Local\bjua.exe
c:\users\Kyle\AppData\Local\guvf.exe
c:\users\Kyle\AppData\Local\hmgy.exe
c:\users\Kyle\AppData\Local\kohs.exe
c:\users\Kyle\AppData\Local\ohqa.exe
c:\users\Kyle\AppData\Local\qquy.exe
c:\users\Kyle\AppData\Local\tsnv.exe
c:\users\Kyle\AppData\Local\yovc.exe
c:\users\Kyle\AppData\Roaming\Adobe\plugs
c:\users\Kyle\AppData\Roaming\Adobe\shed
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\users\Kyle\Documents\R166244.zip
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 15:07 . 2011-11-11 15:09 -------- d-----w- c:\users\Kyle\AppData\Local\temp
2011-11-11 15:07 . 2011-11-11 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-11 14:37 . 2011-11-11 14:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\offreg.dll
2011-11-11 01:36 . 2011-11-11 01:36 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-09 22:54 . 2011-11-09 22:54 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-11-09 21:17 . 2011-11-10 14:01 -------- d-----w- c:\program files\World of Warcraft
2011-11-09 21:06 . 2011-11-09 22:18 -------- d-----w- c:\programdata\STOPzilla!
2011-11-09 20:32 . 2011-11-09 20:54 -------- d-----w- c:\programdata\PC Tools
2011-11-09 19:40 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-09 19:40 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-09 19:40 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-09 19:40 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-09 19:40 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-09 19:35 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-09 19:33 . 2011-11-09 19:33 -------- d-----w- c:\program files\LSI SoftModem
2011-11-09 18:52 . 2011-11-09 18:52 -------- d-----w- c:\users\UpdatusUser
2011-11-09 18:51 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-09 18:49 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-09 18:49 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-11-09 18:49 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-09 18:49 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-09 18:49 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-09 18:49 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-09 18:49 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-09 18:49 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-09 18:49 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-11-09 18:49 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-11-09 14:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 09:39 . 2011-10-17 11:41 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 09:39 . 2011-09-20 21:02 913280 ---ha-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:39 . 2011-09-20 13:44 31232 ---ha-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 09:39 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 06:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\mpengine.dll
2011-11-05 23:40 . 2011-11-05 23:45 -------- d-----w- c:\users\Kyle\AppData\Local\Conduit
2011-10-12 22:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 22:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 22:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 22:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 22:36 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 22:35 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 22:35 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 22:35 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 22:35 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 08:53 . 2010-07-09 20:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-07-09 20:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-07-09 20:37 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-07-09 20:37 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2010-07-09 20:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2009-04-02 06:34 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-03 17:33 . 2011-10-03 17:33 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 17:20 . 2011-10-03 17:20 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-03 17:19 . 2011-10-03 17:19 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 17:19 . 2011-10-03 17:19 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ---ha-w- c:\windows\system32\dnssd.dll
2011-08-28 22:39 . 2011-08-28 22:39 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-28 22:39 . 2011-08-28 22:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-28 22:39 . 2011-08-28 22:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-28 22:39 . 2011-08-28 22:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-28 22:39 . 2011-08-28 22:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-28 22:39 . 2011-08-28 22:39 367104 ----a-w- c:\windows\system32\html.iec
2011-08-28 22:39 . 2011-08-28 22:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-28 22:39 . 2011-08-28 22:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-28 22:39 . 2011-08-28 22:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-28 22:39 . 2011-08-28 22:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-28 22:39 . 2011-08-28 22:39 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-28 22:39 . 2011-08-28 22:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-28 22:39 . 2011-08-28 22:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-28 22:39 . 2011-08-28 22:39 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-28 22:39 . 2011-08-28 22:39 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-28 22:39 . 2011-08-28 22:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\sear.exe
2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\mgro.exe
2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\dmup.exe
2011-08-18 13:51 . 2011-08-18 13:51 0 ----a-w- c:\programdata\ccpd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-23 6183456]
"Skytel"="Skytel.exe" [2008-07-23 1826816]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-7 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [x]
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [x]
R0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R1 MpKsla22ad28f;MpKsla22ad28f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB74DC68-B187-490C-A237-642160622152}\MpKsla22ad28f.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Radialpoint Security Services;Frontier Security Services;c:\program files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe [2010-12-18 167016]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\Frontier\Servicepoint\ServicepointService.exe [2011-01-20 689464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - E824DCC9
*NewlyCreated* - EF504A6D
*Deregistered* - e824dcc9
*Deregistered* - ef504a6d
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/?cid=NET_mmhpset
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-11 10:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-11-11 10:12:21
ComboFix-quarantined-files.txt 2011-11-11 15:12
.
Pre-Run: 124,723,134,464 bytes free
Post-Run: 125,150,244,864 bytes free
.
- - End Of File - - 2776F3DCA377C90EE1BA2587F014BE91

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box
• Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

Here we go:

ComboFix 11-11-11.04 - Kyle 11/11/2011 11:54:45.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1572 [GMT -5:00]
Running from: c:\users\Kyle\Desktop\kylel.exe
Command switches used :: c:\users\Kyle\Desktop\cfscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\ccpd.exe"
"c:\programdata\dmup.exe"
"c:\programdata\mgro.exe"
"c:\programdata\sear.exe"
"c:\windows\system32\drivers\is3srv.sys"
"c:\windows\system32\drivers\szkg.sys"
"c:\windows\system32\drivers\szkgfs.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ccpd.exe
c:\programdata\dmup.exe
c:\programdata\mgro.exe
c:\programdata\sear.exe
c:\programdata\STOPzilla!
c:\programdata\STOPzilla!\modules_scanned.db
c:\programdata\STOPzilla!\scanner.log
c:\programdata\STOPzilla!\userdata.db
c:\programdata\STOPzilla!\vdb\vb-000.vdb
c:\programdata\STOPzilla!\vdb\vb-001.vdb
c:\programdata\STOPzilla!\vdb\vb-002.vdb
c:\programdata\STOPzilla!\vdb\vb-003.vdb
c:\programdata\STOPzilla!\vdb\vb-004.vdb
c:\programdata\STOPzilla!\vdb\vb-005.vdb
c:\programdata\STOPzilla!\vdb\vb-006.vdb
c:\programdata\STOPzilla!\vdb\vb-007.vdb
c:\programdata\STOPzilla!\vdb\vb-008.vdb
c:\programdata\STOPzilla!\vdb\vb-009.vdb
c:\programdata\STOPzilla!\vdb\vb-010.vdb
c:\programdata\STOPzilla!\vdb\vb-011.vdb
c:\programdata\STOPzilla!\vdb\vb-012.vdb
c:\programdata\STOPzilla!\vdb\vb-013.vdb
c:\programdata\STOPzilla!\vdb\vb-014.vdb
c:\programdata\STOPzilla!\vdb\vb-015.vdb
c:\programdata\STOPzilla!\vdb\vb-016.vdb
c:\programdata\STOPzilla!\vdb\vb-017.vdb
c:\programdata\STOPzilla!\vdb\vb-018.vdb
c:\programdata\STOPzilla!\vdb\vb-019.vdb
c:\programdata\STOPzilla!\vdb\vb-020.vdb
c:\programdata\STOPzilla!\vdb\vb-021.vdb
c:\programdata\STOPzilla!\vdb\vb-022.vdb
c:\programdata\STOPzilla!\vdb\vb-023.vdb
c:\programdata\STOPzilla!\vdb\vb-024.vdb
c:\programdata\STOPzilla!\vdb\vb-025.vdb
c:\programdata\STOPzilla!\vdb\vb-026.vdb
c:\programdata\STOPzilla!\vdb\vb-027.vdb
c:\programdata\STOPzilla!\vdb\vb-028.vdb
c:\programdata\STOPzilla!\vdb\vb-029.vdb
c:\programdata\STOPzilla!\vdb\vb-030.vdb
c:\programdata\STOPzilla!\vdb\vb-031.vdb
c:\programdata\STOPzilla!\vdb\vb-032.vdb
c:\programdata\STOPzilla!\vdb\vb-033.vdb
c:\programdata\STOPzilla!\vdb\vb-034.vdb
c:\programdata\STOPzilla!\vdb\vb-035.vdb
c:\programdata\STOPzilla!\vdb\vb-036.vdb
c:\programdata\STOPzilla!\vdb\vb-037.vdb
c:\programdata\STOPzilla!\vdb\vb-038.vdb
c:\programdata\STOPzilla!\vdb\vb-039.vdb
c:\programdata\STOPzilla!\vdb\vb-040.vdb
c:\programdata\STOPzilla!\vdb\vb-041.vdb
c:\programdata\STOPzilla!\vdb\vb-042.vdb
c:\programdata\STOPzilla!\vdb\vb-043.vdb
c:\programdata\STOPzilla!\vdb\vb-044.vdb
c:\programdata\STOPzilla!\vdb\vb-045.vdb
c:\programdata\STOPzilla!\vdb\vb-046.vdb
c:\programdata\STOPzilla!\vdb\vb-047.vdb
c:\programdata\STOPzilla!\vdb\vb-048.vdb
c:\programdata\STOPzilla!\vdb\vb-049.vdb
c:\programdata\STOPzilla!\vdb\vb-050.vdb
c:\programdata\STOPzilla!\vdb\vb-051.vdb
c:\programdata\STOPzilla!\vdb\vb-052.vdb
c:\programdata\STOPzilla!\vdb\vb-053.vdb
c:\programdata\STOPzilla!\vdb\vb-054.vdb
c:\programdata\STOPzilla!\vdb\vb-055.vdb
c:\programdata\STOPzilla!\vdb\vb-056.vdb
c:\programdata\STOPzilla!\vdb\vb-057.vdb
c:\programdata\STOPzilla!\vdb\vb-058.vdb
c:\programdata\STOPzilla!\vdb\vb-059.vdb
c:\programdata\STOPzilla!\vdb\vb-060.vdb
c:\programdata\STOPzilla!\vdb\vb-061.vdb
c:\programdata\STOPzilla!\vdb\vb-062.vdb
c:\programdata\STOPzilla!\vdb\vb-063.vdb
c:\programdata\STOPzilla!\vdb\vb-064.vdb
c:\programdata\STOPzilla!\vdb\vb-065.vdb
c:\programdata\STOPzilla!\vdb\vb-066.vdb
c:\programdata\STOPzilla!\vdb\vb-067.vdb
c:\programdata\STOPzilla!\vdb\vb-068.vdb
c:\programdata\STOPzilla!\vdb\vb-069.vdb
c:\programdata\STOPzilla!\vdb\vb-070.vdb
c:\programdata\STOPzilla!\vdb\vb-071.vdb
c:\programdata\STOPzilla!\vdb\vb-072.vdb
c:\programdata\STOPzilla!\vdb\vb-073.vdb
c:\programdata\STOPzilla!\vdb\vb-074.vdb
c:\programdata\STOPzilla!\vdb\vb-075.vdb
c:\programdata\STOPzilla!\vdb\vb-076.vdb
c:\programdata\STOPzilla!\vdb\vb-077.vdb
c:\programdata\STOPzilla!\vdb\vb-078.vdb
c:\programdata\STOPzilla!\vdb\vb-079.vdb
c:\programdata\STOPzilla!\vdb\vb-080.vdb
c:\programdata\STOPzilla!\vdb\vb-081.vdb
c:\programdata\STOPzilla!\vdb\vb-082.vdb
c:\programdata\STOPzilla!\vdb\vb-083.vdb
c:\programdata\STOPzilla!\vdb\vb-084.vdb
c:\programdata\STOPzilla!\vdb\vb-085.vdb
c:\programdata\STOPzilla!\vdb\vb-086.vdb
c:\programdata\STOPzilla!\vdb\vb-087.vdb
c:\programdata\STOPzilla!\vdb\vb-088.vdb
c:\programdata\STOPzilla!\vdb\vb-089.vdb
c:\programdata\STOPzilla!\vdb\vb-090.vdb
c:\programdata\STOPzilla!\vdb\vb-091.vdb
c:\programdata\STOPzilla!\vdb\vb-092.vdb
c:\programdata\STOPzilla!\vdb\vb-093.vdb
c:\programdata\STOPzilla!\vdb\vb-094.vdb
c:\programdata\STOPzilla!\vdb\vb-095.vdb
c:\programdata\STOPzilla!\vdb\vb-096.vdb
c:\programdata\STOPzilla!\vdb\vb-097.vdb
c:\programdata\STOPzilla!\vdb\vb-098.vdb
c:\programdata\STOPzilla!\vdb\vb-099.vdb
c:\programdata\STOPzilla!\vdb\vb-100.vdb
c:\programdata\STOPzilla!\vdb\vb-101.vdb
c:\programdata\STOPzilla!\vdb\vb-102.vdb
c:\programdata\STOPzilla!\vdb\vb-103.vdb
c:\programdata\STOPzilla!\vdb\vb-104.vdb
c:\programdata\STOPzilla!\vdb\vb-105.vdb
c:\programdata\STOPzilla!\vdb\vb-106.vdb
c:\programdata\STOPzilla!\vdb\vb-107.vdb
c:\programdata\STOPzilla!\vdb\vb-108.vdb
c:\programdata\STOPzilla!\vdb\vb-109.vdb
c:\programdata\STOPzilla!\vdb\vb-110.vdb
c:\programdata\STOPzilla!\vdb\vb-111.vdb
c:\programdata\STOPzilla!\vdb\vb-112.vdb
c:\programdata\STOPzilla!\vdb\vb-113.vdb
c:\programdata\STOPzilla!\vdb\vb-114.vdb
c:\programdata\STOPzilla!\vdb\vb-115.vdb
c:\programdata\STOPzilla!\vdb\vb-116.vdb
c:\programdata\STOPzilla!\vdb\vb-117.vdb
c:\programdata\STOPzilla!\vdb\vbcorent.dll
c:\programdata\STOPzilla!\vdb\vdb.xml
c:\programdata\STOPzilla!\vdb\xml_edk.log
c:\programdata\STOPzilla!\zilla5.log
K:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SZKG5
-------\Legacy_SZKGFS
-------\Service_is3srv
-------\Service_szkg5
-------\Service_szkgfs
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-11 18:02 . 2011-11-11 18:02 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\offreg.dll
2011-11-11 17:13 . 2011-11-11 18:03 -------- d-----w- c:\users\Kyle\AppData\Local\temp
2011-11-11 01:36 . 2011-11-11 01:36 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-09 22:54 . 2011-11-09 22:54 65808 ----a-w- c:\windows\system32\drivers\tmrkb.sys
2011-11-09 21:17 . 2011-11-10 14:01 -------- d-----w- c:\program files\World of Warcraft
2011-11-09 20:32 . 2011-11-09 20:54 -------- d-----w- c:\programdata\PC Tools
2011-11-09 19:40 . 2010-06-02 09:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2011-11-09 19:40 . 2010-06-02 09:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2011-11-09 19:40 . 2010-06-02 09:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2011-11-09 19:40 . 2010-05-26 16:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-11-09 19:40 . 2010-05-26 16:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-11-09 19:35 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-09 19:33 . 2011-11-09 19:33 -------- d-----w- c:\program files\LSI SoftModem
2011-11-09 18:52 . 2011-11-09 18:52 -------- d-----w- c:\users\UpdatusUser
2011-11-09 18:51 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-11-09 18:49 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2011-11-09 18:49 . 2011-10-15 08:53 18871616 ----a-w- c:\windows\system32\nvoglv32.dll
2011-11-09 18:49 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-11-09 18:49 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-11-09 18:49 . 2011-10-15 08:53 5578560 ----a-w- c:\windows\system32\nvcuda.dll
2011-11-09 18:49 . 2011-10-15 08:53 2401088 ----a-w- c:\windows\system32\nvcuvid.dll
2011-11-09 18:49 . 2011-10-15 08:53 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-11-09 18:49 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2011-11-09 18:49 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-11-09 18:49 . 2011-10-15 08:53 10327360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-11-09 14:48 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-09 09:39 . 2011-10-17 11:41 2409784 ---ha-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 09:39 . 2011-09-20 21:02 913280 ---ha-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:39 . 2011-09-20 13:44 31232 ---ha-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 09:39 . 2011-09-30 15:57 707584 ---ha-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 06:54 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39DAAB91-AE67-4DEE-9AFA-44C87F524E03}\mpengine.dll
2011-11-05 23:40 . 2011-11-05 23:45 -------- d-----w- c:\users\Kyle\AppData\Local\Conduit
2011-10-12 22:36 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 22:36 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 22:36 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 22:36 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 22:36 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 22:35 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 22:35 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 22:35 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 22:35 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 08:53 . 2010-07-09 20:37 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2010-07-09 20:37 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2011-10-15 08:53 . 2010-07-09 20:37 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2010-07-09 20:37 123712 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2010-07-09 20:37 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2009-04-02 06:34 2458432 ----a-w- c:\windows\system32\nvapi.dll
2011-10-03 17:33 . 2011-10-03 17:33 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 17:20 . 2011-10-03 17:20 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-03 17:19 . 2011-10-03 17:19 749832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-03 17:19 . 2011-10-03 17:19 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ---ha-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ---ha-w- c:\windows\system32\dnssd.dll
2011-08-28 22:39 . 2011-08-28 22:39 161792 ----a-w- c:\windows\system32\msls31.dll
2011-08-28 22:39 . 2011-08-28 22:39 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-28 22:39 . 2011-08-28 22:39 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-28 22:39 . 2011-08-28 22:39 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-28 22:39 . 2011-08-28 22:39 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-08-28 22:39 . 2011-08-28 22:39 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-08-28 22:39 . 2011-08-28 22:39 367104 ----a-w- c:\windows\system32\html.iec
2011-08-28 22:39 . 2011-08-28 22:39 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-28 22:39 . 2011-08-28 22:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-28 22:39 . 2011-08-28 22:39 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-08-28 22:39 . 2011-08-28 22:39 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-28 22:39 . 2011-08-28 22:39 152064 ----a-w- c:\windows\system32\wextract.exe
2011-08-28 22:39 . 2011-08-28 22:39 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-08-28 22:39 . 2011-08-28 22:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-28 22:39 . 2011-08-28 22:39 11776 ----a-w- c:\windows\system32\mshta.exe
2011-08-28 22:39 . 2011-08-28 22:39 101888 ----a-w- c:\windows\system32\admparse.dll
2011-08-28 22:39 . 2011-08-28 22:39 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-11-7 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Radialpoint Security Services]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Kyle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 22:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 RadialpointIDSEH;RadialpointIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [x]
R1 MpKsla22ad28f;MpKsla22ad28f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB74DC68-B187-490C-A237-642160622152}\MpKsla22ad28f.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Radialpoint Security Services;Frontier Security Services;c:\program files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe [2010-12-18 167016]
S2 RadialpointIDSAgent;RadialpointIDSAgent;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe RadialpointIDSAgent [x]
S2 ServicepointService;ServicepointService;c:\program files\Frontier\Servicepoint\ServicepointService.exe [2011-01-20 689464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 RadialpointIDSDriver;RadialpointIDSDriver;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys [2009-11-02 122376]
S3 RadialpointIDSFilter;RadialpointIDSFilter;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys [2009-11-02 30216]
S3 RadialpointIDSShim;RadialpointIDSShim;c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys [2009-11-02 27800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 03325D94
*Deregistered* - 03325d94
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bdx REG_MULTI_SZ scan sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
- c:\users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-02 20:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AgereModemAudio]
"ImagePath"="c:\windows\system32\agrsmsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\AGRSM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Alpham1]
"ImagePath"="system32\DRIVERS\Alpham1.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Alpham2]
"ImagePath"="system32\DRIVERS\Alpham2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AmdK8]
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\bdfsfltr]
"ImagePath"="system32\drivers\bdfsfltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\catchme]
"ImagePath"="\??\c:\users\Kyle\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DefragFS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ETService]
"ImagePath"="c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HpCISSs]
"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\i2omp]
"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\int15]
"ImagePath"="\??\c:\windows\system32\drivers\int15.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHDA.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iteatapi]
"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\iteraid]
"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Lbd]
"ImagePath"="system32\DRIVERS\Lbd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MBAMService]
"ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MpKsla22ad28f]
"ImagePath"="\??\c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB74DC68-B187-490C-A237-642160622152}\MpKsla22ad28f.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Mraid35x]
"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvstor32]
"ImagePath"="system32\DRIVERS\nvstor32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvsvc]
"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nvUpdatusService]
"ImagePath"="c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Parvdm]
"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PDAgent]
"ImagePath"="\"c:\program files\Raxco\PerfectDisk10\PDAgent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PDEngine]
"ImagePath"="\"c:\program files\Raxco\PerfectDisk10\PDEngine.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Profos]
"ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\BitDefender\profos.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Radialpoint Security Services]
"ImagePath"="\"c:\program files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSAgent]
"ImagePath"="\"c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe\" RadialpointIDSAgent"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSDriver]
"ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys"
.

[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSEH]
"ImagePath"="system32\drivers\AVGIDSEH.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSFilter]
"ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RadialpointIDSShim]
"ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RPPKT]
"ImagePath"="system32\DRIVERS\rp_pkt32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RPSKT]
"ImagePath"="system32\DRIVERS\rp_skt32.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RP_FWS]
"ImagePath"="c:\program files\Frontier\Frontier Security Services\Fws.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\RTL8169]
"ImagePath"="system32\DRIVERS\Rtlh86.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\scan]
"ServiceDll"="c:\program files\Frontier\Frontier Security Services\BitDefender\scan.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ServicepointService]
"ImagePath"="\"c:\program files\Frontier\Servicepoint\ServicepointService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfsync02]
"ImagePath"="System32\drivers\sfsync02.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sfvfs02]
"ImagePath"="System32\drivers\sfvfs02.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sprtsvc_ddoctorv2]
"ImagePath"="\"c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe\" /service /P ddoctorv2"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\sscdserd]
"ImagePath"="system32\DRIVERS\sscdserd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\StarOpen]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Symc8xx]
"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Sym_hi]
"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Sym_u3]
"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Trufos]
"ImagePath"="\??\c:\program files\Frontier\Frontier Security Services\BitDefender\trufos.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\uliahci]
"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UlSata]
"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ulsata2]
"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usb]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VClone]
"ImagePath"="system32\DRIVERS\VClone.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\vsmraid]
"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\VxD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wd]
"ImagePath"="system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Services\{776B2AAC-54DD-4B4A-9919-42C18115253D}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet019\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\RtHDVCpl.exe
c:\program files\HP\HP Software Update\hpwuschd2.exe
c:\windows\ehome\ehtray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Frontier\Servicepoint\FrontierServicepoint.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-11-11 13:09:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 18:08
ComboFix2.txt 2011-11-11 15:12
.
Pre-Run: 124,396,359,680 bytes free
Post-Run: 124,037,042,176 bytes free
.
- - End Of File - - A3E22409F1119ABA8E67DBB09E1493BB

One problem I had: After reboot and copying the log from CF, when I attempted to open Internet Explorer it said that it wasn't allowed because a registry was marked for deletion? I had to right click and run as administrator just to get online...

Update: Just found that it does that anytime I try to open ANY program, when I tried to open notepad the same error came up, and once again would only work if i ran as administrator.

You have to restart computer to fix that issue.

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

OTL logfile created on: 11/11/2011 1:45:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.57% Memory free
5.73 Gb Paging File | 4.49 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 115.56 Gb Free Space | 40.54% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
PRC - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 03:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 03:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/01/20 15:00:02 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Frontier\Servicepoint\ServicepointService.exe
PRC - [2011/01/20 14:59:58 | 004,318,520 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Servicepoint\FrontierServicepoint.exe
PRC - [2011/01/20 14:59:58 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Frontier\Servicepoint\FrontierServicepointComHandler.exe
PRC - [2010/12/18 00:06:32 | 000,378,160 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\RPS.exe
PRC - [2010/12/18 00:06:32 | 000,167,016 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe
PRC - [2010/12/18 00:05:34 | 000,382,280 | ---- | M] (Frontier) -- C:\Program Files\Frontier\Frontier Security Services\Fws.exe
PRC - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/11/02 14:26:48 | 000,592,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\AVGIDSMonitor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/23 13:25:32 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/20 14:51:08 | 000,158,208 | ---- | M] () -- C:\Program Files\Frontier\Servicepoint\Windows7Features.dll
MOD - [2009/11/02 14:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 14:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/15 03:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/01/20 15:00:02 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Frontier\Servicepoint\ServicepointService.exe -- (ServicepointService)
SRV - [2010/12/18 00:06:32 | 000,167,016 | ---- | M] (Frontier) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/12/18 00:05:34 | 000,382,280 | ---- | M] (Frontier) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\Fws.exe -- (RP_FWS)
SRV - [2010/07/20 11:23:18 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\scan.dll -- (scan)
SRV - [2009/11/02 14:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/06/08 11:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 11:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/07/22 21:14:28 | 000,012,800 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/10/15 03:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/27 12:38:04 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2009/11/26 08:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 08:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 14:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 14:27:00 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 14:27:00 | 000,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Frontier\Frontier Security Services\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/10/23 12:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/06/08 09:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2009/02/03 10:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008/08/13 17:14:34 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/11 13:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/25 07:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/07/23 09:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007/03/20 11:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2007/02/08 12:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/07/10 11:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/06/14 09:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=0409&m=et1810


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 04 40 EC 31 9D A0 CC 01 [binary data]
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Frontier\Servicepoint\nprpspa.dll (Frontier)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)


[2011/03/13 21:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions
[2009/09/04 11:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/03/13 21:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 20:18:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/05 13:02:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2011/11/11 13:03:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3796973002-2924953103-1194441024-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{776B2AAC-54DD-4B4A-9919-42C18115253D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.3iv2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 13:43:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/11/11 13:09:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\temp
[2011/11/11 13:03:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/11 12:13:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/11 11:50:28 | 000,000,000 | ---D | C] -- C:\kylel6361k
[2011/11/11 09:46:05 | 000,000,000 | ---D | C] -- C:\kylel
[2011/11/11 09:33:18 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
[2011/11/11 09:32:41 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
[2011/11/10 23:59:23 | 004,289,973 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
[2011/11/10 22:52:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/10 22:52:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/10 22:51:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/10 22:40:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/10 22:32:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/10 22:27:12 | 009,130,808 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Kyle\Desktop\AppRemover.exe.3wa5vbk.partial
[2011/11/10 21:20:17 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
[2011/11/10 20:36:38 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/11/10 13:27:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2011/11/10 06:25:14 | 000,000,000 | R-SD | C] -- C:\Users\Kyle\Documents\My Stationery
[2011/11/09 17:54:04 | 000,065,808 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/11/09 17:53:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RootkitBuster_5.00.1041
[2011/11/09 16:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2011/11/09 16:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2011/11/09 15:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/09 14:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner
[2011/11/09 14:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\AML Products
[2011/11/09 14:38:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/11/09 14:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/11/09 13:49:41 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/11/09 09:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/09 09:48:56 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/05 18:40:40 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Conduit
[2011/11/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\WoW+Gametime+Card+Generator+v2
[2011/11/02 17:34:06 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\IEP
[2011/10/17 12:41:33 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Flip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2011/11/11 13:32:01 | 000,000,904 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000UA.job
[2011/11/11 13:09:00 | 000,605,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/11 13:09:00 | 000,104,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/11 13:03:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/11 13:02:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 13:02:48 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/11 13:02:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/11 11:40:26 | 004,289,973 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
[2011/11/11 10:22:53 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/11/11 09:33:18 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
[2011/11/11 09:32:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
[2011/11/10 23:57:48 | 001,008,092 | ---- | M] () -- C:\Users\Kyle\Desktop\rkill.scr
[2011/11/10 22:40:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/11/10 22:29:01 | 000,006,749 | ---- | M] () -- C:\Users\Kyle\Desktop\latest.rtf
[2011/11/10 22:27:31 | 009,130,808 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Kyle\Desktop\AppRemover.exe.3wa5vbk.partial
[2011/11/10 21:46:11 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kyle\Desktop\boot_cleaner.exe
[2011/11/10 21:20:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
[2011/11/10 20:36:38 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/11/10 13:27:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2011/11/10 13:26:40 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
[2011/11/10 13:26:19 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\vihmwieo.exe.5vki4ku.partial
[2011/11/10 08:56:21 | 000,000,626 | ---- | M] () -- C:\Users\Kyle\Desktop\World of Warcraft - Shortcut.lnk
[2011/11/10 08:32:19 | 000,001,356 | ---- | M] () -- C:\Users\Kyle\AppData\Local\d3d9caps.dat
[2011/11/10 05:32:01 | 000,000,852 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3796973002-2924953103-1194441024-1000Core.job
[2011/11/09 17:54:39 | 000,065,808 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/11/09 16:35:21 | 000,001,339 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/09 16:19:35 | 000,000,907 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/11/09 15:36:53 | 002,345,954 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/09 15:07:17 | 003,655,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 14:39:59 | 000,000,977 | ---- | M] () -- C:\Users\Kyle\Desktop\AML Free Registry Cleaner.lnk
[2011/11/09 13:59:45 | 000,305,152 | ---- | M] () -- C:\Users\Kyle\Documents\windiag.iso
[2011/11/09 12:08:35 | 000,000,911 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/11/09 09:48:59 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 09:28:30 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6o
[2011/11/09 09:28:30 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6or
[2011/11/09 09:28:26 | 000,000,344 | ---- | M] () -- C:\ProgramData\1QrzVQxl0OlX6o
[2011/11/07 18:35:57 | 000,000,000 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/11/07 12:39:32 | 000,136,704 | ---- | M] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 17:32:26 | 000,000,064 | -H-- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/11/05 17:32:26 | 000,000,044 | -H-- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/11/05 17:27:47 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/10/20 13:03:56 | 000,002,569 | ---- | M] () -- C:\Users\Kyle\Desktop\Microsoft Office Word 2003.lnk
[2011/10/17 13:47:47 | 000,000,279 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\burnaware.ini
[2011/10/15 03:53:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/10/15 03:53:00 | 000,004,359 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/11 10:22:53 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2011/11/10 23:57:47 | 001,008,092 | ---- | C] () -- C:\Users\Kyle\Desktop\rkill.scr
[2011/11/10 22:52:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/10 22:52:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/10 22:52:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/10 22:52:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/10 22:52:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/10 22:29:01 | 000,006,749 | ---- | C] () -- C:\Users\Kyle\Desktop\latest.rtf
[2011/11/10 13:26:40 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
[2011/11/10 13:26:18 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\vihmwieo.exe.5vki4ku.partial
[2011/11/10 08:56:21 | 000,000,626 | ---- | C] () -- C:\Users\Kyle\Desktop\World of Warcraft - Shortcut.lnk
[2011/11/09 16:17:57 | 000,000,907 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/11/09 15:35:48 | 002,345,954 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/09 14:39:59 | 000,000,977 | ---- | C] () -- C:\Users\Kyle\Desktop\AML Free Registry Cleaner.lnk
[2011/11/09 13:59:45 | 000,305,152 | ---- | C] () -- C:\Users\Kyle\Documents\windiag.iso
[2011/11/09 12:08:35 | 000,000,911 | ---- | C] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/11/09 09:48:59 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/09 09:28:30 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1QrzVQxl0OlX6or
[2011/11/09 09:28:29 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1QrzVQxl0OlX6o
[2011/11/09 09:28:26 | 000,000,344 | ---- | C] () -- C:\ProgramData\1QrzVQxl0OlX6o
[2011/11/07 18:35:57 | 000,000,000 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/10/17 13:25:11 | 000,000,279 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\burnaware.ini
[2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/08/18 08:51:45 | 000,012,360 | -HS- | C] () -- C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/08/13 19:48:35 | 000,000,064 | -H-- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/08/13 19:48:35 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/08/08 13:03:11 | 000,000,304 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/08/08 12:59:49 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,010,848 | -HS- | C] () -- C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\xmfu.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qunm.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\qmev.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\demo.exe
[2011/06/20 20:18:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/06/18 10:45:38 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\Users\Kyle\AppData\Local\lnyr821l053312
[2011/05/12 11:23:12 | 000,011,322 | -HS- | C] () -- C:\ProgramData\lnyr821l053312
[2010/07/09 17:17:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/01/07 12:16:51 | 000,069,632 | RH-- | C] () -- C:\Windows\System32\xmltok.dll
[2010/01/07 12:16:51 | 000,036,864 | RH-- | C] () -- C:\Windows\System32\xmlparse.dll
[2009/11/09 17:06:44 | 000,001,339 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/02 16:01:00 | 000,001,609 | ---- | C] () -- C:\Windows\dhstatus.dat
[2009/11/02 15:40:38 | 000,001,561 | ---- | C] () -- C:\Windows\checkip.dat
[2009/10/21 12:20:08 | 000,005,504 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen_x86.sys
[2009/09/29 11:40:41 | 000,001,356 | ---- | C] () -- C:\Users\Kyle\AppData\Local\d3d9caps.dat
[2009/09/24 02:05:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 02:05:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/01 12:18:05 | 000,568,850 | -H-- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/09/01 12:18:04 | 003,596,288 | -H-- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/09/01 12:18:04 | 000,856,064 | -H-- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/01 12:18:04 | 000,217,088 | -H-- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/09/01 12:10:29 | 000,136,704 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 13:00:22 | 000,021,504 | -H-- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2009/08/31 13:00:21 | 000,185,344 | -H-- | C] () -- C:\Windows\System32\MemWarp.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/04/29 03:34:26 | 000,487,424 | -H-- | C] () -- C:\Windows\System32\INT15.dll
[2009/04/02 01:14:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/02/07 21:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,655,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,605,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,342 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/10 07:15:04 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Absolute Poker
[2011/06/28 17:20:51 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AnvSoft
[2010/10/17 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVG10
[2011/05/26 16:51:59 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/16 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/27 15:03:58 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Frontier
[2010/07/05 15:12:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Ideazon
[2009/09/03 09:46:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicNet
[2011/11/09 15:01:32 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\uTorrent
[2011/11/11 12:13:29 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/11/09 14:11:33 | 000,025,295 | ---- | M] () -- C:\aaw7boot.log
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/06/05 22:11:59 | 000,000,000 | ---- | M] () -- C:\BnetLog.txt
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/04/02 01:36:48 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/11/11 13:09:06 | 000,068,717 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/03/10 20:20:52 | 000,799,352 | ---- | M] () -- C:\D2XP_IX86_112a_113c.mpq
[2011/03/10 12:43:09 | 000,000,714 | ---- | M] () -- C:\deltaStartup.log
[2011/08/10 19:52:05 | 000,000,592 | ---- | M] () -- C:\dlbk.log
[2011/08/08 11:55:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/04/02 02:26:35 | 000,000,165 | ---- | M] () -- C:\Labelprint.log
[2011/08/08 11:55:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/11 13:02:08 | 3265,802,240 | -HS- | M] () -- C:\pagefile.sys
[2009/04/29 03:36:20 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2009/04/02 02:17:05 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2011/11/11 09:44:54 | 000,000,583 | ---- | M] () -- C:\rkill.log
[2011/11/11 09:45:20 | 000,000,583 | ---- | M] () -- C:\rkillscan.txt
[2011/11/11 09:35:07 | 000,074,470 | ---- | M] () -- C:\TDSSKiller.2.6.18.0_11.11.2011_09.34.22_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/06/13 16:52:10 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/05 00:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/09 12:08:35 | 000,000,082 | -HS- | M] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/10 13:26:40 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\5g1vz0ux.exe
[2011/11/10 21:46:11 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kyle\Desktop\boot_cleaner.exe
[2011/11/10 21:20:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kyle\Desktop\HijackThis.exe
[2011/11/11 09:33:18 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\kdiddy.exe
[2011/11/11 09:32:41 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\kMlBwR.exe
[2011/11/11 11:40:26 | 004,289,973 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\kylel.exe
[2011/11/11 13:43:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/11/09 13:40:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/11/09 13:40:47 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/01 11:44:07 | 000,000,402 | -HS- | M] () -- C:\Users\Kyle\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/11/09 09:28:26 | 000,000,344 | ---- | M] () -- C:\ProgramData\1QrzVQxl0OlX6o
[2011/07/25 11:53:15 | 000,010,848 | -HS- | M] () -- C:\ProgramData\c63i8t33o0unv8374i4802e6m8e5p61syff1omht4mu7
[2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\demo.exe
[2011/08/18 08:59:17 | 000,012,360 | -HS- | M] () -- C:\ProgramData\fr5abntx7221up83m1u16qhnsp5ej888x45684u513dw
[2011/05/12 11:25:08 | 000,011,322 | -HS- | M] () -- C:\ProgramData\lnyr821l053312
[2011/11/10 22:40:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\qmev.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\qunm.exe
[2011/07/25 07:56:24 | 000,000,000 | ---- | M] () -- C:\ProgramData\xmfu.exe
[2011/11/09 09:28:30 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6o
[2011/11/09 09:28:30 | 000,000,224 | ---- | M] () -- C:\ProgramData\~1QrzVQxl0OlX6or

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >

OTL Extras logfile created on: 11/11/2011 1:45:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kyle\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 50.57% Memory free
5.73 Gb Paging File | 4.49 Gb Available in Paging File | 78.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.09 Gb Total Space | 115.56 Gb Free Space | 40.54% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DECFC3D-4F0B-41B0-83D8-C50728D51C99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C31C8D3-630B-4C48-8230-78791615F79F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1DA2DE6D-5322-4E58-B31D-55DB579733B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1F123CA9-4DEF-4093-AFF0-717762C54C4B}" = rport=137 | protocol=17 | dir=out | app=system |
"{2AA7F304-84A2-4C1A-BDBA-434A4F467DB8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{347BF381-F3FC-45AE-9305-B15BC358912C}" = rport=138 | protocol=17 | dir=out | app=system |
"{34C7C91D-3B89-4234-BE78-01523AC2126B}" = rport=139 | protocol=6 | dir=out | app=system |
"{39206CEB-BD22-4431-847E-582C432B1C74}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F3415A7-19D8-4591-941B-C62F79FA6D9E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{4FD6C5D3-01C6-4D46-A7FA-8C69CEA57E20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{53832D76-F6AD-41AA-9933-66F29A6AF72C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{594992BB-544B-4736-A215-3A7D9C7EABC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{64B23B48-AEE2-4343-8814-F8700375E11F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{929B5E37-001E-44CD-BBEB-D968134D3FF9}" = lport=138 | protocol=17 | dir=in | app=system |
"{985D2E51-A24D-46E5-B2D8-83426EC283E5}" = lport=54781 | protocol=6 | dir=in | name=akamai netsession interface |
"{99732168-B93E-4F45-A5CA-EF50F70658A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A551E6A7-4118-4303-B3A2-50E838C49F80}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFCB91F0-6AEB-41AA-B57F-E48CBA15FB73}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AFF95373-1F35-44AD-8A56-215C501CB30A}" = lport=445 | protocol=6 | dir=in | app=system |
"{B87C32C2-C744-4627-95F6-D350982691C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9CEA22D-BF15-4839-A3F0-B593058950F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE9291D7-D501-40A3-B99E-1C6ECF39816C}" = lport=137 | protocol=17 | dir=in | app=system |
"{CFBDC2EA-42FA-4C88-B359-FC22DEF8AE09}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D5A42123-8FF6-42E6-8B92-A787E4DA6FED}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04DCF5E3-7BC1-4DAC-A133-1046F1C081AF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0B683A0A-F376-405E-A849-A1D72886F623}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10EF263B-46BE-4885-8AE9-457242F3F192}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{15847D6F-9E65-4C13-BE9D-76E42ADCEA73}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{18158FB9-950E-491D-81E3-CC28332701F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{235F293A-3D53-4D17-8A07-66CC71DE3462}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41CA2E25-C7C8-4284-8AC4-923B003AA7A6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{42626298-5EE0-4A88-B0C2-CBEFD47C9E55}" = protocol=6 | dir=out | app=system |
"{44E91014-55E9-41E5-A5A0-D474C32F49D7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{492FFF33-F0D2-4623-9F54-C17BD5AF27CB}" = protocol=58 | dir=in | app=system |
"{4EE9FE62-B5BF-4F49-9AAF-EC471EFE4E9A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{64223E77-6ED1-4714-BD39-1B9F3869E436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68B0BA6E-65DC-4C2C-A4AA-C66285C229D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AC4DDEA-9D61-46FA-9184-CE17126A3FA3}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{77024735-C796-436F-B803-D31030F881BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{79E3DFA0-9827-47E7-BE9A-AA017B70903D}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"{7A3C95F0-6DE2-4539-89C5-BBFD4A1386BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B1D2E4F-99DC-4724-AF1D-61796967B9A3}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{7B6E33FC-AF7E-4F1C-AF76-FFD77E92B6F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{808C94F0-061E-42F9-98C9-BB68425C5A8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{896C45A6-B8D9-4157-ABE8-BC4A2F5FEDEA}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{9284414C-2E18-4D34-9D5C-32066A68EDF5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{92F61E6C-0C39-481B-94D1-33D12CF61B86}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97296A2F-0FA7-46EB-8CEB-B40C78D4DE5F}" = protocol=17 | dir=in | app=c:\program files\frontier\servicepoint\servicepointservice.exe |
"{99E5D379-A1EF-4F15-891D-0FF87804415B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9AA72F54-BD08-45A5-95F1-F6FAC87EC04C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{9DB04673-0893-43D7-BE11-11B9AF6E4842}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F66CDF5-30D9-447E-9E24-710281E70500}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5825243-35E8-45EA-940F-D7D87E5ED17C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B1236E7C-5462-4155-A55B-32BAB4896DB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B376A2C4-426C-4B18-ACA5-8C5847E388C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCE2B87B-CA1C-4BE1-98F4-68E1F83C338D}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{C3F912E6-AAF4-4CCF-945B-70E811DD54F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C4D6538F-35B3-4812-9ED0-CCA30A1921E6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{D393D493-933B-45C7-884D-C93BD67223C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4C054A6-72E1-41F8-8B7D-3FCC1467C612}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E3179F04-FF2D-45EC-9614-77A31F6D4F63}" = protocol=6 | dir=in | app=c:\program files\frontier\servicepoint\servicepointservice.exe |
"{E3B8FB1E-FA82-4612-9BA2-B5BC51390639}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E880D944-D6EE-4294-8AF6-4B4CDFA797F0}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{ECD9C850-C377-45F5-AF6A-98A63E215AD5}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"{ED83F534-B87F-4AE4-9AA6-873FECEC6EEA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F13BEEC9-84B1-4791-8F2F-0938E8F05F3C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0BD4E486-2144-440F-BB06-39058BBD894A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{5F8B575C-9CE0-45B0-AFCB-856216AD83BB}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{81C91D79-1587-418B-8697-315F3746825D}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{8CA8BE03-0417-4E9A-8C1A-26D85BC6F2B1}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{AA2B1EFC-0DB5-41C5-A137-74C29EBE2EED}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{AB95B8DE-F63D-4F5F-BB24-BEA405E92A4B}C:\program files\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"TCP Query User{B1BB5C86-9C25-4468-BD2B-29564E912FAA}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"TCP Query User{BA255BE3-30B8-4440-BDFF-ED932E871DF9}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{D5C33B27-A79C-432E-A1AE-704F95EC70E4}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{12296E3C-1287-4D2F-90B8-64C75E518957}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{4BA8952A-3383-48AF-BE47-2CA40B7B6AD2}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"UDP Query User{589F253A-BB4A-45AC-A099-D9FD6BA1299B}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{83A41E23-04B9-4BE8-A4FC-16EC86233F01}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{B99296DA-285A-445C-B306-335FD96A2229}C:\program files\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{C3CFD380-4089-4991-A39F-BE2395210EB7}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{F0748859-CB3C-44D9-B915-9C90C7973D8E}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{F14674DE-4303-48B4-B227-86AD7CDFC615}C:\program files\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"UDP Query User{F97F2195-CD1A-41E9-9850-8A8CC39A526A}C:\program files\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base18574\sc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EBF21B6-FDBD-4149-86B5-46597943A7DC}" = RPS RpsCore
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.22
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50A8A0BD-0A25-4D42-BA55-6BE0318EF5DB}" = RPS PerfectDiskStub
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{71560926-55A4-4FCA-AF51-C10C3C81B2AD}" = RPS CRT
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FBBED4BA-6BC6-47F2-B1F1-2E7064B425BA}" = Frontier Security Services
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Any Video Converter_is1" = Any Video Converter 3.2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.72 Full
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RadialpointClientGateway_is1" = Frontier Servicepoint 3.7.44
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3796973002-2924953103-1194441024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"Charter Browser Updater" = Charter Browser Updater
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2011 8:47:27 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:47:27 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:30 AM | Computer Name = Kyle-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/10/2011 8:56:34 AM | Computer Name = Kyle-PC | Source = EventSystem | ID = 4609
Description =

[ System Events ]
Error - 11/11/2011 10:58:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 11:08:54 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 11:45:22 AM | Computer Name = Kyle-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk1\DR8, has a bad block.

Error - 11/11/2011 12:41:45 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 12:47:13 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 11/11/2011 12:51:53 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 1:03:11 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 1:13:06 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 1:13:13 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/11/2011 2:03:48 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

I ran that before restarting, hope that doesn't mess it up...

Oh yeah, and the computer seems to be running much better... Seems to be running programs at normal speed again, and havent had any popups or random sound files playing in the background anymore as of right now!