Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Malware - cqg.exe


  • This topic is locked This topic is locked
2 replies to this topic

#1 KevinS.W.

KevinS.W.

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:49 AM

Posted 27 September 2010 - 12:47 PM

Hello,
I am getting an error message popup that reads, "GoldS has stopped working," and when I expand the detail, it tells me the underlying application is cqg.exe, which I believe is malware. I have run OTL and DDS and posted the logs below. Any help would be appreciated.
Thanks
Kevin
-------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 9/27/2010 1:17:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kevin\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 94.29 Gb Free Space | 32.99% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 0.30 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVIN-PC
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/27 13:15:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
PRC - [2010/09/26 11:51:59 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/09/26 11:51:18 | 000,405,672 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010/09/26 11:51:15 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/09/26 11:51:10 | 000,337,064 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010/09/26 11:51:08 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/26 11:51:06 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/14 18:59:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/14 18:59:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/19 08:46:42 | 003,512,120 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/31 20:45:41 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/07/07 01:49:08 | 004,679,096 | ---- | M] () -- C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
PRC - [2010/06/16 14:12:17 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/05/28 10:33:44 | 000,447,952 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/04/02 16:19:32 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/02/01 18:33:50 | 000,087,336 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\NServiceEntry.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe


========== Modules (SafeList) ==========

MOD - [2010/09/27 13:15:53 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/26 11:51:59 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/26 11:51:18 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/09/26 11:51:10 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/09/26 11:51:08 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/02 16:19:36 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/09 15:01:48 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/01 18:33:50 | 000,087,336 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2009/08/07 12:43:04 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/12 15:29:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2010/09/26 11:52:32 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/09/26 11:52:32 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/09/26 11:52:30 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/01/15 16:55:08 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/23 19:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/07/13 18:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/07/13 18:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (androidusb)
DRV - [2009/07/08 00:45:32 | 002,506,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/05/08 12:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/03/27 02:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008/06/02 11:44:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/09/28 14:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2004/03/25 20:37:08 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2004/03/25 20:36:48 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.1
FF - prefs.js..extensions.enabledItems: {1cff04ef-0c75-4621-ba2a-2efb77346996}:2.3
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.6
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}:0.5
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.6
FF - prefs.js..extensions.enabledItems: firefox@meebo.com:1.1
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: sendtophone@martinezdelizarrondo.com:1.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/10/22 19:07:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/24 17:41:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/24 17:41:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/17 21:36:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/28 22:59:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2010/01/28 22:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/27 12:54:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions
[2010/02/02 21:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
[2010/04/29 10:41:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 14:42:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/26 14:11:34 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/09/04 20:17:09 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406}
[2010/09/06 20:44:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/27 13:37:07 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/09/04 20:17:38 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/09/04 20:16:57 | 000,000,000 | ---D | M] (Diigo Bookmarks and Web Annotations) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2010/04/24 09:38:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\amznUWL@amazon.com
[2009/10/22 19:24:45 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\elemhidehelper@adblockplus.org
[2009/12/20 22:35:18 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\firefox@meebo.com
[2010/03/12 09:40:03 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\googletube@googletube.com
[2010/04/06 21:38:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\isreaditlater@ideashower.com
[2009/10/22 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\reader_plugin@ebrary.com
[2010/09/04 20:17:20 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\sendtophone@martinezdelizarrondo.com
[2010/09/04 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\extensions\smarterwiki@wikiatic.com
[2010/01/29 00:13:27 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla\Sunbird\Profiles\rbkfurc2.default\extensions
[2010/09/27 12:54:39 | 000,002,533 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2v3kctnx.default\searchplugins\diigo--google.xml
[2010/09/27 12:54:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 13:35:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 15:16:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2009/11/04 21:32:22 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2961634351-3576963700-353583735-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2961634351-3576963700-353583735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.com.ezproxy.fielding.ed...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://tradeking.webex.com/client/T27LB/event/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://docs.che.org/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\6.0.472.63\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 11:57:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Avira
[2010/09/26 11:54:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/09/26 11:54:33 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/09/26 11:54:33 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/09/26 11:54:33 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/09/26 11:54:33 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/09/26 11:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/26 11:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/26 10:42:49 | 000,073,216 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/09/26 10:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/09/26 10:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/09/25 22:06:02 | 000,230,400 | ---- | C] (Alexander Roshal) -- C:\Windows\Gjejua.exe
[2010/09/15 23:08:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/09/14 15:24:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/14 15:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/11 19:45:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Downloads
[2010/09/04 12:24:08 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010/09/04 12:22:17 | 000,112,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\acaptuser32.dll
[2010/08/30 08:38:46 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\FXTS2
[2010/08/29 10:44:55 | 011,429,880 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-276de83018ab0bd479fed02f72221521.exe
[2010/02/06 16:59:24 | 009,758,584 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-8ab1183a2ec3629bbadfd81de306dd50.exe

========== Files - Modified Within 30 Days ==========

[2010/09/27 13:19:42 | 006,291,456 | -HS- | M] () -- C:\Users\Kevin\ntuser.dat
[2010/09/27 13:17:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2961634351-3576963700-353583735-1000UA.job
[2010/09/27 13:17:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/27 11:16:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/27 11:11:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 11:11:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 11:08:01 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/27 11:08:01 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/27 11:08:01 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/27 11:03:38 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/09/27 11:03:38 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/27 11:03:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/27 11:03:19 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/27 11:02:34 | 012,854,612 | -H-- | M] () -- C:\Users\Kevin\AppData\Local\IconCache.db
[2010/09/26 17:39:25 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2961634351-3576963700-353583735-1000Core.job
[2010/09/26 15:45:07 | 582,037,478 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/26 11:54:56 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/26 11:52:32 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/09/26 11:52:32 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/09/26 11:52:31 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/09/26 11:52:30 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/09/26 11:52:27 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/09/26 10:42:49 | 000,073,216 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys
[2010/09/26 10:42:40 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2010/09/26 10:32:54 | 000,003,788 | ---- | M] () -- C:\Windows\mozy.blk
[2010/09/26 10:32:54 | 000,000,742 | ---- | M] () -- C:\Windows\mozy.flt
[2010/09/25 22:05:55 | 000,230,400 | ---- | M] (Alexander Roshal) -- C:\Windows\Gjejua.exe
[2010/09/24 17:41:21 | 000,001,911 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/14 15:25:59 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/12 22:54:39 | 000,004,608 | ---- | M] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 10:46:10 | 000,000,915 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
[2010/08/29 10:45:19 | 011,429,880 | ---- | M] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-276de83018ab0bd479fed02f72221521.exe

========== Files Created - No Company Name ==========

[2010/09/26 15:45:07 | 582,037,478 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/26 11:54:56 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/09/14 15:25:59 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/03/25 22:32:11 | 000,000,029 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\mainhst.zgh
[2010/03/16 17:45:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/02/25 18:53:02 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2010/02/25 18:53:02 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2010/02/25 18:53:02 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2010/02/25 18:52:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010/02/25 18:52:01 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010/02/25 18:52:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010/02/25 18:52:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2010/02/25 18:36:08 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010/02/25 18:36:08 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/12/26 00:55:09 | 000,004,608 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 00:35:34 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2009/11/19 00:31:20 | 000,118,784 | ---- | C] () -- C:\Windows\System32\mp3dec.dll
[2009/11/19 00:31:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dsp_trc.dll
[2009/11/19 00:31:20 | 000,005,120 | ---- | C] () -- C:\Windows\System32\IcdSptSvps.dll
[2009/10/22 20:20:35 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/10/22 20:00:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/10 21:02:22 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/27 09:45:29 | 000,163,840 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/27 09:45:26 | 000,564,224 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/07/27 09:45:25 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/27 09:45:25 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/07/27 09:45:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/07/27 09:45:22 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/27 09:45:22 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/05 23:41:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/05 01:47:00 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/05 01:46:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/04/04 19:47:58 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2004/04/23 15:17:02 | 000,000,061 | ---- | C] () -- C:\Windows\System32\uninstall.ini

========== LOP Check ==========

[2009/10/22 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/11/08 12:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
[2009/12/26 11:32:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/10/22 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ContentGuard
[2009/10/22 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2010/09/27 11:04:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Dropbox
[2009/10/22 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\eFax Messenger
[2009/10/22 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Elecard
[2010/09/04 16:10:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\EndNote
[2010/08/30 08:38:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\FXTS2
[2009/10/22 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GetRightToGo
[2010/09/27 13:11:07 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GoodSync
[2010/08/26 16:10:28 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ICAClient
[2009/10/22 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\IObit
[2009/10/22 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\j2 Global
[2010/08/26 15:21:06 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Juniper Networks
[2009/12/16 00:19:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Meebo
[2010/08/19 18:02:14 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mobipocket
[2010/03/15 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\motorola
[2010/03/01 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Opera
[2009/10/22 19:24:56 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SecondLife
[2009/11/21 09:01:17 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SkyGolf
[2010/04/10 10:54:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Smart PDF Converter
[2010/06/30 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Stocktwits.8986D6B7D178AAC41A95020D78F34B5073F31DBB.1
[2010/01/28 22:59:17 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Thunderbird
[2009/10/22 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TMP
[2010/01/15 16:59:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TrueCrypt
[2009/10/22 19:24:59 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/12/17 21:44:11 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009/10/22 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Uniblue
[2010/09/27 11:02:34 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent
[2010/08/24 17:00:58 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\webex
[2010/05/25 21:12:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\X-Chat 2
[2010/03/25 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ZipGenius
[2010/09/11 18:22:18 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\DELL\Drivers\R166200\iastor.sys
[2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/06/02 11:44:06 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 21:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\FirewallAPI.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Weatherly - NY CASAC.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Transcription of the 2005 Kenyon Commencement Address.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Trading Matrix.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\TODD%20HARRISON[1].doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\St. Thomas map.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Social Security card.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\psychopharm training cert.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Our greatest fear is not that we are inadequate.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\NY State Healthcare Proxy.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\NEW YORK LIVING WILL.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\KSW Signature.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\KSW Capella Degree.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Kahlil Gibran on Giving.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\GTA4 cheats.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Denise Debt.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Credit Report 12-2008.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Cholesterol levels - 1-2008.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\certificate.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\Birthdays-Anniversaries 2008.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\alleganydirectory.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Kevin\Documents\100 best novels list.doc:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 9/27/2010 1:17:09 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Kevin\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 94.29 Gb Free Space | 32.99% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 0.30 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVIN-PC
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2961634351-3576963700-353583735-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0A720675-B64C-4E0B-BF7C-8120937540B5}" = PASW Statistics-Python Integration Plug-in 18.0
"{0B6AC7AE-2C15-4F1F-9179-24BA055F82E7}" = SPSS Inc. Data Access Pack 6.0 for Windows
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{148E76B9-6DC0-4389-A71F-2D0B29545673}" = PASW® Data Collection Reports for Surveys Components 5.6
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1EBEC42C-5E3F-4077-933B-411E33A0C3A4}" = Motorola Driver Installation 4.6.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B828AF4-2F94-438F-9522-81F73F529310}" = AxCrypt 1.7.2067.0
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{32A3A4F4-B792-11D6-A78A-00B0D0160190}" = Java™ SE Development Kit 6 Update 19
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F470FED-77A1-4545-BF6E-AF687FF0B42D}" = RSDLite
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{433297A1-0844-C181-7C19-75BA40FF9CAA}" = twhirl
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5CE8DE46-1D95-786A-A666-AAC564BC9200}" = TweetDeck
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D9DA69-4C22-46CA-B762-A338CAC94599}" = Amos 18
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C34368-0C06-4880-9095-474609A8E770}" = Sony Preset Manager 2.0e
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8500A84B-5310-4E68-B457-2437AA2746B7}" = PASW Smartreader 18
"{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_934" = Adobe Acrobat 9.3.4 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B84761-D63F-2A56-4948-E53F1B6D6EF1}" = MozyHome
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE45AA20-8BFF-C98B-4D64-153545837884}" = StockTwits Desktop Beta
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEA0CE81-7FC7-AAAE-FC8C-241A5F8684F0}" = Supercast
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AI RoboForm" = AI RoboForm (All Users)
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVS Image Converter_is1" = AVS Image Converter 1.2.1.100
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1" = Supercast
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1" = twhirl
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedDemon_is1" = FeedDemon
"FXCM Micro Trading Station II" = FXCM Micro Trading Station II
"GanttProject" = GanttProject
"GoldWave v5.55" = GoldWave v5.55
"Google Chrome Frame" = Google Chrome Frame
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.4.5 Full
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"PdaNet_is1" = PdaNet for Android 2.42
"Recuva" = Recuva
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Revo Uninstaller" = Revo Uninstaller 1.89
"SecondLife" = SecondLife (remove only)
"SkyCaddieDesktop" = SkyCaddie Desktop
"SLABCOMM" = CP2101 USB to UART Bridge Controller
"Smart Defrag_is1" = Smart Defrag
"Smart PDF Converter_is1" = Smart PDF Converter 5.0.1.335
"Stocktwits.8986D6B7D178AAC41A95020D78F34B5073F31DBB.1" = StockTwits Desktop Beta
"thinkorswim" = thinkorswim
"TrueCrypt" = TrueCrypt
"TuneXP_1.5" = TuneXP 1.5
"TVWiz" = Intel® TV Wizard
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 1.0.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Zinio Reader" = Zinio Reader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2961634351-3576963700-353583735-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chromium" = Chromium
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Citrix_Services" = Juniper Citrix Services Client
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Meebo Notifier" = Meebo Notifier
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Kevin at 14:00:32.97 on Mon 09/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3574.2005 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Motorola Media Link\NServiceEntry.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Kevin\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\6.0.472.63\npchrome_frame.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\kevin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\kevin\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kevin\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\kevin\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.ezproxy.fielding.edu/lib/fgils/support/plugins/ebraryRdr.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tradeking.webex.com/client/T27LB/event/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://docs.che.org/dana-cached/sc/JuniperSetupClient.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\6.0.472.63\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\2v3kctnx.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\kevin\appdata\roaming\mozilla\firefox\profiles\2v3kctnx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kevin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\kevin\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-10-22 73728]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-9-26 337064]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-26 267432]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-9-26 405672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-26 60936]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-2-1 87336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-7 304464]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-5-15 91456]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-4-5 111616]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-4 20952]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-3-24 9472]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-6 135664]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-12-26 12672]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-5-8 42752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-9 1343400]

=============== Created Last 30 ================

2010-09-27 17:51:55 0 ----a-w- c:\users\kevin\defogger_reenable
2010-09-27 17:41:29 54016 ----a-w- c:\windows\system32\drivers\dqqlg.sys
2010-09-26 19:45:07 582037478 ----a-w- c:\windows\MEMORY.DMP
2010-09-26 15:57:50 0 d-----w- c:\users\kevin\appdata\roaming\Avira
2010-09-26 15:54:33 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-26 15:54:32 0 d-----w- c:\programdata\Avira
2010-09-26 15:54:32 0 d-----w- c:\program files\Avira
2010-09-26 14:42:49 73216 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-09-26 14:42:47 0 d-----w- c:\program files\Prevx
2010-09-26 14:42:41 0 d-----w- c:\programdata\PrevxCSI
2010-09-26 02:06:02 230400 ----a-w- c:\windows\Gjejua.exe
2010-09-16 03:08:47 0 d-----w- c:\windows\PCHEALTH
2010-09-15 22:44:25 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 19:24:40 0 d-----w- c:\program files\iPod
2010-09-14 19:24:39 0 d-----w- c:\program files\iTunes
2010-09-04 16:24:08 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-09-04 16:22:17 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-08-30 12:38:46 0 d-----w- c:\users\kevin\appdata\roaming\FXTS2
2010-08-30 02:28:13 357888 ----a-w- c:\temp\TRADEAWAVE Wave Labeling Methodology.exe
2010-08-29 14:44:55 11429880 ----a-w- c:\programdata\Tempmozy-update-276de83018ab0bd479fed02f72221521.exe

==================== Find3M ====================

2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-12 22:49:58 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2010-03-12 22:49:17 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010031220100313\index.dat
2010-03-12 22:49:58 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat
2010-03-12 22:49:58 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:01:26.31 ===============

Attached Files


Edited by KevinS.W., 27 September 2010 - 01:12 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 AM

Posted 01 October 2010 - 04:17 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:49 AM

Posted 07 October 2010 - 04:20 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users