Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bsod


  • This topic is locked This topic is locked
20 replies to this topic

#1 shilo2

shilo2

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 06 February 2011 - 08:54 AM

Mod. edit: Previous topics in chronological sequence concerning this issue.

http://www.bleepingcomputer.com/forums/topic370710.html

http://www.bleepingcomputer.com/forums/topic370959.html

http://www.bleepingcomputer.com/forums/topic373228.html

Note that after doing Last Known Working Configuration, MBAM did flag some infections. ~ OB


heres the dds logs i was told to post here from the guide.i got bsod last week,took a while to get booted up,was stuck in repair screen,finally managed to boot on last known configuration,did malware scan,eset can,havn't had any
problems since.here are the logs of the scans i did today.if anyone can tell me what caused it i would appreciate it a lot.thanks


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Robert & Lynn at 9:29:27.15 on 06/02/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8191.6798 [GMT -4:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Robert & Lynn\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
uSearch Bar = Preserve
uURLSearchHooks: H - No File
mURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll
mURLSearchHooks: Messenger Plus Live CA-EN Toolbar: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Messenger Plus Live CA-EN Toolbar: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll
TB: Messenger Plus Live CA-EN Toolbar: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Robert & Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-16 54480]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/21 17:38:29];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-9-1 146928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-1-21 83312]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-1-3 27136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-3 344680]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-20 136176]
S2 KMService;KMService;C:\Windows\system32\srvany.exe --> C:\Windows\system32\srvany.exe [?]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2011-1-5 35840]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-7-8 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-30 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-4 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MSI_DVD_010507;MSI_DVD_010507;C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys [2010-5-10 28984]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys [2010-5-10 14960]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-1-2 14136]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-1-3 50720]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2011-02-04 15:01:39 -------- d-----w- C:\Users\ROBERT~1\AppData\Roaming\ZoomBrowser EX
2011-02-04 14:50:36 -------- d-----w- C:\PROGRA~3\ZoomBrowser
2011-02-04 14:22:20 -------- d-----w- C:\Users\ROBERT~1\AppData\Local\CANON_INC
2011-02-01 17:29:56 -------- d-----w- C:\Users\ROBERT~1\AppData\Roaming\.minecraft
2011-01-30 17:38:04 -------- d-----w- C:\Program Files (x86)\FileSubmit
2011-01-27 19:25:39 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
2011-01-27 19:22:46 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-01-27 14:50:41 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2011-01-27 14:38:32 -------- d-----w- C:\Program Files (x86)\Seagate
2011-01-18 12:32:23 -------- d-----w- C:\Users\ROBERT~1\AppData\Roaming\Windows Live Writer
2011-01-18 12:32:23 -------- d-----w- C:\Users\ROBERT~1\AppData\Local\Windows Live Writer
2011-01-17 17:09:27 -------- d-----w- C:\PROGRA~3\PC Drivers HeadQuarters
2011-01-17 17:08:26 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2011-01-14 16:32:48 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2011-01-14 16:32:48 -------- d-----w- C:\Users\ROBERT~1\AppData\Local\eSupport.com
2011-01-14 02:03:20 -------- d-----w- C:\Program Files\iTunes
2011-01-14 02:03:20 -------- d-----w- C:\Program Files\iPod
2011-01-13 22:51:03 -------- d-----w- C:\Users\ROBERT~1\AppData\Local\antiphishing-webblog1_1dn
2011-01-13 22:50:59 -------- d-----w- C:\Program Files (x86)\wbtooltb
2011-01-13 22:35:02 -------- d-----w- C:\PROGRA~3\Anti-phishing Domain Advisor
2011-01-13 22:07:23 -------- d-----w- C:\PROGRA~3\Apache
2011-01-13 22:03:25 -------- d-----w- C:\Users\ROBERT~1\AppData\Local\Apache
2011-01-13 17:32:27 -------- d-----w- C:\Users\ROBERT~1\AppData\Roaming\SUPERAntiSpyware.com
2011-01-13 17:32:27 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2011-01-13 17:32:23 -------- d-----w- C:\PROGRA~3\!SASCORE
2011-01-13 17:32:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-01-12 11:09:19 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-12 11:09:19 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-12 11:09:18 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 11:09:18 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-12 11:09:18 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-12 11:09:18 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 11:09:18 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-12 11:09:18 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-12 11:09:17 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 11:09:17 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

==================== Find3M ====================

2010-12-28 14:59:11 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2010-12-20 22:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-14 13:43:40 34624 ----a-w- C:\Windows\System32\TURegOpt.exe
2010-12-14 13:39:18 25920 ----a-w- C:\Windows\System32\authuitu.dll
2010-12-14 13:39:16 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2010-12-14 13:39:14 36160 ----a-w- C:\Windows\System32\uxtuneup.dll
2010-12-14 13:39:10 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2010-11-12 22:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-12 18:02:04 86584 ----a-w- C:\Windows\System32\drivers\adfs.sys
2010-11-09 03:55:57 1502208 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-09 03:52:06 2381824 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-08 18:09:40 99384 ----a-w- C:\Users\ROBERT~1\AppData\Roaming\inst.exe
2010-11-08 18:09:40 82816 ----a-w- C:\Users\ROBERT~1\AppData\Roaming\pcouffin.sys

============= FINISH: 9:29:51.97 ===============
Attached File  Attach.txt   10.13KB   3 downloads

Edited by Orange Blossom, 06 February 2011 - 12:34 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:12:28 PM

Posted 09 February 2011 - 04:05 PM

Hello shilo2and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I realize from reading through your other posts that you have been on quite a frustrating journey here. I know that requesting additional logs may seem redundant, but we need the most current snapshot of your system that we can get, so please do not feel that we are "jerking" you around.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.


#3 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 10 February 2011 - 07:41 AM

heres the logs

OTL Extras logfile created on: 10/02/2011 8:31:45 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert & Lynn\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 85.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.16 Gb Total Space | 345.49 Gb Free Space | 57.95% Space Free | Partition Type: NTFS

Computer Name: ROBERT | User Name: Robert & Lynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallOverride" = 1
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{482CB0DF-849D-479C-8CBB-F9DA6AF0F8C5}" =
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0402-1000-0000000FF1CE}" = Microsoft Office Proof (Bulgarian) 2010
"{90140000-001F-0403-1000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0404-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2010
"{90140000-001F-0405-1000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0406-1000-0000000FF1CE}" = Microsoft Office Proof (Danish) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0408-1000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040B-1000-0000000FF1CE}" = Microsoft Office Proof (Finnish) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-1000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-040E-1000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0411-1000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
"{90140000-001F-0412-1000-0000000FF1CE}" = Microsoft Office Proof (Korean) 2010
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0414-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Bokmål)) 2010
"{90140000-001F-0415-1000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-001F-0416-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0418-1000-0000000FF1CE}" = Microsoft Office Proof (Romanian) 2010
"{90140000-001F-0419-1000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-041A-1000-0000000FF1CE}" = Microsoft Office Proof (Croatian) 2010
"{90140000-001F-041B-1000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-041D-1000-0000000FF1CE}" = Microsoft Office Proof (Swedish) 2010
"{90140000-001F-041E-1000-0000000FF1CE}" = Microsoft Office Proof (Thai) 2010
"{90140000-001F-041F-1000-0000000FF1CE}" = Microsoft Office Proof (Turkish) 2010
"{90140000-001F-0420-1000-0000000FF1CE}" = Microsoft Office Proof (Urdu) 2010
"{90140000-001F-0422-1000-0000000FF1CE}" = Microsoft Office Proof (Ukrainian) 2010
"{90140000-001F-0424-1000-0000000FF1CE}" = Microsoft Office Proof (Slovenian) 2010
"{90140000-001F-0425-1000-0000000FF1CE}" = Microsoft Office Proof (Estonian) 2010
"{90140000-001F-0426-1000-0000000FF1CE}" = Microsoft Office Proof (Latvian) 2010
"{90140000-001F-0427-1000-0000000FF1CE}" = Microsoft Office Proof (Lithuanian) 2010
"{90140000-001F-042D-1000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0439-1000-0000000FF1CE}" = Microsoft Office Proof (Hindi) 2010
"{90140000-001F-043F-1000-0000000FF1CE}" = Microsoft Office Proof (Kazakh) 2010
"{90140000-001F-0446-1000-0000000FF1CE}" = Microsoft Office Proof (Punjabi) 2010
"{90140000-001F-0447-1000-0000000FF1CE}" = Microsoft Office Proof (Gujarati) 2010
"{90140000-001F-0449-1000-0000000FF1CE}" = Microsoft Office Proof (Tamil) 2010
"{90140000-001F-044A-1000-0000000FF1CE}" = Microsoft Office Proof (Telugu) 2010
"{90140000-001F-044B-1000-0000000FF1CE}" = Microsoft Office Proof (Kannada) 2010
"{90140000-001F-044E-1000-0000000FF1CE}" = Microsoft Office Proof (Marathi) 2010
"{90140000-001F-0456-1000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0804-1000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2010
"{90140000-001F-0814-1000-0000000FF1CE}" = Microsoft Office Proof (Norwegian (Nynorsk)) 2010
"{90140000-001F-0816-1000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010
"{90140000-001F-081A-1000-0000000FF1CE}" = Microsoft Office Proof (Serbian (Latin)) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2010
"{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
"{90140000-0028-0412-0000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0412-1000-0000000FF1CE}" = Microsoft Office IME (Korean) 2010
"{90140000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-0028-0804-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003B-0000-1000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPRO_{FE71CC93-19DF-419E-90BE-DC71F0BEA692}" =
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-004A-0409-1000-0000000FF1CE}" = Microsoft Office ProofMUI (English) 2010
"{90140000-004B-0000-1000-0000000FF1CE}" = Microsoft Office Proofing Kit 2010
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{3EB2BE04-348D-4419-8569-57030D4B8552}" =
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00B4-0409-1000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-004E-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector 64-bit
"{95140000-007A-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
"{95140000-007D-0409-1000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB6508F6-EC50-4829-A2C6-02990EFF0059}" = Windows Media Encoder 9 Series x64 Edition
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"CCleaner" = CCleaner
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROOFKIT" = Microsoft Office Proofing Tools Kit Compilation 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"Windows Media Encoder 9" = Windows Media Encoder 9 Series x64 Edition

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00405945-70C1-4B1D-9A3C-45A2883366AF}" = PS_AIO_05_C4600_Software_Min
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5211BF94-F97C-47E7-BC7C-BE804A79F8A2}" = MLB 2K10
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7CDD7C4C-5224-40E4-951F-51C12FEAB8AB}" = C4600
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed™ Hot Pursuit
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DB322BA7-761F-476F-ABA1-227331CDEF29}" = USB Joystick
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"AC3Filter" = AC3Filter (remove only)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVIcodec" = AVIcodec (remove only)
"AviSynth" = AviSynth 2.5
"BearShare" = BearShare
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon RAW Codec" = Canon RAW Codec
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"DFX for J. River Media Center" = DFX for J. River Media Center
"DFX for Musicmatch" = DFX for Musicmatch
"DFX for RealPlayer" = DFX for RealPlayer
"DFX for Windows Media Player" = DFX for Windows Media Player
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 8_is1" = DVDFab 8.0.3.2 (30/10/2010)
"EADM" = EA Download Manager
"EOS Utility" = Canon Utilities EOS Utility
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Game Maker 8.0" = Game Maker 8.0
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Liveupdate5_is1" = Liveupdate5
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"Messenger_Plus_Live_CA-EN Toolbar" = Messenger_Plus_Live_CA-EN Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MyCamera" = Canon Utilities MyCamera
"Need For Speed - Most Wanted_is1" = Need For Speed - Most Wanted v 1.3
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"TeamingGenie_is1" = TeamingGenie
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"VobSub" = VobSub v2.23 (Remove Only)
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YU2010_is1" = Your Uninstaller! 2010
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/12/2010 6:06:20 PM | Computer Name = Robert | Source = System Restore | ID = 8193
Description =

Error - 30/12/2010 7:24:45 PM | Computer Name = Robert | Source = RasClient | ID = 20227
Description =

Error - 30/12/2010 7:26:13 PM | Computer Name = Robert | Source = RasClient | ID = 20227
Description =

Error - 30/12/2010 7:27:40 PM | Computer Name = Robert | Source = RasClient | ID = 20227
Description =

Error - 30/12/2010 7:29:07 PM | Computer Name = Robert | Source = RasClient | ID = 20227
Description =

Error - 31/12/2010 7:33:45 AM | Computer Name = Robert | Source = VSS | ID = 13
Description =

Error - 31/12/2010 7:33:45 AM | Computer Name = Robert | Source = VSS | ID = 12292
Description =

Error - 31/12/2010 7:33:45 AM | Computer Name = Robert | Source = VSS | ID = 8193
Description =

Error - 31/12/2010 7:33:45 AM | Computer Name = Robert | Source = System Restore | ID = 8193
Description =

Error - 31/12/2010 1:28:51 PM | Computer Name = Robert | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ Cobian Backup Boletus VSC Service Events ]
Error - 02/01/2011 9:44:14 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The volume does not support the requested operation, or no provider
supports it.

Error - 02/01/2011 9:49:42 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Object reference not set to an instance of an object.

Error - 02/01/2011 9:49:42 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The creation of a shadow copy is already in progress.

Error - 02/01/2011 10:37:09 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).

Error - 02/01/2011 10:37:09 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The creation of a shadow copy is already in progress.

Error - 02/01/2011 10:38:19 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = Guid should contain 32 digits with 4 dashes (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx).

Error - 02/01/2011 10:38:19 AM | Computer Name = Robert | Source = Cobian Backup Boletus VSC Service | ID = 0
Description = The creation of a shadow copy is already in progress.

[ Media Center Events ]
Error - 31/10/2010 4:04:12 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 5:04:12 AM - Error connecting to the internet. 5:04:12 AM - Unable
to contact server..

Error - 31/10/2010 5:07:48 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 6:07:48 AM - Error connecting to the internet. 6:07:48 AM - Unable
to contact server..

Error - 15/11/2010 2:18:34 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 2:18:33 AM - Error connecting to the internet. 2:18:33 AM - Unable
to contact server..

Error - 15/11/2010 3:18:39 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 3:18:38 AM - Error connecting to the internet. 3:18:38 AM - Unable
to contact server..

Error - 15/11/2010 4:18:57 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 4:18:56 AM - Error connecting to the internet. 4:18:56 AM - Unable
to contact server..

Error - 15/11/2010 7:29:32 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 7:29:31 AM - Error connecting to the internet. 7:29:32 AM - Unable
to contact server..

Error - 06/12/2010 2:24:14 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 2:24:13 AM - Error connecting to the internet. 2:24:13 AM - Unable
to contact server..

Error - 06/12/2010 3:25:04 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 3:25:03 AM - Error connecting to the internet. 3:25:03 AM - Unable
to contact server..

Error - 06/12/2010 4:25:42 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 4:25:42 AM - Error connecting to the internet. 4:25:42 AM - Unable
to contact server..

Error - 06/12/2010 5:26:21 AM | Computer Name = Robert | Source = MCUpdate | ID = 0
Description = 5:26:21 AM - Error connecting to the internet. 5:26:21 AM - Unable
to contact server..

[ System Events ]
Error - 10/02/2011 7:08:27 AM | Computer Name = Robert | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/02/2011 7:08:36 AM | Computer Name = Robert | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/02/2011 7:08:58 AM | Computer Name = Robert | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 10/02/2011 7:08:56 AM | Computer Name = Robert | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/02/2011 7:08:56 AM | Computer Name = Robert | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/02/2011 7:08:56 AM | Computer Name = Robert | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/02/2011 7:08:57 AM | Computer Name = Robert | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058

Error - 10/02/2011 7:08:58 AM | Computer Name = Robert | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 10/02/2011 7:08:59 AM | Computer Name = Robert | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 10/02/2011 7:09:07 AM | Computer Name = Robert | Source = WMPNetworkSvc | ID = 866300
Description =


< End of report >


OTL logfile created on: 10/02/2011 8:31:45 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert & Lynn\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 7.00 Gb Available Physical Memory | 85.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.16 Gb Total Space | 345.49 Gb Free Space | 57.95% Space Free | Partition Type: NTFS

Computer Name: ROBERT | User Name: Robert & Lynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robert & Lynn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Robert & Lynn\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys (Your Corporation)
DRV:64bit: - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios64_100507.sys (Your Corporation)
DRV:64bit: - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (RegKill) -- C:\Windows\SysWOW64\drivers\RegKill.sys (Elaborate Bytes)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/24 13:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/24 13:29:23 | 000,000,000 | ---D | M]

[2011/01/24 13:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Extensions
[2010/04/23 15:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/29 21:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/09 13:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\u6k25k4n.default\extensions
[2011/01/29 18:12:39 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\u6k25k4n.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/11/16 12:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/29 16:45:15 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:100 /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\Alwil Software\Avast5") - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 03:00:14 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/02/10 03:00:14 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/02/10 03:00:14 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/10 03:00:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/09 22:23:13 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/09 22:23:13 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/09 22:23:13 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/09 22:23:13 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/09 22:23:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/09 22:23:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/09 22:23:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/09 22:23:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/09 08:56:33 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\Documents\My Cheat Tables
[2011/02/09 08:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.0
[2011/02/09 08:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6
[2011/02/06 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/02/06 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/02/04 11:01:39 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\ZoomBrowser EX
[2011/02/04 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\Canon
[2011/02/04 10:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/02/04 10:22:20 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\CANON_INC
[2011/02/01 13:29:56 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\.minecraft
[2011/01/30 13:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileSubmit
[2011/01/27 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/01/27 15:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/01/27 15:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/01/27 15:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/01/27 10:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2011/01/27 10:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2011/01/22 17:49:00 | 000,563,288 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/18 08:32:23 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\Windows Live Writer
[2011/01/18 08:32:23 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\Windows Live Writer
[2011/01/17 13:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/01/17 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/01/14 12:32:48 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/01/14 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\eSupport.com
[2011/01/13 22:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/13 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/13 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/13 18:51:03 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\antiphishing-webblog1_1dn
[2011/01/13 18:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wbtooltb
[2011/01/13 18:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2011/01/13 18:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apache
[2011/01/13 18:03:25 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\Apache
[2011/01/13 13:32:27 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/13 13:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/13 13:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/13 13:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/01/13 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/13 13:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/01/12 07:09:19 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/12 07:09:19 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2010/04/18 11:22:03 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/02/10 03:18:58 | 003,026,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/10 03:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/10 03:18:18 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:17:45 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 03:17:44 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/09 08:56:30 | 000,001,073 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Cheat Engine.lnk
[2011/02/06 21:30:06 | 000,743,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/06 21:30:06 | 000,639,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/06 21:30:06 | 000,115,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/06 09:35:19 | 000,002,621 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/02/06 09:34:09 | 000,001,042 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Game Maker.lnk
[2011/02/04 10:50:36 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/02/04 10:47:31 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/02/04 10:37:17 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/02/04 10:24:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/01/26 09:30:27 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/24 15:38:03 | 000,001,267 | ---- | M] () -- C:\Users\Robert & Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/01/24 15:38:03 | 000,001,243 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Auslogics BoostSpeed.lnk
[2011/01/24 14:26:05 | 001,028,096 | ---- | M] () -- C:\Users\Robert & Lynn\Documents\Students.accdb
[2011/01/24 13:49:35 | 000,000,540 | ---- | M] () -- C:\Users\Robert & Lynn\AppData\Roaming\AutoGK.ini
[2011/01/23 19:58:43 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 17:05:44 | 000,024,576 | ---- | M] () -- C:\BCD_backup
[2011/01/23 16:49:34 | 000,001,137 | ---- | M] () -- C:\Users\Robert & Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/23 16:49:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 17:49:00 | 000,563,288 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/14 12:32:48 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/01/13 22:03:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/13 15:14:50 | 000,001,090 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Your Unin-staller!.lnk

========== Files Created - No Company Name ==========

[2011/02/06 09:34:39 | 000,002,621 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2011/02/04 10:13:14 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/02/04 10:13:00 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/02/04 10:12:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/02/04 10:12:32 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/01/24 15:38:03 | 000,001,267 | ---- | C] () -- C:\Users\Robert & Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/01/24 15:38:03 | 000,001,243 | ---- | C] () -- C:\Users\Robert & Lynn\Desktop\Auslogics BoostSpeed.lnk
[2011/01/24 13:49:35 | 000,000,540 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\AutoGK.ini
[2011/01/23 17:05:44 | 000,024,576 | ---- | C] () -- C:\BCD_backup
[2011/01/13 22:03:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/13 13:32:23 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/02 09:00:51 | 002,440,206 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\[j0007]-[p10].bmp
[2010/11/28 15:55:00 | 000,001,023 | ---- | C] () -- C:\ProgramData\.wtav
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/22 16:41:14 | 000,000,101 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\fusioncache.dat
[2010/09/22 16:28:04 | 000,747,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/28 10:18:58 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/06/24 17:11:56 | 000,003,691 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/28 15:58:06 | 000,007,601 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\resmon.resmoncfg
[2010/05/16 09:13:47 | 000,000,002 | -HS- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\.zreglib
[2010/05/16 09:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/05/02 12:01:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/02 12:01:02 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/02 12:01:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/02 12:01:01 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/18 11:22:31 | 000,000,034 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.log
[2010/04/18 11:22:03 | 000,099,384 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\inst.exe
[2010/04/18 11:22:03 | 000,007,859 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.cat
[2010/04/18 11:22:03 | 000,001,167 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.inf
[2010/04/17 18:50:49 | 000,000,167 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/02 13:34:55 | 000,000,216 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\default.rss
[2010/04/01 18:34:02 | 000,005,632 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 18:06:25 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/03/29 15:02:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 16:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/02/01 07:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 143 bytes -> C:\Users\Robert & Lynn\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:28 AM

Posted 10 February 2011 - 06:39 PM

Hi shilo2,




Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.



Step1

  • Please download Minitool bootable CD iso file from Here on your desktop.
  • Place a blank CD in your CD-Rom to burn the iso to a bootable CD. If you need a free burner, please go to Here.
  • Boot the computer using the boot CD you just created after performing Step2. In order to do so, the computer must be set to boot from the CD first
  • Note : For information click Here
  • Once the bootable CD is complete. Do not run it yet.


Step2

  • Please start your system and tap F10 repeatedly, you will then be directed to the Edit Boot Options screen.
  • You might see following text in the quote box:

    Edit Windows boot options for: Windows 7
    Path: \Windows\System32\winload.exe
    Partition: 1
    Hard Disk: {Some random looking numbers}
    [ /NOEXECUTE=OPTIN /MININT [] ]

  • Please remove the red part (/MININT []) and press Enter. After that, please perform the Step3 accordingly.

Step3

  • Please insert your Minitool bootable CD into CD/DVD rom and reboot your pc.
  • Make sure you have set the boot sequence from the CD first.
  • Please select Boot from Partition Wizard Boot Disc first while the following picture appears:

    Posted Image
  • Please choose the following screen resolution. You may select: 1

    Posted Image
  • The Partition Wizard GUI should promt. Click on Disk 1 then press Rebuild MBR under Operations menu, Click OK when the prompt appears and press Apply in the left bottom.

    Posted Image
  • Click on General menu and press Exit button. Get the bootable CD out of CD/DVD rom and reboot normally. For more info: consult this thread .


Let me know how things went.

Edited by sundavis, 10 February 2011 - 06:58 PM.


#5 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 11 February 2011 - 08:29 AM

it went fairly straight forward,nothing major happened.what else is there.also there was no red part in step 2 it was empty

Edited by shilo2, 11 February 2011 - 08:32 AM.


#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:28 AM

Posted 11 February 2011 - 08:45 AM

Hi shilo2,




there was no red part in step 2 it was empty

That sounds good. Lets check it one more time with the following.



Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Under the Standard Registry box change it to All
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:



    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.



In your next reply, please post back:

1.SystemLook.txt
2.OTListIt.txt and Extra.txt

Let me know what the remaining issues you're experiencing now.

#7 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 11 February 2011 - 09:19 AM

heres the logs how do i open extra txt log and what is systemlook txt log thats why those two logs are not there

2011/02/11 10:02:30.0773 1036 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/11 10:02:30.0903 1036 ================================================================================
2011/02/11 10:02:30.0903 1036 SystemInfo:
2011/02/11 10:02:30.0903 1036
2011/02/11 10:02:30.0903 1036 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/11 10:02:30.0903 1036 Product type: Workstation
2011/02/11 10:02:30.0903 1036 ComputerName: ROBERT
2011/02/11 10:02:30.0903 1036 UserName: Robert & Lynn
2011/02/11 10:02:30.0903 1036 Windows directory: C:\Windows
2011/02/11 10:02:30.0903 1036 System windows directory: C:\Windows
2011/02/11 10:02:30.0903 1036 Running under WOW64
2011/02/11 10:02:30.0903 1036 Processor architecture: Intel x64
2011/02/11 10:02:30.0903 1036 Number of processors: 2
2011/02/11 10:02:30.0903 1036 Page size: 0x1000
2011/02/11 10:02:30.0903 1036 Boot type: Normal boot
2011/02/11 10:02:30.0903 1036 ================================================================================
2011/02/11 10:02:31.0095 1036 Initialize success
2011/02/11 10:02:34.0671 2964 ================================================================================
2011/02/11 10:02:34.0672 2964 Scan started
2011/02/11 10:02:34.0672 2964 Mode: Manual;
2011/02/11 10:02:34.0672 2964 ================================================================================
2011/02/11 10:02:35.0650 2964 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/11 10:02:35.0676 2964 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/11 10:02:35.0706 2964 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/11 10:02:35.0759 2964 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
2011/02/11 10:02:35.0786 2964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/11 10:02:35.0817 2964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/11 10:02:35.0834 2964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/11 10:02:35.0880 2964 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/11 10:02:35.0911 2964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/11 10:02:35.0946 2964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/11 10:02:35.0969 2964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/11 10:02:35.0990 2964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/11 10:02:36.0010 2964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/11 10:02:36.0031 2964 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/11 10:02:36.0046 2964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/11 10:02:36.0061 2964 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/11 10:02:36.0087 2964 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/11 10:02:36.0123 2964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/11 10:02:36.0140 2964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/11 10:02:36.0189 2964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/11 10:02:36.0202 2964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/11 10:02:36.0255 2964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/11 10:02:36.0285 2964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/11 10:02:36.0324 2964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/11 10:02:36.0376 2964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/11 10:02:36.0390 2964 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/11 10:02:36.0405 2964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/11 10:02:36.0433 2964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/11 10:02:36.0455 2964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/11 10:02:36.0476 2964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/11 10:02:36.0490 2964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/11 10:02:36.0506 2964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/11 10:02:36.0523 2964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/11 10:02:36.0578 2964 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2011/02/11 10:02:36.0601 2964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/11 10:02:36.0630 2964 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/11 10:02:36.0650 2964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/11 10:02:36.0695 2964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/11 10:02:36.0740 2964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/11 10:02:36.0763 2964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/11 10:02:36.0798 2964 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/11 10:02:36.0814 2964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/11 10:02:36.0836 2964 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/11 10:02:36.0854 2964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/11 10:02:36.0902 2964 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
2011/02/11 10:02:36.0935 2964 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/11 10:02:36.0964 2964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/11 10:02:36.0982 2964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/11 10:02:37.0034 2964 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/11 10:02:37.0063 2964 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/11 10:02:37.0096 2964 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/11 10:02:37.0145 2964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/11 10:02:37.0203 2964 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/11 10:02:37.0296 2964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/11 10:02:37.0417 2964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/11 10:02:37.0446 2964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/11 10:02:37.0476 2964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/11 10:02:37.0501 2964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/11 10:02:37.0524 2964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/11 10:02:37.0548 2964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/11 10:02:37.0564 2964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/11 10:02:37.0597 2964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/11 10:02:37.0621 2964 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/11 10:02:37.0920 2964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/11 10:02:37.0946 2964 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/02/11 10:02:37.0958 2964 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/11 10:02:37.0974 2964 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/11 10:02:38.0027 2964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/11 10:02:38.0185 2964 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/02/11 10:02:38.0193 2964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/11 10:02:38.0224 2964 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/11 10:02:38.0236 2964 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/11 10:02:38.0244 2964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/11 10:02:38.0252 2964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/11 10:02:38.0271 2964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/11 10:02:38.0286 2964 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/11 10:02:38.0301 2964 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/11 10:02:38.0334 2964 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/11 10:02:38.0363 2964 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/11 10:02:38.0370 2964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/11 10:02:38.0382 2964 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/11 10:02:38.0399 2964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/11 10:02:38.0464 2964 IntcAzAudAddService (a0eab13a78cc5fb960ec76e3d6408da3) C:\Windows\system32\drivers\RTKVHD64.sys
2011/02/11 10:02:38.0488 2964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/11 10:02:38.0505 2964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/11 10:02:38.0523 2964 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/11 10:02:38.0532 2964 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/11 10:02:38.0541 2964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/11 10:02:38.0563 2964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/11 10:02:38.0571 2964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/11 10:02:38.0587 2964 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/11 10:02:38.0611 2964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/11 10:02:38.0623 2964 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/11 10:02:38.0643 2964 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/11 10:02:38.0666 2964 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/11 10:02:38.0675 2964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/11 10:02:38.0708 2964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/11 10:02:38.0730 2964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/11 10:02:38.0739 2964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/11 10:02:38.0757 2964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/11 10:02:38.0767 2964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/11 10:02:38.0776 2964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/11 10:02:38.0785 2964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/11 10:02:38.0802 2964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/11 10:02:38.0813 2964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/11 10:02:38.0856 2964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/11 10:02:38.0867 2964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/11 10:02:38.0887 2964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/11 10:02:38.0905 2964 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/11 10:02:38.0914 2964 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/11 10:02:38.0939 2964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/11 10:02:38.0950 2964 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/11 10:02:38.0972 2964 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/11 10:02:38.0997 2964 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/11 10:02:39.0011 2964 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/11 10:02:39.0019 2964 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/11 10:02:39.0029 2964 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/11 10:02:39.0050 2964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/11 10:02:39.0066 2964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/11 10:02:39.0073 2964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/11 10:02:39.0138 2964 MSI_DVD_010507 (b0142fb630770fd1e31983793cef5945) C:\PROGRA~1\MSI\MSIWDev\DVDSYS64_100507.sys
2011/02/11 10:02:39.0148 2964 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys
2011/02/11 10:02:39.0164 2964 MSI_VGASYS_010507 (541721064012dd044aeb1b74fbdbda14) C:\PROGRA~1\MSI\MSIWDev\VGASYS64_100507.sys
2011/02/11 10:02:39.0185 2964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/11 10:02:39.0208 2964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/11 10:02:39.0225 2964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/11 10:02:39.0249 2964 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/11 10:02:39.0297 2964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/11 10:02:39.0314 2964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/11 10:02:39.0324 2964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/11 10:02:39.0342 2964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/11 10:02:39.0375 2964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/11 10:02:39.0445 2964 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/11 10:02:39.0519 2964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/11 10:02:39.0549 2964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/11 10:02:39.0566 2964 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/11 10:02:39.0576 2964 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/11 10:02:39.0609 2964 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/11 10:02:39.0618 2964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/11 10:02:39.0648 2964 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/11 10:02:39.0673 2964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/11 10:02:39.0693 2964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/11 10:02:39.0701 2964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/11 10:02:39.0746 2964 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/11 10:02:39.0890 2964 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
2011/02/11 10:02:39.0923 2964 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/02/11 10:02:39.0979 2964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/11 10:02:40.0384 2964 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/11 10:02:40.0957 2964 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/11 10:02:40.0971 2964 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/11 10:02:40.0993 2964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/11 10:02:41.0017 2964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/11 10:02:41.0042 2964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/11 10:02:41.0063 2964 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/11 10:02:41.0078 2964 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/11 10:02:41.0087 2964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/11 10:02:41.0105 2964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/11 10:02:41.0156 2964 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
2011/02/11 10:02:41.0176 2964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/11 10:02:41.0214 2964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/11 10:02:41.0256 2964 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/02/11 10:02:41.0276 2964 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/11 10:02:41.0300 2964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/11 10:02:41.0350 2964 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/11 10:02:41.0381 2964 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/02/11 10:02:41.0419 2964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/11 10:02:41.0463 2964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/11 10:02:41.0483 2964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/11 10:02:41.0499 2964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/11 10:02:41.0525 2964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/11 10:02:41.0537 2964 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/11 10:02:41.0550 2964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/11 10:02:41.0577 2964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/11 10:02:41.0613 2964 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/11 10:02:41.0623 2964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/11 10:02:41.0639 2964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/11 10:02:41.0647 2964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/11 10:02:41.0657 2964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/11 10:02:41.0667 2964 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/11 10:02:41.0702 2964 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/11 10:02:41.0753 2964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/11 10:02:41.0785 2964 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/02/11 10:02:41.0805 2964 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
2011/02/11 10:02:41.0825 2964 RTTEAMPT (f3f166ca4283ff6f5f2c0d883d475cf8) C:\Windows\system32\DRIVERS\RtTeam60.sys
2011/02/11 10:02:41.0862 2964 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/02/11 10:02:41.0873 2964 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/02/11 10:02:41.0882 2964 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/11 10:02:41.0890 2964 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/11 10:02:41.0928 2964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/11 10:02:41.0968 2964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/11 10:02:41.0984 2964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/11 10:02:41.0992 2964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/11 10:02:42.0047 2964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/11 10:02:42.0059 2964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/11 10:02:42.0068 2964 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/11 10:02:42.0076 2964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/11 10:02:42.0105 2964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/11 10:02:42.0113 2964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/11 10:02:42.0133 2964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/11 10:02:42.0157 2964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/11 10:02:42.0201 2964 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/02/11 10:02:42.0258 2964 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/11 10:02:42.0281 2964 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/11 10:02:42.0298 2964 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/11 10:02:42.0331 2964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/11 10:02:42.0356 2964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/11 10:02:42.0407 2964 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/11 10:02:42.0466 2964 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/11 10:02:42.0491 2964 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/11 10:02:42.0509 2964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/11 10:02:42.0517 2964 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/11 10:02:42.0551 2964 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/11 10:02:42.0574 2964 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/11 10:02:42.0594 2964 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/11 10:02:42.0678 2964 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
2011/02/11 10:02:42.0699 2964 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/11 10:02:42.0708 2964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/11 10:02:42.0719 2964 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/11 10:02:42.0732 2964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/11 10:02:42.0748 2964 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/11 10:02:42.0770 2964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/11 10:02:42.0823 2964 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
2011/02/11 10:02:42.0851 2964 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/02/11 10:02:42.0892 2964 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/11 10:02:42.0911 2964 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/11 10:02:42.0920 2964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/11 10:02:42.0933 2964 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/11 10:02:42.0945 2964 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/11 10:02:42.0963 2964 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/11 10:02:42.0979 2964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/11 10:02:43.0011 2964 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/11 10:02:43.0025 2964 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/11 10:02:43.0034 2964 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/11 10:02:43.0059 2964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/11 10:02:43.0067 2964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/11 10:02:43.0081 2964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/11 10:02:43.0104 2964 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/11 10:02:43.0120 2964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/11 10:02:43.0132 2964 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/11 10:02:43.0164 2964 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/11 10:02:43.0190 2964 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/11 10:02:43.0378 2964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/11 10:02:43.0397 2964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/11 10:02:43.0464 2964 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys
2011/02/11 10:02:43.0481 2964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/11 10:02:43.0496 2964 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/11 10:02:43.0509 2964 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/11 10:02:43.0520 2964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/11 10:02:43.0542 2964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/11 10:02:43.0569 2964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/11 10:02:43.0588 2964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/11 10:02:43.0630 2964 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/11 10:02:43.0657 2964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/11 10:02:43.0669 2964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/11 10:02:43.0695 2964 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/11 10:02:43.0713 2964 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/11 10:02:43.0752 2964 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/11 10:02:43.0811 2964 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
2011/02/11 10:02:43.0969 2964 ================================================================================
2011/02/11 10:02:43.0969 2964 Scan finished
2011/02/11 10:02:43.0969 2964 ================================================================================

OTL logfile created on: 11/02/2011 10:12:12 AM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Robert & Lynn\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 15.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.16 Gb Total Space | 344.87 Gb Free Space | 57.85% Space Free | Partition Type: NTFS

Computer Name: ROBERT | User Name: Robert & Lynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Robert & Lynn\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Users\Robert & Lynn\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wpdshext.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys (Your Corporation)
DRV:64bit: - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios64_100507.sys (Your Corporation)
DRV:64bit: - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys ()
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.2) -- C:\Windows\SysNative\drivers\RtTeam60.sys (Realtek Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\drivers\RtNdPt60.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (RegKill) -- C:\Windows\SysWOW64\drivers\RegKill.sys (Elaborate Bytes)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/24 13:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/24 13:29:23 | 000,000,000 | ---D | M]

[2011/01/24 13:24:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Extensions
[2010/04/23 15:02:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/29 21:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/10 18:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\u6k25k4n.default\extensions
[2011/01/29 18:12:39 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Robert & Lynn\AppData\Roaming\Mozilla\Firefox\Profiles\u6k25k4n.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/11/16 12:12:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/12/29 16:45:15 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live CA-EN Toolbar) - {437c4386-9237-441f-a940-009430030ee0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\Toolbar\WebBrowser: (Messenger Plus Live CA-EN Toolbar) - {437C4386-9237-441F-A940-009430030EE0} - C:\Program Files (x86)\Messenger_Plus_Live_CA-EN\tbMes1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMes1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /heur:100 /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\Alwil Software\Avast5") - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 13:03:18 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/02/10 13:03:18 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/02/09 08:56:33 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\Documents\My Cheat Tables
[2011/02/09 08:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.0
[2011/02/09 08:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine 6
[2011/02/06 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Softwrap
[2011/02/06 09:34:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Config
[2011/02/04 11:01:39 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\ZoomBrowser EX
[2011/02/04 10:54:06 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\Canon
[2011/02/04 10:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/02/04 10:22:20 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\CANON_INC
[2011/02/01 13:29:56 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\.minecraft
[2011/01/30 13:38:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileSubmit
[2011/01/27 15:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/01/27 15:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/01/27 15:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/01/27 15:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/01/27 10:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital Corporation
[2011/01/27 10:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2011/01/22 17:49:00 | 000,563,288 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/18 08:32:23 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\Windows Live Writer
[2011/01/18 08:32:23 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\Windows Live Writer
[2011/01/17 13:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2011/01/17 13:08:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2011/01/14 12:32:48 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/01/14 12:32:48 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\eSupport.com
[2011/01/13 22:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/13 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/13 22:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/13 18:51:03 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\antiphishing-webblog1_1dn
[2011/01/13 18:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wbtooltb
[2011/01/13 18:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2011/01/13 18:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apache
[2011/01/13 18:03:25 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Local\Apache
[2011/01/13 13:32:27 | 000,000,000 | ---D | C] -- C:\Users\Robert & Lynn\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/13 13:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/13 13:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/13 13:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/01/13 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/13 13:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/18 11:22:03 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/02/11 09:26:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/11 09:26:00 | 2146,934,783 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 08:59:14 | 000,001,374 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\OTL - Shortcut.lnk
[2011/02/10 04:08:25 | 001,366,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Robert & Lynn\Desktop\TDSSKiller.exe
[2011/02/10 03:18:58 | 003,026,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/10 03:17:45 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/10 03:17:44 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/09 08:56:30 | 000,001,073 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Cheat Engine.lnk
[2011/02/06 21:30:06 | 000,743,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/06 21:30:06 | 000,639,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/06 21:30:06 | 000,115,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/06 09:35:19 | 000,002,621 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2011/02/06 09:34:09 | 000,001,042 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Game Maker.lnk
[2011/02/04 10:50:36 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/02/04 10:47:31 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/02/04 10:37:17 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/02/04 10:24:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/01/26 09:30:27 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/01/24 15:38:03 | 000,001,267 | ---- | M] () -- C:\Users\Robert & Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/01/24 15:38:03 | 000,001,243 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Auslogics BoostSpeed.lnk
[2011/01/24 14:26:05 | 001,028,096 | ---- | M] () -- C:\Users\Robert & Lynn\Documents\Students.accdb
[2011/01/24 13:49:35 | 000,000,540 | ---- | M] () -- C:\Users\Robert & Lynn\AppData\Roaming\AutoGK.ini
[2011/01/23 19:58:43 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/23 17:05:44 | 000,024,576 | ---- | M] () -- C:\BCD_backup
[2011/01/23 16:49:34 | 000,001,137 | ---- | M] () -- C:\Users\Robert & Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/23 16:49:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/22 17:49:00 | 000,563,288 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/14 12:32:48 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2011/01/13 22:03:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/13 15:14:50 | 000,001,090 | ---- | M] () -- C:\Users\Robert & Lynn\Desktop\Your Unin-staller!.lnk

========== Files Created - No Company Name ==========

[2011/02/10 08:59:14 | 000,001,374 | ---- | C] () -- C:\Users\Robert & Lynn\Desktop\OTL - Shortcut.lnk
[2011/02/06 09:34:39 | 000,002,621 | ---- | C] () -- C:\Users\Public\Documents\Global.sw2
[2011/02/04 10:13:14 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/02/04 10:13:00 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/02/04 10:12:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/02/04 10:12:32 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/01/24 15:38:03 | 000,001,267 | ---- | C] () -- C:\Users\Robert & Lynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Auslogics BoostSpeed.lnk
[2011/01/24 15:38:03 | 000,001,243 | ---- | C] () -- C:\Users\Robert & Lynn\Desktop\Auslogics BoostSpeed.lnk
[2011/01/24 13:49:35 | 000,000,540 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\AutoGK.ini
[2011/01/23 17:05:44 | 000,024,576 | ---- | C] () -- C:\BCD_backup
[2011/01/13 22:03:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/13 13:32:23 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/02 09:00:51 | 002,440,206 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\[j0007]-[p10].bmp
[2010/11/28 15:55:00 | 000,001,023 | ---- | C] () -- C:\ProgramData\.wtav
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/22 16:41:14 | 000,000,101 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\fusioncache.dat
[2010/09/22 16:28:04 | 000,747,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/07/28 10:18:58 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010/06/24 17:11:56 | 000,003,691 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/05/28 15:58:06 | 000,007,601 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\resmon.resmoncfg
[2010/05/16 09:13:47 | 000,000,002 | -HS- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\.zreglib
[2010/05/16 09:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/05/02 12:01:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/02 12:01:02 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/02 12:01:02 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/02 12:01:01 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/04/18 11:22:31 | 000,000,034 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.log
[2010/04/18 11:22:03 | 000,099,384 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\inst.exe
[2010/04/18 11:22:03 | 000,007,859 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.cat
[2010/04/18 11:22:03 | 000,001,167 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\pcouffin.inf
[2010/04/17 18:50:49 | 000,000,167 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/04/02 13:34:55 | 000,000,216 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Roaming\default.rss
[2010/04/01 18:34:02 | 000,005,632 | ---- | C] () -- C:\Users\Robert & Lynn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/01 18:06:25 | 000,000,372 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010/03/29 15:02:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 16:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2008/02/01 07:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

========== LOP Check ==========

[2011/02/01 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\.minecraft
[2010/08/16 18:16:44 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\2K Sports
[2010/12/20 08:54:38 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Astroburn Pro
[2011/01/24 15:43:31 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Auslogics
[2011/02/04 10:54:06 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Canon
[2010/05/16 08:12:32 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/26 08:29:46 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\DAEMON Tools Lite
[2010/12/30 18:06:28 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Desktopicon
[2010/05/09 12:48:42 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\DiskAid
[2010/04/18 16:35:33 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\DVDFab
[2010/03/30 20:27:57 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Facebook
[2010/04/17 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\HandBrake
[2011/01/24 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\IMVUClient
[2010/04/08 19:48:52 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Leadertech
[2011/01/03 10:22:22 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\MSI
[2010/11/10 23:38:20 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\MusicNet
[2010/07/08 20:32:55 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\onOne Software
[2010/07/21 20:13:00 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Opera
[2010/04/11 16:00:57 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Publish Providers
[2010/12/30 17:57:22 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\QuickStoresToolbar
[2010/07/18 08:09:04 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\RipIt4Me
[2010/09/30 11:13:39 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\SecondLife
[2010/07/14 10:41:53 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Smilebox
[2010/04/11 16:29:08 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Sony
[2010/11/08 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\TuneUp Software
[2010/05/03 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Uniblue
[2010/04/16 20:14:14 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Unity
[2010/05/30 10:27:45 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\URSoft
[2011/02/11 08:53:37 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\uTorrent
[2010/04/23 15:16:46 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Vivox
[2010/11/08 14:09:42 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Vso
[2011/01/18 08:32:23 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\Windows Live Writer
[2010/05/06 16:52:12 | 000,000,000 | ---D | M] -- C:\Users\Robert & Lynn\AppData\Roaming\WindSolutions
[2011/01/02 15:29:14 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >


< MD5 for: EXPLORER.EXE >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/01/14 12:32:48 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 143 bytes -> C:\Users\Robert & Lynn\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:07BF512B

< End of report >

Edited by shilo2, 11 February 2011 - 09:27 AM.


#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:28 AM

Posted 11 February 2011 - 12:53 PM

Hi shilo2,




what is systemlook .....

Systemlook is a wrong paste and extra log seems unable to produdce at the second time unless we cleanup the logs. That's ok. Lets move on...



Step1


  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    IE - HKU\S-1-5-21-2205979682-2414799327-2866321236-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    2010/11/28 15:55:00 | 000,001,023 | ---- | C] () -- C:\ProgramData\.wtav
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:1CE11B51
    @Alternate Data Stream - 143 bytes -> C:\Users\Robert & Lynn\AppData\Roaming\default.rss:OECustomProperty
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:07BF512B
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [resethosts]
    [start explorer]
    
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.



Step2


  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: If you have Windows 7, you can skip the recovery console step... The System Recovery Options menu is on the Windows Installation disc or Pre-installed Recovery Options.
    If Windows doesn't start correctly, you can use these tools to repair startup problems.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.




In your next reply, please post back:

1.OTL delete log
2.ComboFix log

Tell me if you still have any remaining isssues on your pc.

#9 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 11 February 2011 - 02:47 PM

i cant run combofix it says real time scanners to be active
antivirus:avast!Antivirus
antispyware:avast!Antispyware

i dont have either of these installed,what now
i clicked the x and it says it will start then i get Windows Command Processor has stopped working
a problem has caused the program to stop workingcorrectly....

Edited by shilo2, 11 February 2011 - 02:52 PM.


#10 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 11 February 2011 - 03:13 PM

heres otl log still cant get combofix to work

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2205979682-2414799327-2866321236-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Starting removal of ActiveX control {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11d1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
ADS C:\ProgramData\Temp:1CE11B51 deleted successfully.
ADS C:\Users\Robert & Lynn\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\Temp:07BF512B deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Robert & Lynn
->Temp folder emptied: 18149 bytes
->Temporary Internet Files folder emptied: 1376816 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42654341 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5428 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 425090 bytes
RecycleBin emptied: 801824411 bytes

Total Files Cleaned = 807.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Robert & Lynn
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.6 log created on 02112011_144922

Files\Folders moved on Reboot...
C:\Users\Robert & Lynn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:28 AM

Posted 11 February 2011 - 03:18 PM

Hi shilo2,



i dont have either of these installed,...

You may proceed it even the combofix alerts you that the real time protection is on. If problems still persist, please try run it in safe mode.

Edited by sundavis, 11 February 2011 - 03:22 PM.


#12 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 11 February 2011 - 04:07 PM

the other error i get is windows command processor has stopped woring,it also just stopped in safe mode also.i dont get the avast error any more.

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:28 AM

Posted 11 February 2011 - 04:52 PM

Hi shilo2,



Ok. Lets take a close look what is acting up. BTW, did you have your Windows Install disc handy? Advise me in your next reply. Thanks


Step1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    cmd.exe
    :regfind
    cmd.exe 
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#14 shilo2

shilo2
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 11 February 2011 - 05:04 PM

heres log and yes i have windows install disc handy

SystemLook 04.09.10 by jpshortstuff
Log created at 18:00 on 11/02/2011 by Robert & Lynn
Administrator - Elevation successful

========== filefind ==========

Searching for "cmd.exe"
C:\Windows\System32\cmd.exe --a---- 344576 bytes [23:34 13/07/2009] [01:39 14/07/2009] 6960D29ABE74341FAB8300DB3E6F883D
C:\Windows\SysWOW64\cmd.exe --a---- 301568 bytes [23:22 13/07/2009] [01:14 14/07/2009] 8AE6DD9A6D246004DA047F704F0CC487
C:\Windows\winsxs\amd64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7600.16385_none_e701b864340d9016\cmd.exe --a---- 344576 bytes [23:34 13/07/2009] [01:39 14/07/2009] 6960D29ABE74341FAB8300DB3E6F883D
C:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7600.16385_none_f15662b6686e5211\cmd.exe --a---- 301568 bytes [23:22 13/07/2009] [01:14 14/07/2009] 8AE6DD9A6D246004DA047F704F0CC487

========== regfind ==========

Searching for "cmd.exe "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\batfile\shell\runas\command]
@="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cmdfile\shell\runas\command]
@="%SystemRoot%\System32\cmd.exe /C "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\Background\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce_Hidden]
"removeBearSharetoolbar"="cmd.exe /c RD /S /Q "C:\Program Files (x86)\BearShare Applications\MediaBar\ToolBar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce_Hidden]
"removeBearSharedatamngr"="cmd.exe /c RD /S /Q """
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}\shell\cmd\command]
@="cmd.exe /s /k pushd "%V""

-= EOF =-

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:28 AM

Posted 11 February 2011 - 06:06 PM

Hi shilo2,



Due to the restrictions on Windows 7, all tools should be started by right-click > Run as Administrator. Please go to this thread to run Avast uninstaller. After that, reboot your pc normally.

Please download this file from Here on your desktop. Extract it and right click on it to select Run as Administrator to merge the reg file into registry. Restart your pc.

After that, please delete the current copy of Combofix and get a new one. Rename it to shilo2.exe before saving it on your desktop. Please go to this thread to download and run RKill first before proceeding to run Combofix.

If still not working, please run it in safe mode. Let me know if you have any remaining concerns on your pc.

Edited by sundavis, 11 February 2011 - 06:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users