1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved BrowserS hijacked I think babylon

Discussion in 'Malware and Virus Removal Archive' started by ck309, 2012/09/10.

  1. 2012/09/10
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    [Resolved] BrowserS hijacked I think babylon

    Hey guys I'm pulling my hair out here. I'm getting the planet icon with about:home in the URL of firefox at home page. if I try to go to my hotmail, as soon as I sign in I get http://by171w.bay171.mail.live.com as A URL. changed settings in hotmail to https and got
    https://bay171.mail.live.com as a URL. ..and initially I thought this was just a firefox issue.. I'm seeing this attempt to take over chrome,opera without a lot of luck and I tried Ice Dragon and just uninstalled it along with firefox. Comodo Dragon is still hanging in there.
    I may be wrong but I'm thinking this has a lot to do with extentions in firefox/opera/chrome/Ice Dragon... possibly a flash downloader.
    Reason being I'm also seeing these issues across multiple PCs...my firefox was synced for everything...extensions as well.
    At any rate I have some program according to live.com trying to download my email and delete it from hotmail...and I'm in the middle of a job search!
    So if you could please have a look see.
    When this happened I was running avast w malwarebytes on the side, neither could get it.. After it happened I went to microsoft sec essentials with spybot. Ran all in safe mode and thought spybot had it. no luck I've tried eset online scan yesteday without luck. Comodo today and then HIjackthis. All of it seemed real interesting but I think I should leave this one to you guys. I can post logs from spybot if needed. Requested logs are next.

    Thanks in advance

    chuck
     
  2. 2012/09/10
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.10.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    chuck :: CHUCK-PC [administrator]

    9/10/2012 5:50:06 PM
    mbam-log-2012-09-10 (17-50-06).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 221360
    Time elapsed: 4 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-10 19:38:15
    Windows 6.1.7601 Service Pack 1
    Running: pze2cu13.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\AVID\xae Studio 1.0.0.2804 Retail + Contents + Training - MULTi\AvidStudio\Welcome.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\AVID\xae Studio 1.0.0.2804 Retail + Contents + Training - MULTi\CreativePackV1_Full20_Studio_70895\CreativePack_Full20_Studio_70895.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\AVID\xae Studio 1.0.0.2804 Retail + Contents + Training - MULTi\CreativePackV2_Full\CreativePackV2Full.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\AVID\xae Studio 1.0.0.2804 Retail + Contents + Training - MULTi\Scorefitter_Vol1_67405\Scorefitter_Vol1.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\AVID\xae Studio 1.0.0.2804 Retail + Contents + Training - MULTi\Scorefitter_Vol2_67406\Scorefitter_Vol2.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@G:\AVID\xae Studio 1.0.0.2804 Retail + Contents + Training - MULTi\AdorageVol11_AvidStudioFree.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\chuck\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1

    ---- EOF - GMER 1.0.15 ----


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-09 19:31:46
    -----------------------------
    19:31:46.368 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:31:46.368 Number of processors: 4 586 0x100
    19:31:46.368 ComputerName: CHUCK-PC UserName: chuck
    19:31:47.475 Initialize success
    19:32:42.342 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
    19:32:42.342 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 11
    19:32:42.436 Disk 0 MBR read successfully
    19:32:42.451 Disk 0 MBR scan
    19:32:42.451 Disk 0 Windows VISTA default MBR code
    19:32:42.467 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:32:42.483 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595322 MB offset 3074048
    19:32:42.514 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13657 MB offset 1222293504
    19:32:42.545 Disk 0 scanning C:\windows\system32\drivers
    19:32:49.113 Service scanning
    19:33:22.216 Modules scanning
    19:33:22.231 Disk 0 trace - called modules:
    19:33:22.278 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    19:33:22.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b9060]
    19:33:22.294 3 CLASSPNP.SYS[fffff88001ba643f] -> nt!IofCallDriver -> [0xfffffa800633d040]
    19:33:22.309 5 amd_xata.sys[fffff88001116d00] -> nt!IofCallDriver -> \Device\00000070[0xfffffa80063291a0]
    19:33:22.309 Scan finished successfully
    19:33:39.875 Disk 0 MBR has been saved successfully to "C:\Users\chuck\Desktop\MBR.dat "
    19:33:39.875 The log file has been saved successfully to "C:\Users\chuck\Desktop\aswMBR.txt "


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-10 19:39:00
    -----------------------------
    19:39:00.457 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:39:00.457 Number of processors: 4 586 0x100
    19:39:00.457 ComputerName: CHUCK-PC UserName: chuck
    19:39:01.658 Initialize success
    19:39:13.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
    19:39:13.099 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 11
    19:39:13.192 Disk 0 MBR read successfully
    19:39:13.208 Disk 0 MBR scan
    19:39:13.208 Disk 0 Windows VISTA default MBR code
    19:39:13.224 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:39:13.239 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595322 MB offset 3074048
    19:39:13.270 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13657 MB offset 1222293504
    19:39:13.317 Disk 0 scanning C:\windows\system32\drivers
    19:39:20.181 Service scanning
    19:39:54.033 Modules scanning
    19:39:54.049 Disk 0 trace - called modules:
    19:39:54.080 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    19:39:54.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061f6060]
    19:39:54.096 3 CLASSPNP.SYS[fffff8800196543f] -> nt!IofCallDriver -> [0xfffffa8005f54040]
    19:39:54.111 5 amd_xata.sys[fffff880010dad00] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8005f618f0]
    19:39:54.111 Scan finished successfully
    19:40:19.196 Disk 0 MBR has been saved successfully to "C:\Users\chuck\Desktop\MBR.dat "
    19:40:19.196 The log file has been saved successfully to "C:\Users\chuck\Desktop\aswMBR.txt "


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/15/2011 2:44:45 PM
    System Uptime: 9/10/2012 5:04:50 PM (2 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | TKBSS
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | CPU 1 | 1400/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 154.896 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP265: 9/7/2012 8:08:29 AM - Windows Update
    RP266: 9/8/2012 10:50:56 AM - Revo Uninstaller's restore point - Mozilla Firefox 15.0 (x86 en-US)
    RP267: 9/8/2012 11:06:09 AM - avast! Internet Security Setup
    RP268: 9/8/2012 11:51:28 AM - Revo Uninstaller's restore point - Alarm Clock v1.0
    RP269: 9/8/2012 6:56:30 PM - Revo Uninstaller's restore point - Mozilla Firefox 15.0.1 (x86 en-US)
    RP270: 9/9/2012 4:28:53 PM - Installed HiJackThis
    RP271: 9/10/2012 10:23:38 AM - Installed Microsoft Office Outlook Connector
    RP272: 9/10/2012 11:31:08 AM - COMODO System Utilities Installaton
    RP273: 9/10/2012 11:35:42 AM - Device Driver Package Install: COMODO Network Service
    RP274: 9/10/2012 1:21:40 PM - Revo Uninstaller's restore point - Comodo IceDragon
    RP275: 9/10/2012 5:01:22 PM - Removed GeekBuddy.
    RP276: 9/10/2012 5:02:24 PM - Removed COMODO Internet Security
    .
    ==== Installed Programs ======================
    .
    µTorrent
    7-Zip 9.20
    Active@ Boot Disk
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4) MUI
    AMD VISION Engine Control Center
    Applied Accoustics String Studio VS 1 VST DX v1.0
    ASIO4ALL
    AVCWare Video Converter Ultimate
    Avid Studio
    Avid Studio Bonus Content
    Avid Studio Plugins
    Avid Studio Registration Freebie - Adorage Vol. 11 Selection
    Camel Audio Alchemy64
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Click to Call with Skype
    Comodo Dragon
    ConvertXtoDVD 4.1.19.365
    Corel WinDVD
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Digital Video Repair 2.2.3.0
    Driver Genius Professional Edition
    DVD Shrink 3.2
    East West HardcoreBass
    EPSON Scan
    erLT
    FL Studio 10
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    High-Definition Video Playback 10
    HiJackThis
    IL Download Manager
    ImgBurn
    Internet TV for Windows Media Center
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 30
    JavaFX 2.1.1
    Junk Mail filter update
    K-Lite Codec Pack 8.1.0 (Full)
    Knoll Light Factory EZ Studio
    KORG Legacy Collection - LegacyCell
    KORG Legacy Collection - M1
    KORG Legacy Collection - MDE-X
    KORG Legacy Collection - MonoPoly
    KORG Legacy Collection - MS-20
    KORG Legacy Collection - Polysix
    KORG Legacy Collection - WAVESTATION
    Label@Once 1.0
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Magic Bullet Looks Studio
    Magic ISO Maker v5.4 (build 0239)
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    MAGIX Speed burnR (MSI)
    Malwarebytes Anti-Malware version 1.65.0.1400
    Mesh Runtime
    Microsoft Corporation
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Morphyre
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MusicLab RealGuitar
    Native Instruments B4 II
    Native Instruments Battery 3
    Native Instruments Controller Editor
    Native Instruments FM8 Transient Attacks
    Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
    Native Instruments Guitar Rig 5
    Native Instruments Guitar Rig Mobile I/O
    Native Instruments Guitar Rig Session I/O
    Native Instruments Kontakt 5
    Native Instruments Massive
    Native Instruments Reaktor 5
    Native Instruments Rig Kontrol 3
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    Opera 12.02
    PE Explorer 1.99
    Pinnacle Creative Pack Volume 1
    Pinnacle Creative Pack Volume 2
    PlayReady PC Runtime x86
    Prophet-V2 2.5.1
    Realtek Ethernet Controller Driver
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    REALTEK Wireless LAN Driver
    Realtek WLAN Driver
    Red Giant ToonIt Studio
    RegAlyzer
    Revo Uninstaller 1.94
    RunAlyzer
    Samplitude Pro X Suite Download Version
    ScoreFitter Volume 1
    ScoreFitter Volume 2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype™ 5.10
    Spybot - Search & Destroy
    Sugar Bytes Guitarist Library 1.0
    SureThing Express Labeler
    Switch Sound File Converter
    The Holy Bible KJV Ver.8
    Tom Clancy's Splinter Cell
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Sleep Utility
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBA Wireless LAN Indicator
    ToshibaRegistration
    Trapcode 3DStroke Studio
    Trapcode Particular Studio
    Trapcode Shine Studio
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    VLC media player 2.0.2
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFF 1.3.2
    WinRAR archiver
    WModem Driver Installer
    Yawcam 0.3.7
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2012 5:29:33 PM, Error: Service Control Manager [7000] - The Common Client Job Manager Service service failed to start due to the following error: The system cannot find the path specified.
    9/9/2012 5:27:33 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    9/9/2012 5:27:33 PM, Error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/7/2012 8:10:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/7/2012 8:10:47 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 21
    9/7/2012 8:10:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/7/2012 8:10:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache MpFilter spldr Wanarpv6
    9/7/2012 8:09:07 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
    9/7/2012 8:07:31 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    9/7/2012 8:07:31 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    9/7/2012 6:20:12 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    9/7/2012 11:03:54 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/6/2012 4:14:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/6/2012 2:46:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.530.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    9/5/2012 9:06:02 AM, Error: NetBT [4321] - The name "CHUCK-PC :0" could not be registered on the interface with IP address 192.168.0.6. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
    9/5/2012 11:55:04 AM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    9/5/2012 10:01:05 PM, Error: NetBT [4321] - The name "CHUCK-PC :20" could not be registered on the interface with IP address 192.168.0.6. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
    9/4/2012 9:46:12 PM, Error: Service Control Manager [7034] - The Computer Backup (JustCloud) service terminated unexpectedly. It has done this 1 time(s).
    9/10/2012 6:39:20 PM, Error: NetBT [4321] - The name "CHUCK-PC :0" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
    9/10/2012 5:05:23 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{FD9DE5E4-ABA6-4D2A-B648-321FA97B70CA} because another computer on the network has the same name. The server could not start.
    9/10/2012 5:05:23 PM, Error: NetBT [4321] - The name "CHUCK-PC :20" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
    9/10/2012 5:05:15 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126
    9/10/2012 5:04:26 PM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
    9/10/2012 2:00:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD
    9/10/2012 2:00:03 PM, Error: Application Popup [1060] - \SystemRoot\system32\DRIVERS\CFRMD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    9/10/2012 11:35:37 AM, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/10/2012 1:35:47 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
    .
    ==== End Of File ===========================

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-09 19:31:46
    -----------------------------
    19:31:46.368 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:31:46.368 Number of processors: 4 586 0x100
    19:31:46.368 ComputerName: CHUCK-PC UserName: chuck
    19:31:47.475 Initialize success
    19:32:42.342 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
    19:32:42.342 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 11
    19:32:42.436 Disk 0 MBR read successfully
    19:32:42.451 Disk 0 MBR scan
    19:32:42.451 Disk 0 Windows VISTA default MBR code
    19:32:42.467 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:32:42.483 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595322 MB offset 3074048
    19:32:42.514 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13657 MB offset 1222293504
    19:32:42.545 Disk 0 scanning C:\windows\system32\drivers
    19:32:49.113 Service scanning
    19:33:22.216 Modules scanning
    19:33:22.231 Disk 0 trace - called modules:
    19:33:22.278 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    19:33:22.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065b9060]
    19:33:22.294 3 CLASSPNP.SYS[fffff88001ba643f] -> nt!IofCallDriver -> [0xfffffa800633d040]
    19:33:22.309 5 amd_xata.sys[fffff88001116d00] -> nt!IofCallDriver -> \Device\00000070[0xfffffa80063291a0]
    19:33:22.309 Scan finished successfully
    19:33:39.875 Disk 0 MBR has been saved successfully to "C:\Users\chuck\Desktop\MBR.dat "
    19:33:39.875 The log file has been saved successfully to "C:\Users\chuck\Desktop\aswMBR.txt "


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-10 19:39:00
    -----------------------------
    19:39:00.457 OS Version: Windows x64 6.1.7601 Service Pack 1
    19:39:00.457 Number of processors: 4 586 0x100
    19:39:00.457 ComputerName: CHUCK-PC UserName: chuck
    19:39:01.658 Initialize success
    19:39:13.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
    19:39:13.099 Disk 0 Vendor: TOSHIBA_ GB00 Size: 610480MB BusType: 11
    19:39:13.192 Disk 0 MBR read successfully
    19:39:13.208 Disk 0 MBR scan
    19:39:13.208 Disk 0 Windows VISTA default MBR code
    19:39:13.224 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
    19:39:13.239 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595322 MB offset 3074048
    19:39:13.270 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13657 MB offset 1222293504
    19:39:13.317 Disk 0 scanning C:\windows\system32\drivers
    19:39:20.181 Service scanning
    19:39:54.033 Modules scanning
    19:39:54.049 Disk 0 trace - called modules:
    19:39:54.080 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    19:39:54.080 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061f6060]
    19:39:54.096 3 CLASSPNP.SYS[fffff8800196543f] -> nt!IofCallDriver -> [0xfffffa8005f54040]
    19:39:54.111 5 amd_xata.sys[fffff880010dad00] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8005f618f0]
    19:39:54.111 Scan finished successfully
    19:40:19.196 Disk 0 MBR has been saved successfully to "C:\Users\chuck\Desktop\MBR.dat "
    19:40:19.196 The log file has been saved successfully to "C:\Users\chuck\Desktop\aswMBR.txt "
     

  3. to hide this advert.

  4. 2012/09/10
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    dupe...
     
    Last edited by a moderator: 2012/09/11
  5. 2012/09/11
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    I see you have P2P software ( Limewire, BitTorrent, uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     
  6. 2012/09/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    I still need DDS.txt log.

    Are you saying that all browsers are affected by some redirections?
    IE included?
     
  7. 2012/09/11
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    well I dont use IE but opera, firefox, and comodo dragon now are affected..I'll check IE and get you that log
     
  8. 2012/09/11
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by chuck at 19:43:47 on 2012-09-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3902 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\GFNEXSrv.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskhost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page =
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google Update] "C:\Users\chuck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    uRun: [HijackThis startup scan] C:\Program Files (x86)\Trend Micro\HiJackThis\HijackThis.exe /startupscan
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    TCP: Interfaces\{FD9DE5E4-ABA6-4D2A-B648-321FA97B70CA} : DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    TCP: Interfaces\{FD9DE5E4-ABA6-4D2A-B648-321FA97B70CA}\5453D20303E223F5A4F696B6573507F647F5438344346424837313032313 : DhcpNameServer = 172.18.145.103 172.18.145.103
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe "
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\windows\system32\DRIVERS\amd_sata.sys --> C:\windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\windows\system32\DRIVERS\amd_xata.sys --> C:\windows\system32\DRIVERS\amd_xata.sys [?]
    R0 cumon;cumon;C:\windows\system32\drivers\cumon.sys --> C:\windows\system32\drivers\cumon.sys [?]
    R0 Evdd;Evdd;C:\windows\system32\drivers\evdd.sys --> C:\windows\system32\drivers\evdd.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-9-7 1852048]
    R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
    R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-5 5739008]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-5 126392]
    R2 regi;regi;\??\C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-9-8 1074720]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-9-8 1358360]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-9-8 166528]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    R3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys --> C:\windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 pneteth;PdaNet Broadband;C:\windows\system32\DRIVERS\pneteth.sys --> C:\windows\system32\DRIVERS\pneteth.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\windows\system32\DRIVERS\usbfilter.sys --> C:\windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 CSUService;COMODO System Utilities Service;C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe [2012-2-24 347968]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-5 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 250568]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-5 136176]
    S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
    S3 HtcVCom32;HTC Diagnostic Port;C:\windows\system32\DRIVERS\HtcVComV64.sys --> C:\windows\system32\DRIVERS\HtcVComV64.sys [?]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\system32\Drivers\nx6000.sys --> C:\windows\system32\Drivers\nx6000.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-23 24176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP5a\RpcAgentSrv.exe [2012-1-13 93848]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
    S3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-09-10 22:45:41 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F40E8F97-C567-4DF9-9B11-0B82CA7BBB94}\mpengine.dll
    2012-09-10 21:52:35 27968 ----a-w- C:\windows\System32\cpmnat.exe
    2012-09-10 18:42:55 -------- d-----w- C:\ProgramData\CPA_VA
    2012-09-10 16:34:06 -------- d-----w- C:\ProgramData\Comodo
    2012-09-10 16:22:55 205512 ----a-w- C:\windows\System32\drivers\cumon.sys
    2012-09-10 16:22:45 19568 ----a-w- C:\windows\System32\drivers\evdd.sys
    2012-09-10 16:20:48 -------- d-----w- C:\Program Files\COMODO
    2012-09-10 16:17:57 -------- d-----w- C:\Users\chuck\AppData\Local\Comodo
    2012-09-10 16:17:52 54024 ----a-w- C:\windows\System32\certsentry.dll
    2012-09-10 16:17:52 45320 ----a-w- C:\windows\SysWow64\certsentry.dll
    2012-09-10 16:17:43 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-09-10 15:23:13 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-09-09 21:29:32 388096 ----a-r- C:\Users\chuck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-09-09 21:29:31 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-09-08 23:37:24 -------- d-----w- C:\Users\chuck\AppData\Local\Opera
    2012-09-08 22:44:23 -------- d-----w- C:\Users\chuck\AppData\Roaming\Safer Networking
    2012-09-08 18:44:36 -------- d-----w- C:\Program Files (x86)\Safer Networking
    2012-09-08 17:22:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-09-08 17:22:49 17272 ----a-w- C:\windows\System32\sdnclean64.exe
    2012-09-08 17:22:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2012-09-08 14:28:30 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-05 02:54:35 -------- d-----w- C:\Program Files (x86)\Rising Research
    2012-09-04 11:38:51 -------- d-----w- C:\Users\chuck\SyncFolder
    2012-09-02 20:28:13 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-02 20:25:00 916456 ----a-w- C:\windows\System32\deployJava1.dll
    2012-09-02 20:25:00 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll
    2012-09-02 20:24:48 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
    2012-08-29 09:00:14 56448 ----a-w- C:\windows\System32\drivers\usbfilter.sys
    2012-08-29 08:55:06 -------- d-----w- C:\Program Files\AMD
    2012-08-29 08:55:06 -------- d-----w- C:\Program Files (x86)\AMD
    2012-08-29 08:55:03 -------- d-----w- C:\Program Files (x86)\AMD APP
    2012-08-29 08:47:38 -------- d-----w- C:\AMD
    2012-08-29 04:09:29 -------- d-----w- C:\windows\SysWow64\RTCOM
    2012-08-29 04:07:40 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-08-29 03:19:25 -------- d-----w- C:\Program Files (x86)\Driver-Soft
    2012-08-19 07:13:09 -------- d-----w- C:\ProgramData\AVAST Software
    2012-08-19 07:13:09 -------- d-----w- C:\Program Files\AVAST Software
    2012-08-12 03:27:15 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-08-12 03:26:57 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2012-09-07 22:04:46 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-09-02 20:28:04 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-08-28 22:01:24 73416 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-28 22:01:24 696520 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-08 05:51:00 4102928 ----a-w- C:\windows\System32\drivers\RTKVHD64.sys
    2012-08-07 02:44:00 1561744 ----a-w- C:\windows\System32\RTSnMg64.cpl
    2012-08-06 22:49:00 2743440 ----a-w- C:\windows\System32\RtPgEx64.dll
    2012-08-04 05:18:00 1706640 ----a-w- C:\windows\RtlExUpd.dll
    2012-08-03 23:13:00 5911552 ----a-w- C:\windows\System32\RCoRes64.dat
    2012-08-02 05:29:00 109200 ----a-w- C:\windows\System32\RCoInstII64.dll
    2012-07-28 04:09:20 5538984 ----a-w- C:\windows\SysWow64\atiumdag.dll
    2012-07-28 04:07:44 10278912 ----a-w- C:\windows\System32\drivers\atikmdag.sys
    2012-07-28 03:47:40 187392 ----a-w- C:\windows\System32\clinfo.exe
    2012-07-28 03:47:24 75776 ----a-w- C:\windows\System32\OpenVideo64.dll
    2012-07-28 03:47:16 65024 ----a-w- C:\windows\SysWow64\OpenVideo.dll
    2012-07-28 03:47:10 63488 ----a-w- C:\windows\System32\OVDecode64.dll
    2012-07-28 03:47:06 56320 ----a-w- C:\windows\SysWow64\OVDecode.dll
    2012-07-28 03:46:56 16464896 ----a-w- C:\windows\System32\amdocl64.dll
    2012-07-28 03:46:06 13013504 ----a-w- C:\windows\SysWow64\amdocl.dll
    2012-07-28 03:44:56 54784 ----a-w- C:\windows\System32\OpenCL.dll
    2012-07-28 03:44:42 50176 ----a-w- C:\windows\SysWow64\OpenCL.dll
    2012-07-28 03:43:12 70144 ----a-w- C:\windows\System32\coinst_8.982.dll
    2012-07-28 03:19:34 24935424 ----a-w- C:\windows\System32\atio6axx.dll
    2012-07-28 02:50:10 20546560 ----a-w- C:\windows\SysWow64\atioglxx.dll
    2012-07-28 02:15:50 163840 ----a-w- C:\windows\System32\atiapfxx.exe
    2012-07-28 02:15:42 931328 ----a-w- C:\windows\SysWow64\aticfx32.dll
    2012-07-28 02:13:56 1100288 ----a-w- C:\windows\System32\aticfx64.dll
    2012-07-28 02:10:40 442368 ----a-w- C:\windows\System32\ATIDEMGX.dll
    2012-07-28 02:10:34 534528 ----a-w- C:\windows\System32\atieclxx.exe
    2012-07-28 02:09:44 239616 ----a-w- C:\windows\System32\atiesrxx.exe
    2012-07-28 02:08:20 120320 ----a-w- C:\windows\System32\atitmm64.dll
    2012-07-28 02:08:04 21504 ----a-w- C:\windows\System32\atimuixx.dll
    2012-07-28 02:07:58 59392 ----a-w- C:\windows\System32\atiedu64.dll
    2012-07-28 02:07:52 43520 ----a-w- C:\windows\SysWow64\ati2edxx.dll
    2012-07-28 02:07:10 6430208 ----a-w- C:\windows\SysWow64\atidxx32.dll
    2012-07-28 01:51:12 7052288 ----a-w- C:\windows\System32\atidxx64.dll
    2012-07-28 01:41:32 4266496 ----a-w- C:\windows\System32\atiumd6a.dll
    2012-07-28 01:35:10 51200 ----a-w- C:\windows\System32\aticalrt64.dll
    2012-07-28 01:35:08 46080 ----a-w- C:\windows\SysWow64\aticalrt.dll
    2012-07-28 01:35:02 44544 ----a-w- C:\windows\System32\aticalcl64.dll
    2012-07-28 01:35:00 44032 ----a-w- C:\windows\SysWow64\aticalcl.dll
    2012-07-28 01:34:48 16034304 ----a-w- C:\windows\System32\aticaldd64.dll
    2012-07-28 01:32:32 4751872 ----a-w- C:\windows\SysWow64\atiumdva.dll
    2012-07-28 01:30:10 13605888 ----a-w- C:\windows\SysWow64\aticaldd.dll
    2012-07-28 01:25:52 6676480 ----a-w- C:\windows\System32\atiumd64.dll
    2012-07-28 01:15:32 540160 ----a-w- C:\windows\System32\atiadlxx.dll
    2012-07-28 01:15:22 368640 ----a-w- C:\windows\SysWow64\atiadlxy.dll
    2012-07-28 01:15:12 17920 ----a-w- C:\windows\System32\atig6pxx.dll
    2012-07-28 01:15:08 14848 ----a-w- C:\windows\SysWow64\atiglpxx.dll
    2012-07-28 01:15:08 14848 ----a-w- C:\windows\System32\atiglpxx.dll
    2012-07-28 01:15:04 41984 ----a-w- C:\windows\System32\atig6txx.dll
    2012-07-28 01:14:56 33280 ----a-w- C:\windows\SysWow64\atigktxx.dll
    2012-07-28 01:14:46 368640 ----a-w- C:\windows\System32\drivers\atikmpag.sys
    2012-07-28 01:13:54 129536 ----a-w- C:\windows\System32\atiuxp64.dll
    2012-07-28 01:13:48 109568 ----a-w- C:\windows\SysWow64\atiuxpag.dll
    2012-07-28 01:13:40 103936 ----a-w- C:\windows\System32\atiu9p64.dll
    2012-07-28 01:13:32 83456 ----a-w- C:\windows\SysWow64\atiu9pag.dll
    2012-07-28 01:12:54 53248 ----a-w- C:\windows\System32\drivers\ati2erec.dll
    2012-07-28 01:08:42 56320 ----a-w- C:\windows\System32\atimpc64.dll
    2012-07-28 01:08:42 56320 ----a-w- C:\windows\System32\amdpcom64.dll
    2012-07-28 01:08:36 56832 ----a-w- C:\windows\SysWow64\atimpc32.dll
    2012-07-28 01:08:36 56832 ----a-w- C:\windows\SysWow64\amdpcom32.dll
    2012-07-25 04:30:00 606336 ----a-w- C:\windows\System32\SFSS_APO.dll
    2012-07-21 01:41:00 880784 ----a-w- C:\windows\System32\RtkApi64.dll
    2012-07-20 03:52:00 7598456 ----a-w- C:\windows\System32\MaxxAudioRealtek64.dll
    2012-07-20 03:52:00 2028920 ----a-w- C:\windows\System32\MaxxAudioEQ64.dll
    2012-07-20 03:51:00 834936 ----a-w- C:\windows\System32\MaxxAudioAPOShell64.dll
    2012-07-20 03:51:00 2080120 ----a-w- C:\windows\System32\WavesGUILib64.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-07-17 01:16:00 3643024 ----a-w- C:\windows\System32\RtkAPO64.dll
    2012-07-16 08:13:00 394616 ----a-w- C:\windows\System32\MaxxVolumeSDAPO.dll
    2012-07-16 08:13:00 394616 ----a-w- C:\windows\System32\MaxxAudioAPO30.dll
    2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll
    2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll
    2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll
    2012-07-03 02:39:00 1264272 ----a-w- C:\windows\System32\RTCOM64.dll
    2012-06-29 03:56:34 2312704 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-25 21:04:24 1394248 ----a-w- C:\windows\SysWow64\msxml4.dll
    2012-06-25 08:58:34 421888 ----a-w- C:\windows\SysWow64\RealMediaSplitter.ax
    2012-06-25 08:58:26 2174976 ----a-w- C:\Program Files (x86)\Common Files\atimpenc.dll
    2012-06-21 04:26:00 110592 ----a-w- C:\windows\System32\CONEQMSAPOGUILibrary.dll
    2012-06-19 19:21:00 2892 ----a-w- C:\windows\SysWow64\audcon.sys
    .
    ============= FINISH: 19:44:12.44 ===============


    OK here is DDS..sorry thought I had them all in..but looks like IE is doing much better than the rest of the browsers. Firefox is the worst, which leaves me heartbroken..im a loyal fan.
     
  9. 2012/09/11
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    I seem to be totally losing the ability to use HTTP or HTTPS.
     
  10. 2012/09/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
     
  11. 2012/09/12
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    RogueKiller V8.0.2 [08/31/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : chuck [Admin rights]
    Mode : Scan -- Date : 09/11/2012 23:56:52

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK6476GSXN SATA Disk Device +++++
    --- User ---
    [MBR] 97607507dac5f6b469aa6ceea488031b
    [BSP] 88f5a5b9304cd2b048dcf1c2103c0293 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 595322 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1222293504 | Size: 13657 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    here you go.
     
  12. 2012/09/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. 2012/09/12
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    ComboFix 12-09-12.03 - chuck 09/12/2012 19:58:12.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.4387 [GMT -5:00]
    Running from: c:\users\chuck\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-12 19:37 . 2012-09-13 01:07 -------- d-----w- C:\Temporary Internet Files
    2012-09-12 05:21 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64A523C4-34FC-43E9-811E-61A8553E5C3F}\mpengine.dll
    2012-09-12 04:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-09-12 04:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-09-12 04:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-12 04:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-12 04:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-12 04:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-09-12 04:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-11 16:27 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-10 21:52 . 2011-09-05 15:12 27968 ----a-w- c:\windows\system32\cpmnat.exe
    2012-09-10 16:22 . 2011-09-05 15:14 205512 ----a-w- c:\windows\system32\drivers\cumon.sys
    2012-09-10 16:22 . 2011-09-05 15:14 19568 ----a-w- c:\windows\system32\drivers\evdd.sys
    2012-09-10 16:20 . 2012-09-10 22:03 -------- d-----w- c:\program files\COMODO
    2012-09-10 16:17 . 2012-09-10 22:05 -------- d-----w- c:\users\chuck\AppData\Local\Comodo
    2012-09-10 16:17 . 2012-09-10 16:24 54024 ----a-w- c:\windows\system32\certsentry.dll
    2012-09-10 16:17 . 2012-09-10 16:24 45320 ----a-w- c:\windows\SysWow64\certsentry.dll
    2012-09-10 16:17 . 2012-09-10 22:01 -------- d-----w- c:\program files (x86)\Comodo
    2012-09-10 15:23 . 2012-09-10 15:23 -------- d-----w- c:\program files (x86)\MSECache
    2012-09-09 21:29 . 2012-09-09 21:29 388096 ----a-r- c:\users\chuck\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-09-09 21:29 . 2012-09-09 21:29 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-09-08 23:37 . 2012-09-08 23:37 -------- d-----w- c:\users\chuck\AppData\Local\Opera
    2012-09-08 23:37 . 2012-09-08 23:37 -------- d-----w- c:\program files (x86)\Opera
    2012-09-08 22:44 . 2012-09-08 22:44 -------- d-----w- c:\users\chuck\AppData\Roaming\Safer Networking
    2012-09-08 18:44 . 2012-09-08 18:45 -------- d-----w- c:\program files (x86)\Safer Networking
    2012-09-08 17:22 . 2012-09-10 18:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-09-08 17:22 . 2009-01-25 18:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
    2012-09-08 17:22 . 2012-09-08 17:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
    2012-09-04 11:38 . 2012-09-04 11:38 -------- d-----w- c:\users\chuck\SyncFolder
    2012-09-02 20:28 . 2012-09-02 20:28 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-02 20:28 . 2012-09-02 20:28 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-02 20:25 . 2012-09-02 20:24 289768 ----a-w- c:\windows\system32\javaws.exe
    2012-09-02 20:25 . 2012-09-02 20:24 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-02 20:25 . 2012-09-02 20:24 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-02 20:24 . 2012-09-02 20:24 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-02 20:24 . 2012-09-02 20:24 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-09-02 20:24 . 2012-09-02 20:24 188904 ----a-w- c:\windows\system32\java.exe
    2012-09-02 20:24 . 2012-09-02 20:24 -------- d-----w- c:\program files\Java
    2012-08-29 09:00 . 2012-08-29 09:00 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-08-29 09:00 . 2012-03-30 14:49 56448 ----a-w- c:\windows\system32\drivers\usbfilter.sys
    2012-08-29 08:55 . 2012-08-29 08:55 -------- d-----w- c:\programdata\ATI
    2012-08-29 08:55 . 2012-08-29 08:55 -------- d-----w- c:\program files\AMD
    2012-08-29 08:55 . 2012-08-29 08:55 -------- d-----w- c:\program files (x86)\AMD
    2012-08-29 08:55 . 2012-08-29 08:55 -------- d-----w- c:\program files (x86)\AMD APP
    2012-08-29 08:47 . 2012-08-29 08:47 -------- d-----w- C:\AMD
    2012-08-29 04:09 . 2012-08-29 04:09 -------- d-----w- c:\windows\SysWow64\RTCOM
    2012-08-29 04:07 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
    2012-08-29 04:02 . 2012-06-05 18:45 237968 ----a-w- c:\windows\system32\drivers\RtHDMIVX.sys
    2012-08-29 03:19 . 2012-08-29 03:19 -------- d-----w- c:\program files (x86)\Driver-Soft
    2012-08-26 22:55 . 2012-08-26 22:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-08-19 07:14 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-08-19 07:13 . 2012-09-08 16:09 -------- d-----w- c:\programdata\AVAST Software
    2012-08-19 07:13 . 2012-08-19 07:13 -------- d-----w- c:\program files\AVAST Software
    2012-08-15 08:03 . 2012-06-29 04:09 10925568 ----a-w- c:\windows\system32\ieframe.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-11 20:05 . 2011-07-15 20:59 64462936 ----a-w- c:\windows\system32\MRT.exe
    2012-09-07 22:04 . 2011-07-15 23:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-02 20:28 . 2011-04-28 03:24 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-08-28 22:01 . 2012-04-08 05:36 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-28 22:01 . 2011-07-27 06:53 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-04 05:18 . 2011-06-05 05:39 1706640 ----a-w- c:\windows\RtlExUpd.dll
    2012-07-29 04:52 . 2012-07-29 04:52 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D60ED3DB-DA03-4786-8BFF-87BBB3E5FC1E}\gapaengine.dll
    2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-07-28 03:47 . 2012-07-28 03:47 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-07-28 03:47 . 2012-07-28 03:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-07-28 03:47 . 2012-07-28 03:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-07-28 03:47 . 2012-07-28 03:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-07-28 03:47 . 2012-07-28 03:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-07-28 03:46 . 2012-07-28 03:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
    2012-07-28 03:46 . 2012-07-28 03:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-07-28 03:44 . 2012-07-28 03:44 54784 ----a-w- c:\windows\system32\OpenCL.dll
    2012-07-28 03:44 . 2012-07-28 03:44 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
    2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
    2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-07-28 02:13 . 2011-06-05 05:33 1100288 ----a-w- c:\windows\system32\aticfx64.dll
    2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
    2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-07-28 01:51 . 2011-06-05 05:33 7052288 ----a-w- c:\windows\system32\atidxx64.dll
    2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
    2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-07-28 01:13 . 2011-06-05 05:33 129536 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-07-06 03:06 . 2012-08-12 03:26 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-06-29 10:04 . 2012-07-27 10:31 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E643C03F-64DD-4D31-B2BD-838939AA99E6}\mpengine.dll
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-25 08:58 . 2012-06-25 08:58 421888 ----a-w- c:\windows\SysWow64\RealMediaSplitter.ax
    2012-06-25 08:58 . 2012-06-25 08:58 2174976 ----a-w- c:\program files (x86)\Common Files\atimpenc.dll
    2012-06-19 19:21 . 2012-06-19 19:21 2892 ----a-w- c:\windows\SysWow64\audcon.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spybot-S&D Cleaning "= "c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-08-30 3513352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM "= "c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "StartCCC "= "c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
    "SDTray "= "c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe\0cpmnat
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 CSUService;COMODO System Utilities Service;c:\program files\COMODO\COMODO System Utilities\CSUService.exe [2012-02-24 347968]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
    R3 ALSysIO;ALSysIO;c:\users\chuck\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
    R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [2010-03-08 121800]
    R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [2010-03-08 121800]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP5a\RpcAgentSrv.exe [2008-10-15 93848]
    R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-08-30 1074720]
    R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-08-30 1358360]
    R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528]
    R3 TDEIO;TDEIO; [x]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-16 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2012-04-11 82560]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2012-04-11 42624]
    S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [2011-09-05 205512]
    S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys [2011-09-05 19568]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [2011-09-05 116032]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-09-07 1852048]
    S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
    S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-12-22 876136]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-03-30 56448]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:01]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 06:02]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 06:02]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3340142747-3605705085-2778890946-1000Core.job
    - c:\users\chuck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 01:08]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3340142747-3605705085-2778890946-1000UA.job
    - c:\users\chuck\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 01:08]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-08 13191312]
    "RtHDVBg_Dolby "= "c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-08-07 1215632]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs "=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
    Notify-SDWinLogon - SDWinLogon.dll
    Toolbar-Locked - (no file)
    ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
    HKLM-Run-(Default) - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath "= "\ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \ "PCCUJobMgr\" /m \ "c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1 "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @= "FlashBroker "
    "LocalizedString "= "@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @= "c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Shockwave Flash Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @= "0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "ShockwaveFlash.ShockwaveFlash.11 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "ShockwaveFlash.ShockwaveFlash "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @= "Macromedia Flash Factory Object "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx "
    "ThreadingModel "= "Apartment "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @= "FlashFactory.FlashFactory.1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @= "c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @= "FlashFactory.FlashFactory "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @= "IFlashBroker4 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @= "{00020424-0000-0000-C000-000000000046} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
    "Version "= "1.0 "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key "= "ActionsPane3 "
    "Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-12 20:44:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-13 01:44
    .
    Pre-Run: 163,713,884,160 bytes free
    Post-Run: 163,128,406,016 bytes free
    .
    - - End Of File - - 8B17930600B54D803D063D4C09E67039
    OK here is combo fix file. pc rebooted and only problem now is it wont connect to inet. adapter is set to obtain ip auto. I've rebooted the modem. But my pc sees an unidentified network...I thought about setting a static ip but thought I should see what you think.that seems to be the case wireless and wirred.
     
  14. 2012/09/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please use system restore point prior to running Combofix.
     
  15. 2012/09/12
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    really...ok..but out of curiosity, could I just download the network driver and reinstall...not a big fan of system restore..but I'll do it.
     
  16. 2012/09/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Only system restore can bring your connection back.
     
  17. 2012/09/12
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    ok I'm back online , jumped on opera and started browsing..and I finally know what this toolbar is called so maybe I can locate it. http://toolbar.netcraft.com. I have no idea where it came from all I know is I can't stand the sight of it. It will swear up and down it's safe. But I want it gone. Usually you cant idintify it. But for whatever reason I was able to click on it and claim it fraudulent..it didn't like that much..but I never could figure out what it was or where it came from with firefox...any ideas what this is?
     
  18. 2012/09/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. 2012/09/13
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    OTL logfile created on: 9/13/2012 12:07:40 AM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\chuck\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 73.93% Memory free
    11.47 Gb Paging File | 9.85 Gb Available in Paging File | 85.81% Paging File free
    Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.37 Gb Total Space | 152.15 Gb Free Space | 26.17% Space Free | Partition Type: NTFS

    Computer Name: CHUCK-PC | User Name: chuck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/13 00:05:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\chuck\Desktop\OTL.exe
    PRC - [2012/09/07 05:51:36 | 001,852,048 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2012/08/30 14:11:32 | 003,904,536 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/02/03 14:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
    PRC - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/30 14:10:04 | 000,057,248 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2012/08/30 14:10:02 | 000,523,680 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
    MOD - [2012/08/30 14:10:02 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2012/07/27 21:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/02/24 08:26:34 | 000,347,968 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe -- (CSUService)
    SRV:64bit: - [2011/12/05 07:02:44 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
    SRV:64bit: - [2011/09/05 10:11:56 | 000,116,032 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe -- (CPMService)
    SRV:64bit: - [2011/05/17 15:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2011/04/07 15:59:32 | 000,294,328 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2011/04/05 21:38:16 | 000,828,336 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/12/08 17:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/09/09 19:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2008/10/14 21:29:54 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP5a\RpcAgentSrv.exe -- (SandraAgentSrv)
    SRV - [2012/09/07 05:51:36 | 001,852,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2012/08/28 17:01:25 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/08/19 10:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/02/03 14:50:10 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe -- (PCCUJobMgr)
    SRV - [2010/05/20 18:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/27 23:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/07/27 20:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/06/05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2012/05/10 23:41:24 | 000,434,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/04/10 20:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2012/04/10 20:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2012/03/30 09:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/12/22 11:04:10 | 000,876,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
    DRV:64bit: - [2011/09/29 18:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/09/05 10:14:34 | 000,019,568 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\evdd.sys -- (Evdd)
    DRV:64bit: - [2011/09/05 10:14:00 | 000,205,512 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cumon.sys -- (cumon)
    DRV:64bit: - [2011/08/19 10:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2011/08/19 10:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/07/19 11:35:00 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
    DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
    DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)
    DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/08/08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP5a\WNt500x64\sandra.sys -- (SANDRA)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2007/04/17 13:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
    DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2036F59B-104A-472D-B1AD-64C2CEBEC982}
    IE:64bit: - HKLM\..\SearchScopes\{2036F59B-104A-472D-B1AD-64C2CEBEC982}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {874BEBF3-FC38-4748-B7FA-CE83ABB81DBA}
    IE - HKLM\..\SearchScopes\{874BEBF3-FC38-4748-B7FA-CE83ABB81DBA}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\chuck\Desktop
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 BE E5 C0 23 8E CD 01 [binary data]
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_nich_3112_2&babsrc=SP_ss&mntrId=207881570000000000004cedde877754
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\..\SearchScopes\{7A6D4D43-48CF-4782-9D6B-16107A811B5A}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\..\SearchScopes\{874BEBF3-FC38-4748-B7FA-CE83ABB81DBA}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\chuck\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\chuck\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\chuck\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\chuck\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/09/08 22:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/08 22:41:32 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

    ========== Chrome ==========

    CHR - homepage:
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage:
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chuck\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\chuck\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\chuck\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\chuck\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\chuck\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\chuck\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: Adblock Plus (Beta) = C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Dark Vibe = C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
    CHR - Extension: LastPass = C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.10_0\
    CHR - Extension: FVD Video Downloader = C:\Users\chuck\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.3.0_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [] File not found
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3340142747-3605705085-2778890946-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A23D9947-B4DF-43CF-A229-0BDDC570E58D}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD9DE5E4-ABA6-4D2A-B648-321FA97B70CA}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{33c3bc11-01dc-11e1-8c60-e06995d0001c}\Shell - " " = AutoRun
    O33 - MountPoints2\{33c3bc11-01dc-11e1-8c60-e06995d0001c}\Shell\AutoRun\command - " " = E:\LaunchU3.exe -a
    O33 - MountPoints2\{3790af69-e960-11e0-b32e-806e6f6e6963}\Shell - " " = AutoRun
    O33 - MountPoints2\{3790af69-e960-11e0-b32e-806e6f6e6963}\Shell\AutoRun\command - " " = E:\TL-Bootstrap.exe
    O33 - MountPoints2\{60183895-01e5-11e1-b7cb-e06995d0001c}\Shell - " " = AutoRun
    O33 - MountPoints2\{60183895-01e5-11e1-b7cb-e06995d0001c}\Shell\AutoRun\command - " " = E:\StartCD.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========
     
  20. 2012/09/13
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    [2012/09/13 00:04:19 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\chuck\Desktop\OTL.exe
    [2012/09/12 21:20:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2012/09/12 20:44:36 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/09/12 19:45:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/12 14:37:16 | 000,000,000 | ---D | C] -- C:\Temporary Internet Files
    [2012/09/11 23:54:05 | 000,000,000 | ---D | C] -- C:\Users\chuck\Desktop\RK_Quarantine
    [2012/09/11 23:05:37 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
    [2012/09/11 23:05:37 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys
    [2012/09/11 23:05:35 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
    [2012/09/11 23:05:35 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
    [2012/09/10 19:41:43 | 000,000,000 | ---D | C] -- C:\Users\chuck\Desktop\New folder
    [2012/09/10 17:41:58 | 000,000,000 | ---D | C] -- C:\Users\chuck\Desktop\HiJack
    [2012/09/10 16:52:35 | 000,027,968 | ---- | C] (COMODO Security Solutions Inc.) -- C:\windows\SysNative\cpmnat.exe
    [2012/09/10 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\chuck\Documents\New folder (2)
    [2012/09/10 11:22:55 | 000,205,512 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\cumon.sys
    [2012/09/10 11:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2012/09/10 11:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/09/10 11:17:57 | 000,000,000 | ---D | C] -- C:\Users\chuck\AppData\Local\Comodo
    [2012/09/10 11:17:52 | 000,054,024 | ---- | C] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
    [2012/09/10 11:17:52 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
    [2012/09/10 11:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2012/09/10 10:23:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2012/09/09 17:24:28 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\chuck\Documents\TFC.exe
    [2012/09/09 16:29:32 | 000,000,000 | ---D | C] -- C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/09/09 16:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/09/09 15:30:43 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\chuck\Desktop\dds.com
    [2012/09/09 15:30:09 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\chuck\Desktop\aswMBR.exe
    [2012/09/08 22:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/08 18:37:24 | 000,000,000 | ---D | C] -- C:\Users\chuck\AppData\Roaming\Opera
    [2012/09/08 18:37:24 | 000,000,000 | ---D | C] -- C:\Users\chuck\AppData\Local\Opera
    [2012/09/08 18:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
    [2012/09/08 17:44:23 | 000,000,000 | ---D | C] -- C:\Users\chuck\AppData\Roaming\Safer Networking
    [2012/09/08 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
    [2012/09/08 13:44:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safer Networking
    [2012/09/08 13:35:29 | 000,000,000 | ---D | C] -- C:\Users\chuck\Documents\ProcAlyzer Dumps
    [2012/09/08 12:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/09/08 12:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2012/09/08 12:22:49 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
    [2012/09/08 12:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2012/09/07 17:47:54 | 000,000,000 | ---D | C] -- C:\Users\chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/09/04 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\chuck\SyncFolder
    [2012/09/02 15:28:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/09/02 15:28:21 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
    [2012/09/02 15:28:13 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    [2012/09/02 15:25:00 | 001,034,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
    [2012/09/02 15:25:00 | 000,916,456 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
    [2012/09/02 15:25:00 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
    [2012/09/02 15:24:48 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
    [2012/09/02 15:24:48 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
    [2012/09/02 15:24:48 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
    [2012/09/02 15:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/08/30 12:45:45 | 000,000,000 | ---D | C] -- C:\Users\chuck\Desktop\Resume
    [2012/08/29 04:00:14 | 000,056,448 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\usbfilter.sys
    [2012/08/29 04:00:14 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
    [2012/08/29 03:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
    [2012/08/29 03:55:06 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
    [2012/08/29 03:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
    [2012/08/29 03:55:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
    [2012/08/29 03:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2012/08/29 03:47:38 | 000,000,000 | ---D | C] -- C:\AMD
    [2012/08/28 23:09:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\RTCOM
    [2012/08/28 23:08:53 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\WavesGUILib64.dll
    [2012/08/28 23:08:52 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\tosade.dll
    [2012/08/28 23:08:52 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\windows\SysNative\tepeqapo64.dll
    [2012/08/28 23:08:51 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\tadefxapo264.dll
    [2012/08/28 23:08:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSX64.dll
    [2012/08/28 23:08:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSH64.dll
    [2012/08/28 23:08:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSHP64.dll
    [2012/08/28 23:08:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSWOW64.dll
    [2012/08/28 23:08:51 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\windows\SysNative\tadefxapo.dll
    [2012/08/28 23:08:47 | 000,606,336 | ---- | C] (Sony Corporation) -- C:\windows\SysNative\SFSS_APO.dll
    [2012/08/28 23:08:46 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTSnMg64.cpl
    [2012/08/28 23:08:45 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtPgEx64.dll
    [2012/08/28 23:08:45 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtlCPAPI64.dll
    [2012/08/28 23:08:43 | 003,643,024 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkAPO64.dll
    [2012/08/28 23:08:43 | 000,880,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkApi64.dll
    [2012/08/28 23:08:43 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64A.dll
    [2012/08/28 23:08:43 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkCfg64.dll
    [2012/08/28 23:08:43 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkCoLDR64.dll
    [2012/08/28 23:08:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64A.dll
    [2012/08/28 23:08:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64A.dll
    [2012/08/28 23:08:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64A.dll
    [2012/08/28 23:08:41 | 001,264,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RTCOM64.dll
    [2012/08/28 23:08:41 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DHT64.dll
    [2012/08/28 23:08:41 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DAA64.dll
    [2012/08/28 23:08:40 | 005,911,552 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RCoRes64.dat
    [2012/08/28 23:08:40 | 000,109,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RCoInstII64.dll
    [2012/08/28 23:08:33 | 007,598,456 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek64.dll
    [2012/08/28 23:08:33 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxVolumeSDAPO.dll
    [2012/08/28 23:08:31 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioEQ64.dll
    [2012/08/28 23:08:31 | 000,834,936 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPOShell64.dll
    [2012/08/28 23:08:31 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO30.dll
    [2012/08/28 23:08:30 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO20.dll
    [2012/08/28 23:08:20 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\windows\SysNative\FMAPO64.dll
    [2012/08/28 23:08:16 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\windows\SysNative\CONEQMSAPOGUILibrary.dll
    [2012/08/28 23:08:15 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\SysNative\AERTAC64.dll
    [2012/08/28 23:08:15 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\windows\SysNative\AERTAR64.dll
    [2012/08/28 23:02:04 | 003,746,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RtkHDM64.dll
    [2012/08/28 23:02:04 | 002,526,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RHDMEx64.dll
    [2012/08/28 23:02:04 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64H.dll
    [2012/08/28 23:02:04 | 000,237,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\drivers\RtHDMIVX.sys
    [2012/08/28 23:02:04 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64H.dll
    [2012/08/28 23:02:04 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64H.dll
    [2012/08/28 23:02:04 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64H.dll
    [2012/08/28 23:02:03 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEP64H.dll
    [2012/08/28 23:02:03 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EED64H.dll
    [2012/08/28 23:02:03 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RH3DHT64.dll
    [2012/08/28 23:02:03 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RH3DAA64.dll
    [2012/08/28 23:02:03 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEL64H.dll
    [2012/08/28 23:02:03 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEA64H.dll
    [2012/08/28 23:02:03 | 000,092,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\windows\SysNative\RHCoInst64.dll
    [2012/08/28 23:02:03 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEG64H.dll
    [2012/08/28 22:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
    [2012/08/28 22:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
    [2012/08/26 17:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/08/26 17:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2012/08/19 02:14:00 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
    [2012/08/19 02:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/08/19 02:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/08/15 03:04:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2012/08/15 03:04:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2012/08/15 03:04:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2012/08/15 03:04:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2012/08/15 03:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2012/08/15 03:04:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2012/08/15 03:04:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2012/08/15 03:04:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2012/08/15 03:04:08 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2012/08/15 03:04:08 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2012/08/15 03:04:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2012/08/15 03:04:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2012/08/15 03:04:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2012/08/15 01:19:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll
    [2012/08/15 01:19:27 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
    [2012/08/15 01:19:27 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
    [2012/08/15 01:19:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe
    [2012/08/15 01:19:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll
    [2012/08/15 01:19:23 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll
    [2012/08/15 01:19:23 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll
    [2012/08/15 01:19:19 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
    [2012/06/25 03:58:26 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/09/13 00:05:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\chuck\Desktop\OTL.exe
    [2012/09/13 00:00:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340142747-3605705085-2778890946-1000UA.job
    [2012/09/12 23:38:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/12 23:33:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/09/12 23:01:07 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/12 23:01:07 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/12 23:01:06 | 000,729,944 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/09/12 23:01:06 | 000,626,540 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/09/12 23:01:06 | 000,107,784 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/09/12 22:54:09 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/12 22:53:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/09/12 22:53:32 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/12 22:53:02 | 000,035,556 | ---- | M] () -- C:\windows\CUAppUsage.Dat
    [2012/09/11 23:52:19 | 001,378,816 | ---- | M] () -- C:\Users\chuck\Desktop\RogueKiller.exe
    [2012/09/11 19:00:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3340142747-3605705085-2778890946-1000Core.job
    [2012/09/11 14:29:57 | 000,002,569 | ---- | M] () -- C:\Users\chuck\Desktop\Google Chrome.lnk
    [2012/09/10 23:02:33 | 000,506,412 | ---- | M] () -- C:\Users\chuck\Desktop\TeamSpybot-20120910-230233.cab
    [2012/09/10 23:02:33 | 000,481,012 | ---- | M] () -- C:\Users\chuck\Desktop\Desktop-20120910-230233.png
    [2012/09/10 17:49:32 | 000,001,148 | ---- | M] () -- C:\Users\chuck\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/09/10 17:04:29 | 000,773,408 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
    [2012/09/10 16:23:46 | 000,000,448 | ---- | M] () -- C:\Users\chuck\Documents\cc_20120910_162340.reg
    [2012/09/10 15:48:45 | 000,013,780 | ---- | M] () -- C:\Users\chuck\Desktop\hijackthis1
    [2012/09/10 11:31:38 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\COMODO System Utilities.lnk
    [2012/09/10 11:24:43 | 000,054,024 | ---- | M] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
    [2012/09/10 11:24:43 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
    [2012/09/10 11:22:47 | 629,145,600 | -H-- | M] () -- C:\fileimage.dat
    [2012/09/10 11:20:51 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Programs Manager.lnk
    [2012/09/10 11:17:58 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2012/09/09 17:24:29 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\chuck\Documents\TFC.exe
    [2012/09/09 15:30:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\chuck\Desktop\dds.com
    [2012/09/09 15:30:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\chuck\Desktop\aswMBR.exe
    [2012/09/09 14:28:35 | 000,302,592 | ---- | M] () -- C:\Users\chuck\Desktop\pze2cu13.exe
    [2012/09/08 18:37:21 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
    [2012/09/08 17:42:05 | 000,047,589 | ---- | M] () -- C:\Users\chuck\Documents\SD hjt log
    [2012/09/08 17:40:47 | 000,278,030 | ---- | M] () -- C:\Users\chuck\Documents\SD SBSD log
    [2012/09/08 12:22:55 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2012/09/02 15:28:05 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    [2012/09/02 15:28:04 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
    [2012/09/02 15:28:04 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
    [2012/09/02 15:28:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
    [2012/09/02 15:28:04 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
    [2012/09/02 15:24:28 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
    [2012/09/02 15:24:24 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
    [2012/09/02 15:24:24 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
    [2012/09/02 15:24:23 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll
    [2012/09/02 15:24:23 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
    [2012/09/02 15:24:22 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll
    [2012/08/30 15:35:02 | 000,023,890 | ---- | M] () -- C:\Users\chuck\Documents\trans_JVS-12-3123B_ver_120830_030007.pdf
    [2012/08/30 15:34:58 | 000,025,812 | ---- | M] () -- C:\Users\chuck\Documents\trans_JVS-12-3123B_ver_120830_030000.pdf
    [2012/08/30 13:25:26 | 000,210,867 | ---- | M] () -- C:\Users\chuck\Desktop\Resume.zip
    [2012/08/28 22:19:27 | 000,001,222 | ---- | M] () -- C:\Users\chuck\Desktop\Driver Genius Professional Edition.lnk
    [2012/08/28 17:04:28 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
    [2012/08/28 17:01:24 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/08/28 17:01:24 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/28 11:41:53 | 001,116,044 | ---- | M] () -- C:\Users\chuck\Documents\AXcertPDF.pdf
    [2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys
    [2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
    [2012/08/22 12:42:47 | 000,010,119 | ---- | M] () -- C:\Users\chuck\Documents\Charles Kenned1.odt
    [2012/08/21 04:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
    [2012/08/16 12:49:03 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/08/16 12:45:46 | 000,145,725 | ---- | M] () -- C:\Users\chuck\Documents\EnvelopePDF.pdf
    [2012/08/15 15:07:45 | 000,010,094 | ---- | M] () -- C:\Users\chuck\Documents\Charles Kennedy.odt
    [2012/08/15 03:23:13 | 000,511,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/09/11 23:52:18 | 001,378,816 | ---- | C] () -- C:\Users\chuck\Desktop\RogueKiller.exe
    [2012/09/10 23:02:33 | 000,506,412 | ---- | C] () -- C:\Users\chuck\Desktop\TeamSpybot-20120910-230233.cab
    [2012/09/10 23:02:33 | 000,481,012 | ---- | C] () -- C:\Users\chuck\Desktop\Desktop-20120910-230233.png
    [2012/09/10 16:23:43 | 000,000,448 | ---- | C] () -- C:\Users\chuck\Documents\cc_20120910_162340.reg
    [2012/09/10 15:48:44 | 000,013,780 | ---- | C] () -- C:\Users\chuck\Desktop\hijackthis1
    [2012/09/10 13:59:38 | 000,035,556 | ---- | C] () -- C:\windows\CUAppUsage.Dat
    [2012/09/10 11:35:59 | 000,773,408 | ---- | C] () -- C:\windows\SysNative\drivers\sfi.dat
    [2012/09/10 11:31:38 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\COMODO System Utilities.lnk
    [2012/09/10 11:22:47 | 629,145,600 | -H-- | C] () -- C:\fileimage.dat
    [2012/09/10 11:22:45 | 000,019,568 | ---- | C] () -- C:\windows\SysNative\drivers\evdd.sys
    [2012/09/10 11:20:51 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Programs Manager.lnk
    [2012/09/10 11:17:58 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2012/09/09 14:28:32 | 000,302,592 | ---- | C] () -- C:\Users\chuck\Desktop\pze2cu13.exe
    [2012/09/08 18:37:21 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    [2012/09/08 18:37:21 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
    [2012/09/08 17:42:05 | 000,047,589 | ---- | C] () -- C:\Users\chuck\Documents\SD hjt log
    [2012/09/08 17:40:47 | 000,278,030 | ---- | C] () -- C:\Users\chuck\Documents\SD SBSD log
    [2012/09/08 12:22:55 | 000,002,200 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2012/09/08 12:22:55 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2012/09/07 17:47:56 | 000,002,569 | ---- | C] () -- C:\Users\chuck\Desktop\Google Chrome.lnk
    [2012/08/30 15:35:02 | 000,023,890 | ---- | C] () -- C:\Users\chuck\Documents\trans_JVS-12-3123B_ver_120830_030007.pdf
    [2012/08/30 15:34:57 | 000,025,812 | ---- | C] () -- C:\Users\chuck\Documents\trans_JVS-12-3123B_ver_120830_030000.pdf
    [2012/08/30 13:25:26 | 000,210,867 | ---- | C] () -- C:\Users\chuck\Desktop\Resume.zip
    [2012/08/28 23:08:41 | 000,329,737 | ---- | C] () -- C:\windows\SysNative\drivers\RTAIODAT.DAT
    [2012/08/28 22:19:27 | 000,001,222 | ---- | C] () -- C:\Users\chuck\Desktop\Driver Genius Professional Edition.lnk
    [2012/08/28 11:41:40 | 001,116,044 | ---- | C] () -- C:\Users\chuck\Documents\AXcertPDF.pdf
    [2012/08/22 12:42:41 | 000,010,119 | ---- | C] () -- C:\Users\chuck\Documents\Charles Kenned1.odt
    [2012/08/19 02:14:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
    [2012/08/16 12:45:46 | 000,145,725 | ---- | C] () -- C:\Users\chuck\Documents\EnvelopePDF.pdf
    [2012/08/15 15:07:35 | 000,010,094 | ---- | C] () -- C:\Users\chuck\Documents\Charles Kennedy.odt
    [2012/08/09 06:47:20 | 000,000,394 | ---- | C] () -- C:\Users\chuck\AppData\Roaming\Digital Clock_Settings.ini
    [2012/07/27 20:39:50 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
    [2012/07/27 20:39:50 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
    [2012/06/19 14:21:00 | 000,002,892 | ---- | C] () -- C:\windows\SysWow64\audcon.sys
    [2012/06/19 14:20:48 | 000,086,016 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe
    [2012/06/19 14:20:48 | 000,000,051 | ---- | C] () -- C:\windows\SysWow64\SYNSOPOS.exe.cfg
    [2012/06/09 19:34:27 | 000,000,487 | ---- | C] () -- C:\Users\chuck\AppData\Roaming\GPU Monitor_Settings.ini
    [2012/01/13 05:16:31 | 011,169,792 | ---- | C] () -- C:\Users\chuck\AppData\Roaming\Sandra.mdb
    [2012/01/02 19:17:45 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
    [2011/12/24 00:07:04 | 000,000,231 | ---- | C] () -- C:\Users\chuck\AppData\Roaming\Top Process Monitor_Settings.ini
    [2011/12/23 03:46:36 | 000,001,715 | ---- | C] () -- C:\Users\chuck\AppData\Roaming\System Monitor II_Settings.ini
    [2011/12/23 02:57:28 | 000,001,057 | ---- | C] () -- C:\Users\chuck\AppData\Roaming\vso_ts_preview.xml
    [2011/10/27 21:47:43 | 000,015,872 | ---- | C] () -- C:\Users\chuck\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
    [2011/08/19 10:26:20 | 010,898,456 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
    [2011/08/19 10:26:20 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
    [2011/08/19 10:26:20 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
    [2011/07/29 17:50:20 | 000,744,030 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/06/05 00:42:04 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
    [2011/06/05 00:37:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
    [2011/06/05 00:35:00 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll

    < End of report >
     
  21. 2012/09/13
    ck309

    ck309 Inactive Thread Starter

    Joined:
    2011/03/19
    Messages:
    31
    Likes Received:
    0
    OTL Extras logfile created on: 9/13/2012 12:07:40 AM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\chuck\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.48 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 73.93% Memory free
    11.47 Gb Paging File | 9.85 Gb Available in Paging File | 85.81% Paging File free
    Paging file location(s): C:\pagefile.sys 6142 6142 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.37 Gb Total Space | 152.15 Gb Free Space | 26.17% Space Free | Partition Type: NTFS

    Computer Name: CHUCK-PC | User Name: chuck | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = DragonHTML] -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
    https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
    https [open] -- "C:\Program Files (x86)\Comodo\Dragon\dragon.exe" -- "%1" (Comodo)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{017A5F5D-E72F-44DE-8173-3537B65B3DBA}" = rport=139 | protocol=6 | dir=out | app=system |
    "{0B5FBB60-F946-49CA-A368-6C2A4C7F7C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{116387D7-E525-48CF-B360-2BA7822EC74F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{13CC3667-0E24-4E3E-A28B-4503EEDA3A86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{19C01974-5B76-46BE-A944-70829AA42944}" = lport=445 | protocol=6 | dir=in | app=system |
    "{1E2436B7-3542-4CD5-A419-5EF4C6CF0D65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{403EC1D4-0F2B-4703-968C-EAF96BCE6E19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{5173086D-A155-4C4F-A550-79719E34CA4B}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5DD8A56F-A515-48E7-A1B3-E6307C4C323C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{652A03DB-7400-4DB8-B0E2-81CA7A1050BD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6F46231C-2B45-4C9A-A51D-2CEAEF363987}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{74D77E65-7712-485B-B570-69FE885A7DAA}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2011.sp5a\wnt500x64\rpcsandrasrv.exe |
    "{7BC88FFF-A352-4BCB-AEDD-AB95BB70F368}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8DFD88F8-ED74-450F-984F-B622BF177A93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{90643CD8-F3E9-45A3-89D8-A7AD042DDDD4}" = lport=138 | protocol=17 | dir=in | app=system |
    "{9495FB2A-35B7-4D1F-A30A-B7F2327321FD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A2978913-212A-49B9-820B-66728AC29586}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A5199555-CEBC-4E2B-AE4C-997A4BC3A9BD}" = rport=445 | protocol=6 | dir=out | app=system |
    "{ADAD0B01-E476-444D-AD86-267C79C01C34}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B0719328-B4A8-4004-B8F7-20CD0508E5D1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{BA1E2926-A9A8-47C0-9FF2-B1C57B594799}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{BCFC2AE9-CC98-4B60-9214-AC7DD84766CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BEEE51B7-1FE1-4EFD-9EBC-47618BFC1622}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E0DA8C19-D8F4-4FB7-A736-6B550CF4C81D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra professional business 2011.sp5a\rpcagentsrv.exe |
    "{E9963719-3254-470E-BD9D-53216BC12E33}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09220F83-4B19-4A2D-B903-90DA944A01CF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{1B64A658-005A-4792-8A48-1FF89CD16D04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{1CB90B95-A2F3-4DC4-832B-C11E108ACBAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1D526835-DB0D-4D71-BDEF-F95D6FFF06C8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1E84EAB3-A1B1-4314-A339-7AC54D5D8033}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{28E7665E-29A2-47EF-853C-7769D6EE46EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{2EEA05DC-B409-4313-A4BB-2ABE583B6F65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2F2E3FAA-3843-4C06-92D8-65A2DF5F16C9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{42631479-C555-4FBC-AFC3-CF129249EF17}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{4994E284-4429-48B7-B1B4-4583DEDE7691}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{516BD28E-490B-4953-B912-602556D49295}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{52AA370D-1378-49C8-9E74-986C8D409134}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5AEBADF7-4514-4495-A3CF-CA9FEE229870}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5B4F23E6-8382-43B5-9A86-15229CD43D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{60708C73-3AE5-4F13-A315-9851B78E50DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{7681F1A0-2901-44A4-A8BD-120692400BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
    "{76D2EE95-5FB7-4CA6-98C4-73F11DE00316}" = protocol=17 | dir=in | app=c:\users\chuck\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7EE45FDC-7319-463F-80CE-D2E5803E11C5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
    "{83306965-107F-48B4-A3A6-D5E023B3B895}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C349755-A2FC-46E2-8702-A477A8A15D34}" = protocol=17 | dir=in | app=c:\program files (x86)\avid\studio\programs\ngstudio.exe |
    "{9171A43D-7C25-48F1-B79A-8418DC029904}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{91DB360A-9314-4A94-9FD1-FE51A235C315}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{9C99A04B-CA93-4698-A474-D68FED1A1A4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{AA9C39FD-C785-48D6-8472-0259F6EC5677}" = protocol=6 | dir=in | app=c:\users\chuck\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{B7B2F6F8-1BAA-4248-B587-BD4D0A4EA6B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B933D6B1-7CC5-405F-BFC3-CD89998603C1}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) |
    "{C72F4726-E893-4302-B3EF-FAF1D573DCDB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CCF8A9EC-1835-4BFA-9444-C32766B5C11F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D021E20E-EE5B-4A4C-A338-F19C0541458E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
    "{D56E3BF3-6FA2-4BC5-99E5-F0230DDF24CE}" = protocol=17 | dir=in | app=c:\program files (x86)\avid\studio\programs\umi.exe |
    "{D729688A-2919-4BD6-998C-A9E9835B0878}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{DFB57942-004E-4F3C-98E9-83BA0CAE96FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avid\studio\programs\rm.exe |
    "{E27AA6C6-E79B-4122-9B1B-7347E39A851F}" = protocol=6 | dir=in | app=c:\program files (x86)\avid\studio\programs\ngstudio.exe |
    "{EC018ABB-8DCF-417A-8BA3-F44586F97759}" = protocol=6 | dir=in | app=c:\program files (x86)\avid\studio\programs\umi.exe |
    "{F8FA6796-1754-4F02-90C9-11ECB2E3E3C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avid\studio\programs\rm.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{06CB0DD1-71A5-F352-E0A9-FE6016380A8F}" = AMD Drag and Drop Transcoding
    "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
    "{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
    "{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Mobile I/O
    "{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
    "{42976FDB-5756-4077-A491-095F228E99E2}" = MAGIX Low Latency Driver (64-Bit)
    "{49146694-5F5F-4B1F-AD15-6587F47A0FD7}" = MAGIX Burn routines (64-Bit)
    "{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
    "{6DB97EF8-603B-FB96-9B56-6F0D23E14263}" = AMD Media Foundation Decoders
    "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
    "{6FF9A012-0254-41E9-81E2-F538C4B53611}" = TOSHIBA eco Utility
    "{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session I/O
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A7DA4247-9F22-4d4a-974A-DD455CCF43B6}" = COMODO System Utilities
    "{B1F48088-2632-92BF-799C-16A5141B74EC}" = AMD Catalyst Install Manager
    "{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Professional Business 2011.SP5a
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D10B35A6-786F-2879-DC2F-EBBD735E51B8}" = AMD Fuel
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D968E920-3A49-48EB-BA1D-8964DCDF0CA9}" = COMODO Programs Manager
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "CCleaner" = CCleaner
    "EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0299DF57-FF2E-42C6-A4D7-9480E537D191}" = Pinnacle Creative Pack Volume 2
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}" = TOSHIBA Supervisor Password
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{15663E2F-4C49-4949-9490-8806050654E0}" = Avid Studio Bonus Content
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1864B4F0-7777-5A57-9930-C2B307597966}" = MusicLab RealGuitar
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EC82637-F2BD-4F2F-B4DE-F38B70D0DDC3}" = KORG Legacy Collection - LegacyCell
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
    "{29F291A9-F1FB-4DD3-A72D-CF15A486CD90}" = MAGIX Speed burnR (MSI)
    "{2A7A2022-4FA3-4FA4-898B-83311B704D31}" = Avid Studio Registration Freebie - Adorage Vol. 11 Selection
    "{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
    "{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
    "{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
    "{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40007E5C-19C8-4A25-AD70-A99D77D0A7DA}" = Active@ Boot Disk
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5B01BCB7-A5D3-476F-AF11-E515BA206591}" = TOSHIBA Wireless LAN Indicator
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
    "{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{6423EF42-19F9-4FF6-83D7-177B391D96B6}" = KORG Legacy Collection - M1
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A519E1D-44B8-4DC9-BC30-552C68D41C01}" = Avid Studio Plugins
    "{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
    "{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74E5BA31-CB34-4388-BC7F-91DC8830AABC}" = ScoreFitter Volume 2
    "{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}" = Pinnacle Creative Pack Volume 1
    "{7F025596-53EC-421A-BB05-742A4D6CC8E3}" = KORG Legacy Collection - WAVESTATION
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
    "{836361D1-D74F-416F-B8B2-DCB7ED89B111}" = KORG Legacy Collection - MS-20
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{84B437EA-EDAA-475A-99D1-ED0CFB605FBE}" = Samplitude Pro X Suite Download Version
    "{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1" = Yawcam 0.3.7
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
    "{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
    "{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = AMD VISION Engine Control Center
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B208107-DCBC-4815-A85D-E7151CFD454C}" = KORG Legacy Collection - MonoPoly
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
    "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9DCBDF08-F1C0-4935-A958-9501384FC528}" = ScoreFitter Volume 1
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
    "{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
    "{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
    "{B35DC076-CEF2-4631-9EF7-45380E27C841}" = Avid Studio
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{B7D95B65-E05B-4B05-B669-7A1AC21BAB67}" = KORG Legacy Collection - Polysix
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
    "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
    "{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
    "{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{E8FD2DF4-CF22-4996-BBF5-FE37D13A420E}" = KORG Legacy Collection - MDE-X
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
    "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Applied Accoustics String Studio VS 1 VST DX v1.0" = Applied Accoustics String Studio VS 1 VST DX v1.0
    "ASIO4ALL" = ASIO4ALL
    "AVCWare Video Converter Ultimate" = AVCWare Video Converter Ultimate
    "Camel Audio Alchemy64" = Camel Audio Alchemy64
    "Comodo Dragon" = Comodo Dragon
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "DVD Shrink_is1" = DVD Shrink 3.2
    "East West HardcoreBass" = East West HardcoreBass
    "EPSON Scanner" = EPSON Scan
    "FL Studio 10" = FL Studio 10
    "Guitarist Library_is1" = Sugar Bytes Guitarist Library 1.0
    "HTC_WModemDriver" = WModem Driver Installer
    "IL Download Manager" = IL Download Manager
    "ImgBurn" = ImgBurn
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
    "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
    "Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
    "Logitech Vid" = Logitech Vid HD
    "Magic Bullet Looks Studio" = Magic Bullet Looks Studio
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "MAGIX_MSI_SamProX_Suite" = Samplitude Pro X Suite Download Version
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Morphyre" = Morphyre
    "Native Instruments B4 II" = Native Instruments B4 II
    "Native Instruments Battery 3" = Native Instruments Battery 3
    "Native Instruments Controller Editor" = Native Instruments Controller Editor
    "Native Instruments FM8 Transient Attacks" = Native Instruments FM8 Transient Attacks
    "Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
    "Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
    "Native Instruments Guitar Rig Mobile I/O" = Native Instruments Guitar Rig Mobile I/O
    "Native Instruments Guitar Rig Session I/O" = Native Instruments Guitar Rig Session I/O
    "Native Instruments Kontakt 5" = Native Instruments Kontakt 5
    "Native Instruments Massive" = Native Instruments Massive
    "Native Instruments Reaktor 5" = Native Instruments Reaktor 5
    "Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Opera 12.02.1578" = Opera 12.02
    "PE Explorer_is1" = PE Explorer 1.99
    "prophetv2_5_is1" = Prophet-V2 2.5.1
    "Red Giant ToonIt Studio" = Red Giant ToonIt Studio
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "ST5UNST #1" = The Holy Bible KJV Ver.8
    "stax-Pinnacle_is1" = SureThing Express Labeler
    "Switch" = Switch Sound File Converter
    "Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
    "Trapcode Particular Studio" = Trapcode Particular Studio
    "Trapcode Shine Studio" = Trapcode Shine Studio
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.2
    "WildTangent toshiba Master Uninstall" = WildTangent Games
    "WinFF_is1" = WinFF 1.3.2
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WTA-eb891a37-f084-48fa-aae3-b9be562cc77e" = Tom Clancy's Splinter Cell

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3340142747-3605705085-2778890946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/6/2012 3:33:26 PM | Computer Name = chuck-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/6/2012 5:00:13 PM | Computer Name = chuck-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
    0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
    id: 0x774 Faulting application start time: 0x01cd8c6679f2dd6f Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: d9ac9627-f865-11e1-9aa9-e06995d0001c

    Error - 9/6/2012 5:02:08 PM | Computer Name = chuck-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/7/2012 4:36:43 PM | Computer Name = chuck-PC | Source = TestWorker | ID = 131073
    Description =

    Error - 9/7/2012 6:30:47 PM | Computer Name = chuck-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
    0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
    id: 0x7f4 Faulting application start time: 0x01cd8c72bd6539ab Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: aae47450-f93b-11e1-94e8-e06995d0001c

    Error - 9/7/2012 6:31:54 PM | Computer Name = chuck-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/7/2012 9:07:30 PM | Computer Name = chuck-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
    0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
    id: 0x7a8 Faulting application start time: 0x01cd8d488d467a6f Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: 8f7122b4-f951-11e1-b327-e06995d0001c

    Error - 9/7/2012 9:08:31 PM | Computer Name = chuck-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 9/7/2012 9:09:04 PM | Computer Name = chuck-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
    stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
    0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process
    id: 0x59c Faulting application start time: 0x01cd8d5e6f9dc235 Faulting application
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module
    path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: c7ccc03d-f951-11e1-818d-e06995d0001c

    Error - 9/7/2012 9:12:01 PM | Computer Name = chuck-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 2/23/2012 11:53:51 AM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 9:53:51 AM - Error connecting to the internet. 9:53:51 AM - Unable
    to contact server..

    Error - 2/23/2012 11:53:57 AM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 9:53:56 AM - Error connecting to the internet. 9:53:56 AM - Unable
    to contact server..

    Error - 2/23/2012 12:54:01 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 10:54:01 AM - Error connecting to the internet. 10:54:01 AM - Unable
    to contact server..

    Error - 2/23/2012 12:54:07 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 10:54:06 AM - Error connecting to the internet. 10:54:06 AM - Unable
    to contact server..

    Error - 2/23/2012 4:58:44 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 2:58:44 PM - Error connecting to the internet. 2:58:44 PM - Unable
    to contact server..

    Error - 2/23/2012 4:58:50 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 2:58:49 PM - Error connecting to the internet. 2:58:49 PM - Unable
    to contact server..

    Error - 2/24/2012 6:14:41 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 4:14:39 PM - Error connecting to the internet. 4:14:39 PM - Unable
    to contact server..

    Error - 2/25/2012 11:05:20 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 9:05:20 PM - Error connecting to the internet. 9:05:20 PM - Unable
    to contact server..

    Error - 2/28/2012 4:22:53 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 2:22:51 PM - Error connecting to the internet. 2:22:51 PM - Unable
    to contact server..

    Error - 2/29/2012 8:19:29 PM | Computer Name = chuck-PC | Source = MCUpdate | ID = 0
    Description = 6:19:27 PM - Error connecting to the internet. 6:19:27 PM - Unable
    to contact server..

    [ Spybot - Search and Destroy Events ]
    Error - 9/8/2012 2:31:09 PM | Computer Name = chuck-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 9/10/2012 12:14:19 PM | Computer Name = chuck-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    [ System Events ]
    Error - 9/12/2012 11:44:05 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7031
    Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
    It has done this 24 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 9/12/2012 11:45:14 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7031
    Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
    It has done this 25 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 9/12/2012 11:46:24 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7031
    Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
    It has done this 26 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 9/12/2012 11:47:33 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7031
    Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
    It has done this 27 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 9/12/2012 11:48:43 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7031
    Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
    It has done this 28 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 9/12/2012 11:50:06 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7031
    Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
    It has done this 29 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 9/12/2012 11:50:10 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7034
    Description = The AMD FUEL Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 9/12/2012 11:51:08 PM | Computer Name = chuck-PC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
    following error: %%109

    Error - 9/12/2012 11:53:43 PM | Computer Name = chuck-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
    Description = WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll
    Error
    Code: 126

    Error - 9/12/2012 11:53:47 PM | Computer Name = chuck-PC | Source = Microsoft Antimalware | ID = 2004
    Description = %%860 has encountered an error trying to load signatures and will
    attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

    Error
    Code: 0x80070002 Error description: The system cannot find the file specified. Signature
    version: 1.135.1017.0;1.135.1017.0 Engine version: 1.1.8704.0


    < End of report >
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.