Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bug Check 0x7F: UNEXPECTED_KERNEL_MODE_TRAP


  • This topic is locked This topic is locked
60 replies to this topic

#1 stetch

stetch

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 03 September 2010 - 06:14 PM

This is a thread move/continuation from another forum- linked here - http://www.bleepingcomputer.com/forums/ind...p;#entry1916824

Quick Summary: I am getting BSODs, that seem to come from file accessing.
- Win 7
- Asus P6x58D
- 6 gigs OCR 1600 ram - tried running at slow speeds too, and tried running 1 stick at a time - unless all bad, it isn't the mem itself
- 2 x nVidea 9800GTX + cards running in SLI (also tried using individual cards)
- Ran windows 7 mem test successfully
- Ran Checkdisk on main drive

run Norton 360 all the time.



Attached are the DDS and Attach logs for running in both in safe and 'unsafe' mode...

Any help would be greatly appreciated. I tried to run the GMER and it gave me an unable to find a system file.

Something else I forgot to mention (I suck, I know.) --- the system is definitely more stable in Safe mode. I had been focusing on drivers (out of sheer hope that I wouldn't have to replace hardware) before I came here.

The bedazzling part for me is when the bios tools flip out. That is so outside of Windows that it scares me. But I suppose Malware/viruses could impact the bios.

I'll patiently wait now. Just trying to post things I think of that I forgot to give you already.

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 04 September 2010 - 06:59 AM.


BC AdBot (Login to Remove)

 


#2 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 08 September 2010 - 10:35 PM

fyi- if someone posts for me to do something in the next few days, I am not ignoring you, I am leaving town for a few. Hope to see some good news/ideas when I get back.

Ciao!



#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 PM

Posted 13 September 2010 - 03:56 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 13 September 2010 - 06:59 PM

Thank you Elise.

I described the problem previously, in this post and the previous linked thread, but the very short version is I get frequent BSOD, especially when accessing the file system in Explorer.

Posted below are my two OTL files:


=====================================================================================
OTListIt.txt
=====================================================================================

OTL logfile created on: 9/13/2010 4:54:17 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 376.49 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 65.91 Gb Free Space | 35.38% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRICKBEAST
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 16:53:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
PRC - [2010/07/25 18:42:05 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/25 18:42:05 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/09 12:04:34 | 003,493,776 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\Xfire.exe
PRC - [2010/06/30 00:42:36 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/03/01 23:09:48 | 006,074,368 | ---- | M] () -- C:\Development\php\MySQL51\bin\mysqld.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2009/10/02 17:26:44 | 005,516,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV\TurboV.exe
PRC - [2009/08/19 16:44:56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
PRC - [2009/08/19 04:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) -- C:\ASUS.SYS\CONFIG\DVMExportService.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 16:53:55 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL.exe
MOD - [2010/07/09 12:04:44 | 000,970,640 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire\xfire_toucan_43094.dll
MOD - [2009/07/13 18:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wsock32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2007/09/11 23:05:14 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\downloads\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/09 09:53:06 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/30 00:42:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/03 18:42:00 | 000,159,336 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nvvsvc.exe -- (nvsvc)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 23:09:48 | 006,074,368 | ---- | M] () [Auto | Running] -- C:\Development\php\MySQL51\bin\mysqld.exe -- (MySQL_ZendServer51)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/01/08 00:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/08/19 04:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/24 12:36:36 | 000,319,488 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\ASUS.SYS\CONFIG\DVMExportService.exe -- (MDES)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/23 11:39:47 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/17 01:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/01/22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/08/30 23:44:11 | 001,791,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100908.002\EX64.SYS -- (NAVEX15)
DRV - [2010/08/30 23:44:11 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/08/30 23:44:11 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/30 23:44:11 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100908.002\ENG64.SYS -- (NAVENG)
DRV - [2010/08/10 01:16:24 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/28 12:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100906.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 4F 49 B0 2D 22 CB 01 [binary data]
IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/05/25 16:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/17 11:54:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_1.2.2.2\coFFFw\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/07/25 18:42:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/30 10:12:02 | 000,000,000 | ---D | M]

[2010/03/17 14:56:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/09/08 08:46:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9w453qcv.default\extensions
[2010/07/29 08:16:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9w453qcv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/23 19:02:17 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9w453qcv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/05/18 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\9w453qcv.default\extensions\DeviceDetection@logitech.com
[2010/09/08 08:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/13 10:41:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/31 11:30:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/19 14:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/08/31 11:30:35 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 14:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboV] C:\Program Files\ASUS\TurboV\TurboV.exe (ASUSTeK Computer Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1219982701-426981348-1213289519-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1219982701-426981348-1213289519-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/06 12:46:15 | 000,000,050 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/08 19:38:30 | 000,000,424 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{61c012d9-52af-11df-952c-485b390922c6}\Shell - "" = AutoRun
O33 - MountPoints2\{61c012d9-52af-11df-952c-485b390922c6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/03 13:25:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\thumbdrive
[2010/09/02 14:13:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\WORK
[2010/08/31 11:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2010/08/30 17:58:05 | 000,000,000 | R-SD | C] -- C:\Users\Steve\Documents\My Stationery
[2010/08/30 17:30:24 | 000,000,000 | ---D | C] -- C:\Marvell9123_Controller_1001036-WHQL
[2010/08/30 13:51:06 | 000,000,000 | ---D | C] -- C:\P6X58D-PREMIUM-ASUS-0904
[2010/08/30 13:47:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Download Manager
[2010/08/30 10:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/30 10:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/08/30 10:43:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/08/30 10:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/08/30 10:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/08/30 10:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/08/30 10:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Tific
[2010/08/30 10:14:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Symantec
[2010/08/30 08:49:21 | 000,000,000 | ---D | C] -- C:\vslick
[2010/08/25 10:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2010/08/22 20:35:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\BTroopers
[2010/08/21 10:12:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Google
[2010/08/21 10:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/08/14 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Samsung
[2010/08/14 22:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010/08/14 22:57:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Samsung
[2010/08/14 22:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010/08/14 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2010/08/14 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2010/08/14 20:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2010/08/13 03:01:08 | 000,000,000 | ---D | C] -- C:\91b0a911f025dca2a1e7
[2010/08/12 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Winamp
[2010/08/12 17:34:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\devil_went_down
[2010/08/07 18:45:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/08/07 11:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2010/08/06 08:10:11 | 000,000,000 | R--D | C] -- C:\Users\Steve\Documents\My Dropbox
[2010/08/06 08:07:01 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Dropbox
[2010/08/06 00:49:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010/08/06 00:39:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2010/08/06 00:00:26 | 000,000,000 | ---D | C] -- C:\Windows\D56B0E274A3E46C9B5C1D93D580C099C.TMP
[2010/08/05 23:55:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\Borderlands_Worldwide_Update_PC1.31
[2010/08/03 06:22:42 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2010/07/31 18:34:01 | 000,000,000 | ---D | C] -- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
[2010/07/31 18:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/07/31 17:39:08 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/31 17:39:08 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/31 15:50:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\NVIDIA
[2010/07/30 07:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/30 07:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/30 07:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/07/29 17:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Roblox
[2010/07/29 17:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roblox
[2010/07/29 08:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/07/29 08:15:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Yahoo!
[2010/07/21 21:11:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Mumble
[2010/07/21 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2010/07/21 18:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/13 10:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/07/13 10:37:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/07/13 09:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/13 09:44:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Apple Computer
[2010/07/13 09:44:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apple Computer
[2010/07/13 09:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/07/13 09:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/07/13 09:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/07/13 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apple
[2010/07/13 09:29:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/07/13 09:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/07/13 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/13 09:29:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/07/13 09:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/06/29 20:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtime Worlds
[2010/06/27 08:17:01 | 000,189,976 | ---- | C] (MyFamily.com, Inc.) -- C:\Windows\SysWow64\mfimgvwr.ocx
[2010/06/27 08:16:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MFInstall
[2010/06/24 08:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/24 08:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/06/22 11:08:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2010/06/22 11:08:29 | 000,000,000 | ---D | C] -- C:\Users\Steve\.thumbnails
[2010/06/22 11:07:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\gegl-0.0
[2010/06/22 11:07:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\.gimp-2.6
[2010/06/22 11:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2010/06/21 14:29:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\CANON INC
[2010/06/18 10:38:25 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/06/18 10:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2010/06/18 10:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2010/06/18 10:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2010/06/18 10:07:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Uniblue
[2010/06/18 10:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010/06/17 22:18:50 | 000,000,000 | ---D | C] -- C:\Windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
[2010/06/17 22:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/06/17 22:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/06/17 22:03:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SystemRequirementsLab
[2010/06/17 13:23:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Vikingworks
[2010/06/17 13:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOC UI Installer 3.0
[2010/06/17 12:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VikingWorks
[2010/06/17 12:23:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\Documents\aoc_ui
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steve\*.tmp files -> C:\Users\Steve\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/13 16:56:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/13 16:56:51 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/13 16:56:51 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/13 16:50:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/13 16:50:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/13 16:50:44 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 20:28:28 | 000,000,038 | ---- | M] () -- C:\dvmaccounts.ini
[2010/09/08 20:24:45 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/09/08 20:22:59 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 20:22:59 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/08 20:11:07 | 003,670,016 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/09/08 19:46:51 | 000,512,801 | ---- | M] () -- C:\Windows\SysWow64\N360 Backup - #4.2.0.0.0.v01
[2010/09/08 19:46:49 | 056,546,970 | ---- | M] () -- C:\Windows\SysWow64\N360 Backup - #4.m01
[2010/09/08 19:46:49 | 014,318,466 | ---- | M] () -- C:\Windows\SysWow64\N360 Backup - #4.f01
[2010/09/08 19:46:49 | 001,743,360 | ---- | M] () -- C:\Windows\SysWow64\N360 Backup - #4.i01
[2010/09/08 19:46:49 | 000,067,604 | ---- | M] () -- C:\Windows\SysWow64\N360 Backup - #4.vol
[2010/09/08 10:24:46 | 000,785,644 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/09/05 21:01:32 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010/09/05 21:01:32 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/31 04:05:56 | 000,367,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/30 17:27:57 | 428,797,816 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/30 13:50:22 | 001,342,686 | ---- | M] () -- C:\Marvell9123_Controller_1001036-WHQL.zip
[2010/08/30 13:49:29 | 007,533,408 | ---- | M] () -- C:\NEC_USB3_V10190_XpVistaWin7.zip
[2010/08/30 13:48:04 | 000,966,122 | ---- | M] () -- C:\P6X58D-PREMIUM-ASUS-0904.zip
[2010/08/30 10:45:03 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{6665b831-b458-11df-8be4-ff734eb35cd7}.TMContainer00000000000000000002.regtrans-ms
[2010/08/30 10:45:03 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{6665b831-b458-11df-8be4-ff734eb35cd7}.TMContainer00000000000000000001.regtrans-ms
[2010/08/30 10:45:03 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{6665b831-b458-11df-8be4-ff734eb35cd7}.TM.blf
[2010/08/30 10:43:36 | 000,000,020 | ---- | M] () -- C:\Windows\Hø@
[2010/08/14 23:09:48 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{275e0f93-a6f8-11df-b965-485b390922c6}.TMContainer00000000000000000002.regtrans-ms
[2010/08/14 23:09:48 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{275e0f93-a6f8-11df-b965-485b390922c6}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 23:09:48 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\NTUSER.DAT{275e0f93-a6f8-11df-b965-485b390922c6}.TM.blf
[2010/08/14 22:50:33 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/08/13 14:30:15 | 000,011,796 | ---- | M] () -- C:\Users\Steve\Desktop\shoppinglist_9_13_10.pdf
[2010/08/07 11:28:07 | 000,001,057 | ---- | M] () -- C:\Users\Steve\Desktop\My Music Tools.lnk
[2010/08/06 08:26:23 | 000,024,594 | ---- | M] () -- C:\Users\Steve\Documents\contacts_trimmed.xsl.xlsx
[2010/08/06 08:10:11 | 000,001,049 | ---- | M] () -- C:\Users\Steve\Desktop\Dropbox.lnk
[2010/08/06 08:10:11 | 000,001,029 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/07/29 08:15:40 | 000,001,168 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/21 21:14:18 | 000,002,378 | ---- | M] () -- C:\Users\Steve\Documents\MumbleAutomaticCertificateBackup.p12
[2010/07/20 14:42:01 | 000,007,596 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2010/07/16 17:14:52 | 000,019,540 | ---- | M] () -- C:\Users\Steve\Documents\VMWare_Questions.docx
[2010/07/09 15:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010/07/09 15:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010/07/09 15:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010/07/09 12:04:40 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 12:04:40 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/06/30 00:42:36 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/06/23 11:39:47 | 000,173,616 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/06/23 11:39:47 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/06/23 11:39:47 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/06/22 11:14:00 | 000,000,856 | ---- | M] () -- C:\Users\Steve\.recently-used.xbel
[2010/06/22 11:07:00 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/17 13:21:18 | 000,003,049 | ---- | M] () -- C:\Users\Steve\Desktop\AOC UI Installer 3.0.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Steve\*.tmp files -> C:\Users\Steve\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/08 19:46:49 | 000,512,801 | ---- | C] () -- C:\Windows\SysWow64\N360 Backup - #4.2.0.0.0.v01
[2010/09/08 19:38:29 | 056,546,970 | ---- | C] () -- C:\Windows\SysWow64\N360 Backup - #4.m01
[2010/09/08 19:38:29 | 014,318,466 | ---- | C] () -- C:\Windows\SysWow64\N360 Backup - #4.f01
[2010/09/08 19:38:29 | 001,743,360 | ---- | C] () -- C:\Windows\SysWow64\N360 Backup - #4.i01
[2010/09/08 19:38:29 | 000,067,604 | ---- | C] () -- C:\Windows\SysWow64\N360 Backup - #4.vol
[2010/08/31 04:08:11 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Startup.cpl
[2010/08/30 13:50:20 | 001,342,686 | ---- | C] () -- C:\Marvell9123_Controller_1001036-WHQL.zip
[2010/08/30 13:49:02 | 007,533,408 | ---- | C] () -- C:\NEC_USB3_V10190_XpVistaWin7.zip
[2010/08/30 13:48:01 | 000,966,122 | ---- | C] () -- C:\P6X58D-PREMIUM-ASUS-0904.zip
[2010/08/30 10:43:35 | 000,000,020 | ---- | C] () -- C:\Windows\Hø@
[2010/08/30 10:13:59 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{6665b831-b458-11df-8be4-ff734eb35cd7}.TMContainer00000000000000000002.regtrans-ms
[2010/08/30 10:13:59 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{6665b831-b458-11df-8be4-ff734eb35cd7}.TMContainer00000000000000000001.regtrans-ms
[2010/08/30 10:13:59 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\ntuser.dat{6665b831-b458-11df-8be4-ff734eb35cd7}.TM.blf
[2010/08/14 22:49:45 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2010/08/13 14:30:15 | 000,011,796 | ---- | C] () -- C:\Users\Steve\Desktop\shoppinglist_9_13_10.pdf
[2010/08/13 11:14:03 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT{275e0f93-a6f8-11df-b965-485b390922c6}.TMContainer00000000000000000002.regtrans-ms
[2010/08/13 11:14:03 | 000,524,288 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT{275e0f93-a6f8-11df-b965-485b390922c6}.TMContainer00000000000000000001.regtrans-ms
[2010/08/13 11:14:03 | 000,065,536 | -HS- | C] () -- C:\Users\Steve\NTUSER.DAT{275e0f93-a6f8-11df-b965-485b390922c6}.TM.blf
[2010/08/07 11:28:07 | 000,001,057 | ---- | C] () -- C:\Users\Steve\Desktop\My Music Tools.lnk
[2010/08/06 08:10:11 | 000,001,049 | ---- | C] () -- C:\Users\Steve\Desktop\Dropbox.lnk
[2010/08/06 08:10:11 | 000,001,029 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010/07/29 08:15:39 | 000,001,168 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/07/21 21:14:18 | 000,002,378 | ---- | C] () -- C:\Users\Steve\Documents\MumbleAutomaticCertificateBackup.p12
[2010/07/20 14:42:01 | 000,007,596 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2010/07/16 17:03:46 | 000,019,540 | ---- | C] () -- C:\Users\Steve\Documents\VMWare_Questions.docx
[2010/07/09 12:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010/07/09 12:04:40 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010/06/30 00:42:35 | 002,444,656 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/22 11:14:00 | 000,000,856 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2010/06/22 11:07:00 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2010/06/17 12:49:37 | 000,003,049 | ---- | C] () -- C:\Users\Steve\Desktop\AOC UI Installer 3.0.lnk
[2010/05/25 10:51:41 | 000,000,236 | ---- | C] () -- C:\Windows\Sierra.ini
[2010/04/24 13:04:10 | 000,007,168 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/17 11:31:28 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010/03/17 11:31:28 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010/03/17 11:31:23 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010/03/17 11:31:23 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010/03/17 11:25:14 | 000,035,305 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010/03/17 11:24:39 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/17 11:24:34 | 000,024,193 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/04/02 05:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/12/01 18:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

========== LOP Check ==========

[2010/04/01 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\Nik\AppData\Roaming\Avery
[2010/03/22 14:16:27 | 000,000,000 | ---D | M] -- C:\Users\Nik\AppData\Roaming\com.adobe.example.FitInYourSkin.16E50DF6DA84FAA2CD818623D4F8D4AF52127046.1
[2010/05/25 10:35:17 | 000,000,000 | ---D | M] -- C:\Users\Nik\AppData\Roaming\Sierra
[2010/09/13 16:51:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dropbox
[2010/03/18 11:54:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Folding@home-x86
[2010/06/22 11:14:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2010/08/26 20:50:23 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mumble
[2010/05/14 14:02:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Need for Speed World
[2010/05/14 14:02:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Need for Speed World Online
[2010/08/30 09:41:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Samsung
[2010/06/17 22:03:42 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SystemRequirementsLab
[2010/08/30 10:14:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Tific
[2010/06/18 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Uniblue
[2010/09/02 14:10:25 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >



=====================================================================================
Extra.txt
=====================================================================================

OTL Extras logfile created on: 9/13/2010 4:54:17 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 376.49 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 65.91 Gb Free Space | 35.38% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRICKBEAST
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js[@ = JSFile] -- C:\development\RadRails\AptanaRadRails.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\development\RadRails\AptanaRadRails.exe ()

[HKEY_USERS\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\development\RadRails\AptanaRadRails.exe" "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\development\RadRails\AptanaRadRails.exe" "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{136E7A33-97D9-435C-BFDE-6A1327F2C235}" = MySQL Server 5.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A36AA25-D700-4343-9078-2C5EDEA79AB3}" = AOC UI Installer 3.0
"{1AA8E1F9-08EB-8A8A-09A0-B349E41E68A4}" = FitInYourSkin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32394A59-A39C-4C90-A9A5-F16B0C7442E1}" = Express Gate Tools
"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54F073B8-7E88-45FE-9648-61F77EC02E0D}" = Freedom Art Collection
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}" =
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BA94B525-1469-4E00-AFE4-50ADEB8B3993}_is1" = LaCie Network Assistant 1.4.1.35
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}" = Holiday Art Collection
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Conan_is1" = Age of Conan - Hyborian Adventures
"APB North America" = APB North America
"Aptana RadRails" = Aptana RadRails
"CameraUserGuide-PSA480" = Canon PowerShot A480 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.example.FitInYourSkin.16E50DF6DA84FAA2CD818623D4F8D4AF52127046.1" = FitInYourSkin
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Guild Wars" = Guild Wars
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MagniDriver" = marvell 91xx driver
"Marvell Miniport Driver" = Marvell Miniport Driver
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mumble" = Mumble and Murmur
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360 Premier Edition
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Print Artist 2003" = Print Artist 2003
"PunkBusterSvc" = PunkBuster Services
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"Steam App 17050" = Global Agenda - Demo
"Steam App 33310" = R.U.S.E. Beta
"Steam App 49900" = Plain Sight
"Steam App 630" = Alien Swarm
"SystemRequirementsLab" = System Requirements Lab
"Text Twist 2" = Text Twist 2 (remove only)
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1219982701-426981348-1213289519-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11233A17-BFFC-434A-8FC8-2E93369AF008}_is1" = Ruby 1.9.1-p378
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2010 3:51:12 AM | Computer Name = BrickBeast | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/1/2010 3:51:12 AM | Computer Name = BrickBeast | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15413

Error - 9/1/2010 3:51:12 AM | Computer Name = BrickBeast | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15413

Error - 9/1/2010 3:51:13 AM | Computer Name = BrickBeast | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/1/2010 3:51:13 AM | Computer Name = BrickBeast | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16427

Error - 9/1/2010 3:51:13 AM | Computer Name = BrickBeast | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16427

Error - 9/2/2010 11:36:36 AM | Computer Name = BrickBeast | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/2/2010 11:37:07 AM | Computer Name = BrickBeast | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/2/2010 5:13:13 PM | Computer Name = BrickBeast | Source = Software Protection Platform Service | ID = 1001
Description = The Software Protection service failed to start. 0x80070002 6.1.7600.16385

Error - 9/8/2010 11:37:04 AM | Computer Name = BrickBeast | Source = Application Error | ID = 1000
Description = Faulting application name: YahooMessenger.exe, version: 10.0.0.1270,
time stamp: 0x4c053ffe Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x50e16149 Faulting process id:
0xaa4 Faulting application start time: 0x01cb4f6b86f8792a Faulting application path:
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe Faulting module path:
unknown Report Id: edef2fdf-bb5e-11df-8eed-485b390922c6


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#5 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 13 September 2010 - 07:43 PM

Hi again-- I am unable to run Rootkitunhooker-- I get the Following error (see attachment for error), any ideas?


(I had to run this in safe mode, if that is a problem, but I believe I tried this last time and had the same errors reguardless of whether in safe or not mode)

Attached Files


Edited by stetch, 13 September 2010 - 07:44 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 PM

Posted 14 September 2010 - 05:17 AM

Hello again,

Please rerun OTL, copy/paste the following text into the "custom scan/fix" field and click the NONE button. Then click Run Scan. Post me the resulting log.
CODE
/md5start
explorer.exe
wininit.exe
hlp.dat
/md5stop




MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 September 2010 - 10:27 AM

OTL:


OTL logfile created on: 9/14/2010 8:21:15 AM - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 376.55 Gb Free Space | 40.42% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 65.91 Gb Free Space | 35.38% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BRICKBEAST
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >
[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< End of report >


#8 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 September 2010 - 10:31 AM

just fyi, I see it saying AMD64_ on the file names above, I am running an intel chipset... ? Full scan is running now. it has found 3 objects infected already.

#9 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 September 2010 - 10:50 AM

ok, it is getting tough to finish this without a crash, I may have to run this in safe mode, is that ok?

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 PM

Posted 14 September 2010 - 10:52 AM

Hi, the AMD64 part in the filename is related to windows, not to your chipset. Its part of a foldername where windows stores filecopies that belong to the 64 bit part of the OS.

I will wait for the scan results.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 September 2010 - 12:53 PM

Mal log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4613

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

9/14/2010 10:51:36 AM
mbam-log-2010-09-14 (10-51-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 766476
Time elapsed: 1 hour(s), 51 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files (x86)\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
D:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.


#12 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 September 2010 - 01:03 PM

Just FYI- on reboot, I did get a crash shortly after, so there is still a problem.

I ran the product initially on safe mode (to complete), I can try running again from the non-safe mode till I can get it to work without crashing... Trying again

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 PM

Posted 14 September 2010 - 01:07 PM

Please click Start > Programs > Accessories, right click on Command Prompt and select "run as administrator".

Type chkdsk /r and press enter. Type Y to schedule the disk check for next reboot. Restart your computer and let the disk check run unhindered.

When done, please let me know if you notice any improvement.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 stetch

stetch
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 14 September 2010 - 01:09 PM

will do, that usually takes an hour or so. Thanks for the quick reply.

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,080 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:11 PM

Posted 14 September 2010 - 03:13 PM

Okay, please keep me posted. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users