Inactive Unknown Bug

Mburgess · 2010/10/20

[Inactive] Unknown Bug

Told to post problem here from other form of mine by an admin

DDS File:

DDS (Ver_10-10-10.03) - NTFSx86 NETWORK
Run by Mitch at 17:17:26.68 on Wed 10/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2115 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mitch\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [CHotkey] zHotkey.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe "
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe "
mRun: [ShowWnd] ShowWnd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe "
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL " "
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\mitch\appdata\roaming\mozilla\firefox\profiles\y5t2ykcy.default\
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {3CD5BA76-9114-442D-BB31-45AAD6FA5721} - c:\users\mitch\appdata\local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}
FF - HiddenExtension: XULRunner: {41D2D2E6-FBD7-40AC-A333-5DB10C27573B} - c:\users\burgess\appdata\local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}
FF - HiddenExtension: XULRunner: {6F297557-72A9-4E1E-869B-00ABF34E4564} - c:\users\burgess\appdata\local\{6f297557-72a9-4e1e-869b-00abf34e4564}\
FF - HiddenExtension: XULRunner: {FC34A486-C113-41A3-A77F-FFCE46E4005A} - c:\users\mitch\appdata\local\{fc34a486-c113-41a3-a77f-ffce46e4005a}\
FF - HiddenExtension: XULRunner: {80119070-146C-4601-8DD1-2C9C77472A26} - c:\users\burgess\appdata\local\{80119070-146c-4601-8dd1-2c9c77472a26}\
FF - HiddenExtension: XULRunner: {AB4295A0-6278-4D5E-8E58-B7028EEEDBE0} - c:\users\mitch\appdata\local\{ab4295a0-6278-4d5e-8e58-b7028eeedbe0}\
FF - HiddenExtension: XULRunner: {0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1} - c:\users\burgess\appdata\local\{0aa69c98-f3d7-481e-b41f-ee5e6aca31f1}\
FF - HiddenExtension: XULRunner: {021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} - c:\users\mitch\appdata\local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}
FF - HiddenExtension: XULRunner: {A87EB6EE-E449-436F-95E5-B97985E078BF} - c:\users\burgess\appdata\local\{a87eb6ee-e449-436f-95e5-b97985e078bf}\
FF - HiddenExtension: XULRunner: {FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} - c:\users\mitch\appdata\local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}
FF - HiddenExtension: XULRunner: {D4A4CCE1-34ED-444B-B462-F7AE98E4257C} - c:\users\burgess\appdata\local\{d4a4cce1-34ed-444b-b462-f7ae98e4257c}\
FF - HiddenExtension: XULRunner: {01AF4BC4-E612-4D01-AABD-4026D89B0220} - c:\users\burgess\appdata\local\{01af4bc4-e612-4d01-aabd-4026d89b0220}\
FF - HiddenExtension: XULRunner: {DCA46154-0766-4AD6-8454-1257208B4C86} - c:\users\mitch\appdata\local\{dca46154-0766-4ad6-8454-1257208b4c86}\
FF - HiddenExtension: XULRunner: {3B2676BD-D009-4E84-B77D-B2A77CC4F067} - c:\users\mitch\appdata\local\{3b2676bd-d009-4e84-b77d-b2a77cc4f067}\
FF - HiddenExtension: XULRunner: {6338F594-28F8-456E-AB83-36AE2ABCC174} - c:\users\burgess\appdata\local\{6338f594-28f8-456e-ab83-36ae2abcc174}\
FF - HiddenExtension: XULRunner: {F98798E9-967A-4DC6-8E2F-219D49A08CA5} - c:\users\burgess\appdata\local\{f98798e9-967a-4dc6-8e2f-219d49a08ca5}\
FF - HiddenExtension: XULRunner: {01821E4B-21D3-4790-8A4E-94143451F52F} - c:\users\mitch\appdata\local\{01821E4B-21D3-4790-8A4E-94143451F52F}
FF - HiddenExtension: XULRunner: {F6398D06-40A8-4EA1-9661-949CD74133EA} - c:\users\burgess\appdata\local\{f6398d06-40a8-4ea1-9661-949cd74133ea}\
FF - HiddenExtension: XULRunner: {6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E} - c:\users\burgess\appdata\local\{6a0b4ca1-86c5-4dba-943f-ee39fb73bb5e}\
FF - HiddenExtension: XULRunner: {683FA8FB-F01E-44C1-ABAC-C6475BB96925} - c:\users\burgess\appdata\local\{683fa8fb-f01e-44c1-abac-c6475bb96925}\
FF - HiddenExtension: XULRunner: {BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA} - c:\users\burgess\appdata\local\{be74f2cc-9cd1-4f7a-9a6c-80a0481670aa}\
FF - HiddenExtension: XULRunner: {5D7A8ABB-8592-44BD-B2BA-BF0990146BBA} - c:\users\burgess\appdata\local\{5d7a8abb-8592-44bd-b2ba-bf0990146bba}\
FF - HiddenExtension: XULRunner: {BD731480-A9EC-4816-B79D-24F95F057CBD} - c:\users\burgess\appdata\local\{bd731480-a9ec-4816-b79d-24f95f057cbd}\
FF - HiddenExtension: XULRunner: {3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269} - c:\users\burgess\appdata\local\{3b3cbcb8-f53b-4937-a1f7-ecee6f55f269}\
FF - HiddenExtension: XULRunner: {EC979111-16D4-4E50-8BAC-EE34414910AE} - c:\users\burgess\appdata\local\{ec979111-16d4-4e50-8bac-ee34414910ae}\
FF - HiddenExtension: XULRunner: {0DA90A41-3898-42ED-98E2-3D419A50CAA1} - c:\users\burgess\appdata\local\{0da90a41-3898-42ed-98e2-3d419a50caa1}\
FF - HiddenExtension: XULRunner: {BAF7AE01-27FB-4B79-988D-FECEA71FA20D} - c:\users\burgess\appdata\local\{baf7ae01-27fb-4b79-988d-fecea71fa20d}\
FF - HiddenExtension: XULRunner: {C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD} - c:\users\burgess\appdata\local\{c0e5f93a-b27a-4b5f-8801-428b4e0fc2bd}\
FF - HiddenExtension: XULRunner: {68039E31-090F-46FC-AB41-DFDB6C02BBF5} - c:\users\burgess\appdata\local\{68039e31-090f-46fc-ab41-dfdb6c02bbf5}\
FF - HiddenExtension: XULRunner: {4544806E-EDAA-4F0E-A7B5-6240275647BE} - c:\users\burgess\appdata\local\{4544806e-edaa-4f0e-a7b5-6240275647be}\
FF - HiddenExtension: XULRunner: {A6CE39D0-E71C-414D-B947-40A159B0BCB8} - c:\users\burgess\appdata\local\{a6ce39d0-e71c-414d-b947-40a159b0bcb8}\
FF - HiddenExtension: XULRunner: {F1002F26-2DA2-498F-B365-12B963ACF028} - c:\users\burgess\appdata\local\{f1002f26-2da2-498f-b365-12b963acf028}\
FF - HiddenExtension: XULRunner: {26D99F41-F45E-415B-9A88-9C021FF8B261} - c:\users\burgess\appdata\local\{26d99f41-f45e-415b-9a88-9c021ff8b261}\
FF - HiddenExtension: XULRunner: {CDCD1E9A-0507-4214-8F09-35AA7BE29CCA} - c:\users\burgess\appdata\local\{cdcd1e9a-0507-4214-8f09-35aa7be29cca}\
FF - HiddenExtension: XULRunner: {7481D296-4103-484E-AE4D-02A2D50810B3} - c:\users\burgess\appdata\local\{7481d296-4103-484e-ae4d-02a2d50810b3}\
FF - HiddenExtension: XULRunner: {4088E2FF-59C5-40EA-ADBC-464B50028E94} - c:\users\burgess\appdata\local\{4088e2ff-59c5-40ea-adbc-464b50028e94}\
FF - HiddenExtension: XULRunner: {C6160785-6D8E-4B62-9FA0-7626CA51E5D6} - c:\users\burgess\appdata\local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}
FF - HiddenExtension: XULRunner: {022FD96B-7F52-4014-AE04-59ADDBDE423B} - c:\users\burgess\appdata\local\{022fd96b-7f52-4014-ae04-59addbde423b}\
FF - HiddenExtension: XULRunner: {1DB86530-0A76-486B-B420-60A53D9E71CC} - c:\users\burgess\appdata\local\{1db86530-0a76-486b-b420-60a53d9e71cc}\
FF - HiddenExtension: XULRunner: {ED436D7D-4AB9-4822-80BE-8E00D777D7FB} - c:\users\burgess\appdata\local\{ed436d7d-4ab9-4822-80be-8e00d777d7fb}\
FF - HiddenExtension: XULRunner: {AE84F59B-307C-448C-A770-6C1452076321} - c:\users\burgess\appdata\local\{ae84f59b-307c-448c-a770-6c1452076321}\
FF - HiddenExtension: XULRunner: {6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C} - c:\users\burgess\appdata\local\{6999ca1d-4c37-47af-9fee-f06c1e4b6c2c}\
FF - HiddenExtension: XULRunner: {0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0} - c:\users\burgess\appdata\local\{0ee3c837-9ea3-4698-bcd5-bd4e8d25d6a0}\
FF - HiddenExtension: XULRunner: {A0DC25C0-24F3-4191-931B-2B3EF93927CD} - c:\users\burgess\appdata\local\{a0dc25c0-24f3-4191-931b-2b3ef93927cd}\
FF - HiddenExtension: XULRunner: {0FAB358A-C40F-478C-A5FF-8779B638AD9E} - c:\users\burgess\appdata\local\{0fab358a-c40f-478c-a5ff-8779b638ad9e}\
FF - HiddenExtension: XULRunner: {C9F54624-A59B-4325-AABB-66FF9FD98736} - c:\users\burgess\appdata\local\{c9f54624-a59b-4325-aabb-66ff9fd98736}\
FF - HiddenExtension: XULRunner: {C95D7C0B-ADBD-47DF-B008-FB67FEF7A973} - c:\users\burgess\appdata\local\{c95d7c0b-adbd-47df-b008-fb67fef7a973}\
FF - HiddenExtension: XULRunner: {FE607F62-6217-4E73-9248-8B7A6B366F88} - c:\users\burgess\appdata\local\{fe607f62-6217-4e73-9248-8b7a6b366f88}\
FF - HiddenExtension: XULRunner: {4112B3DA-79AD-48EC-96CD-70B4BC640126} - c:\users\burgess\appdata\local\{4112b3da-79ad-48ec-96cd-70b4bc640126}\
FF - HiddenExtension: XULRunner: {ED17B3FF-1891-4950-80D0-8A81EC2BA586} - c:\users\burgess\appdata\local\{ed17b3ff-1891-4950-80d0-8a81ec2ba586}\
FF - HiddenExtension: XULRunner: {475C8C3D-2621-4C5F-9809-64A15F673D88} - c:\users\burgess\appdata\local\{475c8c3d-2621-4c5f-9809-64a15f673d88}\
FF - HiddenExtension: XULRunner: {55743ADC-2F04-4171-A8D8-6D61E6D761DF} - c:\users\burgess\appdata\local\{55743adc-2f04-4171-a8d8-6d61e6d761df}\
FF - HiddenExtension: XULRunner: {3B6758DE-B570-4947-8819-AF6487C6D70F} - c:\users\burgess\appdata\local\{3b6758de-b570-4947-8819-af6487c6d70f}\
FF - HiddenExtension: XULRunner: {87240927-E5C3-4273-B261-06E215C25FDB} - c:\users\burgess\appdata\local\{87240927-e5c3-4273-b261-06e215c25fdb}\
FF - HiddenExtension: XULRunner: {914891D9-9D3A-4FAF-8338-A591EDF7B91F} - c:\users\burgess\appdata\local\{914891d9-9d3a-4faf-8338-a591edf7b91f}\
FF - HiddenExtension: XULRunner: {D2C007E5-07C5-44CC-B784-B15CB859CC51} - c:\users\mitch\appdata\local\{d2c007e5-07c5-44cc-b784-b15cb859cc51}\
FF - HiddenExtension: XULRunner: {672C3E82-15C1-435D-A0E9-10055B4BB729} - c:\users\burgess\appdata\local\{672c3e82-15c1-435d-a0e9-10055b4bb729}\
FF - HiddenExtension: XULRunner: {8177E358-6724-4F4F-94ED-F3BA266B2F4D} - c:\users\mitch\appdata\local\{8177e358-6724-4f4f-94ed-f3ba266b2f4d}\
FF - HiddenExtension: XULRunner: {32C66F5A-FE41-4125-A0D7-BB515C3C5CD5} - c:\users\mitch\appdata\local\{32c66f5a-fe41-4125-a0d7-bb515c3c5cd5}\
FF - HiddenExtension: XULRunner: {371F34D1-442E-4DFE-83B5-94FFD0E28AA5} - c:\users\burgess\appdata\local\{371f34d1-442e-4dfe-83b5-94ffd0e28aa5}\
FF - HiddenExtension: XULRunner: {CFAE447E-2334-49F3-816B-18C3BE603BAA} - c:\users\burgess\appdata\local\{cfae447e-2334-49f3-816b-18c3be603baa}\
FF - HiddenExtension: XULRunner: {1810704F-1C9F-4845-8233-294709282F64} - c:\users\mitch\appdata\local\{1810704f-1c9f-4845-8233-294709282f64}\
FF - HiddenExtension: XULRunner: {CEF792E0-EB57-4F61-A923-86583A453012} - c:\users\burgess\appdata\local\{cef792e0-eb57-4f61-a923-86583a453012}\
FF - HiddenExtension: XULRunner: {B75241CE-1315-473E-9F67-5BD0CC5B81CE} - c:\users\burgess\appdata\local\{b75241ce-1315-473e-9f67-5bd0cc5b81ce}\
FF - HiddenExtension: XULRunner: {5FFCEFE7-55D7-4596-BB26-35F146CB6514} - c:\users\burgess\appdata\local\{5ffcefe7-55d7-4596-bb26-35f146cb6514}\
FF - HiddenExtension: XULRunner: {B24AA79A-3D0F-488B-B3F2-C272EB293B33} - c:\users\burgess\appdata\local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}
FF - HiddenExtension: XULRunner: {31AC73BF-FC18-4531-992F-1A997056EC2D} - c:\users\mitch\appdata\local\{31ac73bf-fc18-4531-992f-1a997056ec2d}\
FF - HiddenExtension: XULRunner: {EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB} - c:\users\mitch\appdata\local\{ef8738f8-113d-4a9e-99e2-fd24efdfb8eb}\
FF - HiddenExtension: XULRunner: {31C36255-13C9-47C0-9A9A-86B79BEB0BEB} - c:\users\burgess\appdata\local\{31c36255-13c9-47c0-9a9a-86b79beb0beb}\
FF - HiddenExtension: XULRunner: {314DA6F3-F502-4BD1-9E98-3871D2181070} - c:\users\mitch\appdata\local\{314da6f3-f502-4bd1-9e98-3871d2181070}\
FF - HiddenExtension: XULRunner: {B7CF1820-6297-46A8-8698-EB993DC9F725} - c:\users\mitch\appdata\local\{b7cf1820-6297-46a8-8698-eb993dc9f725}\
FF - HiddenExtension: XULRunner: {F94377AE-23E6-4B0D-980C-F6752EBD5BA6} - c:\users\burgess\appdata\local\{f94377ae-23e6-4b0d-980c-f6752ebd5ba6}\
FF - HiddenExtension: XULRunner: {15DE25A5-6AF4-427C-B0BA-BB6B756A51AA} - c:\users\mitch\appdata\local\{15de25a5-6af4-427c-b0ba-bb6b756a51aa}\
FF - HiddenExtension: XULRunner: {8F45B187-F84B-4F9B-B355-C6D470852FE5} - c:\users\mitch\appdata\local\{8f45b187-f84b-4f9b-b355-c6d470852fe5}\
FF - HiddenExtension: XULRunner: {26340601-01DA-4892-9DB4-C1DB073BCD2A} - c:\users\burgess\appdata\local\{26340601-01da-4892-9db4-c1db073bcd2a}\
FF - HiddenExtension: XULRunner: {C31F456D-3905-407A-BF5F-0C1BF8C7C00E} - c:\users\burgess\appdata\local\{c31f456d-3905-407a-bf5f-0c1bf8c7c00e}\
FF - HiddenExtension: XULRunner: {881B7250-BB32-49A5-BF2A-6C50AEB36157} - c:\users\burgess\appdata\local\{881b7250-bb32-49a5-bf2a-6c50aeb36157}\
FF - HiddenExtension: XULRunner: {D39F2292-FDDF-4A13-A130-8928898C222D} - c:\users\mitch\appdata\local\{D39F2292-FDDF-4A13-A130-8928898C222D}
FF - HiddenExtension: XULRunner: {A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8} - c:\users\burgess\appdata\local\{a1dd4d3b-ac42-4d35-8eb2-a6801fbd1cc8}\
FF - HiddenExtension: XULRunner: {E31A19FB-6077-4256-BA0B-296C016B8660} - c:\users\burgess\appdata\local\{e31a19fb-6077-4256-ba0b-296c016b8660}\
FF - HiddenExtension: XULRunner: {05F81070-019B-45B7-8F80-A9F5C4494815} - c:\users\burgess\appdata\local\{05f81070-019b-45b7-8f80-a9f5c4494815}\
FF - HiddenExtension: XULRunner: {5EDEF787-857A-492E-B679-87A15F6F82C9} - c:\users\burgess\appdata\local\{5edef787-857a-492e-b679-87a15f6f82c9}\
FF - HiddenExtension: XULRunner: {C7C476CA-30CD-4DC9-9988-1B56431ED140} - c:\users\burgess\appdata\local\{c7c476ca-30cd-4dc9-9988-1b56431ed140}\
FF - HiddenExtension: XULRunner: {85F75B53-2E79-4607-A1AA-D4E2D7018781} - c:\users\burgess\appdata\local\{85f75b53-2e79-4607-a1aa-d4e2d7018781}\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

============= SERVICES / DRIVERS ===============

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/09 17:19:27];c:\program files\cyberlink\powerdvd9\000.fcl [2009-9-1 87536]
S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2010-10-17 196320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-10-17 64080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1343400]

=============== Created Last 30 ================

2010-10-20 00:25:41 -------- d-----w- C:\temp
2010-10-18 01:14:24 -------- d-----w- c:\windows\system32\appmgmt
2010-10-18 00:10:43 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-18 00:10:35 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-10-18 00:10:35 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 00:10:34 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-10-18 00:08:39 -------- d-----w- c:\program files\Trend Micro
2010-10-17 23:19:26 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-10-17 15:54:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-17 15:54:14 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-16 12:45:30 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-16 10:09:10 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-16 10:01:03 -------- d-----w- c:\windows\CheckSur
2010-10-16 02:42:01 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 02:23:16 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-16 02:20:44 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 02:20:26 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 02:20:25 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 02:20:24 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 02:20:24 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 01:41:14 -------- d-----w- c:\users\mitch\appdata\roaming\Malwarebytes
2010-10-16 01:41:14 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-16 01:41:09 -------- d-----w- C:\MalwarebytesPortable
2010-10-13 22:23:31 -------- d-----w- C:\bcfc3ac9245f16ca6505ddefed
2010-10-13 02:30:39 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:31:01 -------- d-----w- c:\users\mitch\appdata\roaming\.minecraft
2010-09-23 21:42:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:24 224256 ----a-w- c:\windows\system32\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

============= FINISH: 17:18:35.18 ===============

Attach File:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 1/17/2010 1:23:10 PM
System Uptime: 10/20/2010 5:13:11 PM (0 hours ago)

Motherboard: ELITEGROUP | | MCP61PM-AM
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2611/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 362 GiB total, 269.006 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 4.5 GiB free.
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

==== System Restore Points ===================

RP89: 10/15/2010 7:19:10 PM - Windows Update
RP90: 10/15/2010 7:41:46 PM - Windows Update
RP91: 10/16/2010 3:00:12 AM - Windows Update
RP92: 10/16/2010 5:45:04 AM - Windows Update
RP93: 10/17/2010 7:53:24 AM - Windows Update
RP94: 10/17/2010 4:16:43 PM - Windows Update
RP95: 10/17/2010 4:57:38 PM - Windows Update
RP96: 10/17/2010 5:19:31 PM - TITANUIMRES[0x01111111]
RP97: 10/17/2010 6:10:31 PM - Removed Rosetta Stone V3.

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.5
Alien Swarm
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
Canon MP210 series
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
CyberLink PowerDVD 9
Day of Defeat: Source
Definition update for Microsoft Office 2010 (KB982726)
Garry's Mod
Gateway Recovery Center Installer
Guild Wars
Guild Wars: Game of the Year
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
iPhone Configuration Utility
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
League of Legends
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Live Add-in Patches
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio Macro Tools
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PixiePack Codec Pack
Portal
PS2 Multimedia Keyboard Driver
PVSonyDll
QuickTime
R-Studio 5.1
Realtek High Definition Audio Driver
Rosetta Stone V3
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Word 2010 (KB2345000)
Soft Data Fax Modem with SmartCP
Source SDK
Spelling Dictionaries Support For Adobe Reader 8
Steam
Team Fortress 2
Trend Microâ„¢ Titaniumâ„¢ Maximum Security
Tunebite
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft OneNote 2010 (KB2288640)
Update for Microsoft Outlook Social Connector (KB2289116)
Warcraft III
Warcraft III: All Products
Web Deployment Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinZip 14.5

==== Event Viewer Messages From Past Week ========

10/20/2010 5:15:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:14:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:14:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/20/2010 5:14:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/20/2010 5:14:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/20/2010 5:13:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/20/2010 5:13:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr tmtdi Wanarpv6
10/20/2010 5:13:44 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:13:44 PM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:13:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments " " in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
10/20/2010 5:05:28 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:05:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/20/2010 5:05:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/20/2010 5:02:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmtdi Wanarpv6 WfpLwf
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2010 5:02:18 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/20/2010 3:48:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments " " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/20/2010 2:32:47 PM, Error: nvlddmkm [14] -
10/20/2010 1:37:52 PM, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x800700b7' when adding the URL 'http://+:10243/WMPNSSv4/3608110631/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
10/20/2010 1:37:52 PM, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x800700b7'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
10/19/2010 8:22:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0x85ba8510, 0x91904326, 0xc00000b5, 0x0000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101910-13322-01.
10/19/2010 8:09:43 AM, Error: volmgr [46] - Crash dump initialization failed!
10/19/2010 6:19:52 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
10/19/2010 4:24:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/17/2010 4:53:09 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 (KB979538).
10/17/2010 4:48:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
10/17/2010 4:10:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
10/17/2010 4:10:48 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/17/2010 12:14:24 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi Wanarpv6 WfpLwf
10/17/2010 11:00:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr tmtdi Wanarpv6
10/16/2010 8:49:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
10/16/2010 8:28:58 PM, Error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
10/16/2010 12:51:05 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{be4aed3e-9dcc-11de-867d-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1A79B012-0068-45A3-A379-DA924A158422}' was corrupted and it has been recovered. Some data might have been lost.
10/15/2010 6:37:39 PM, Error: Service Control Manager [7030] - The LogMeIn Rescue (17bcc29b-13b0-47ff-8b87-68dca52ecde9) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/15/2010 5:23:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi Wanarpv6 WfpLwf
10/13/2010 9:32:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
10/13/2010 3:22:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 and Windows 7 x86 (KB2416471).
10/13/2010 3:21:54 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2345886).
10/13/2010 3:19:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB979688).
10/13/2010 3:19:29 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2281679).

==== End Of File ===========================

broni · 2010/10/20

What are computer's issues?
Is there any particular reason, DDS was run from safe mode?

Mburgess · 2010/10/20

The computer issue is that it will not run in normal mode and the only way to start the computer is in safe mode that is why it was run from safe mode

broni · 2010/10/20

OK.

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Mburgess · 2010/10/20

Here is the combofix report:

ComboFix 10-10-20.01 - Mitch 10/20/2010 19:02:42.1.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2560 [GMT -7:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Burgess\Favorites\Fax Cover Sheet.docx
c:\users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D}
c:\users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D}\chrome.manifest
c:\users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D}\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D}\chrome\content\overlay.xul
c:\users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D}\install.rdf
c:\users\Mitch\GT704-WGB_RAW-USB_Drivers.exe
c:\windows\system32\service
c:\windows\system32\service\01012010_TIS17_SfFniAU.log
c:\windows\system32\service\01102009_TIS17_SfFniAU.log
c:\windows\system32\service\12102009_TIS17_SfFniAU.log
c:\windows\system32\service\14092009_TIS17_SfFniAU.log
c:\windows\system32\service\17112009_TIS17_SfFniAU.log
c:\windows\system32\service\20092009_TIS17_SfFniAU.log
c:\windows\system32\service\23112009_TIS17_SfFniAU.log
c:\windows\system32\service\24092009_TIS17_SfFniAU.log
c:\windows\system32\service\25122009_TIS17_SfFniAU.log
c:\windows\system32\service\29102009_TIS17_SfFniAU.log
D:\resycled

.
((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 02:08 . 2010-10-21 02:09 -------- d-----w- c:\users\Mitch\AppData\Local\temp
2010-10-21 02:08 . 2010-10-21 02:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-21 02:08 . 2010-10-21 02:08 -------- d-----w- c:\users\Burgess\AppData\Local\temp
2010-10-20 00:25 . 2010-10-20 00:25 -------- d-----w- C:\temp
2010-10-18 00:10 . 2010-10-18 00:08 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-18 00:10 . 2010-10-18 00:08 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-10-18 00:10 . 2010-10-18 00:08 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 00:10 . 2010-10-18 00:08 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-10-18 00:08 . 2010-10-18 00:09 -------- d-----w- c:\program files\Trend Micro
2010-10-17 23:19 . 2010-10-17 23:19 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-10-17 15:54 . 2010-10-17 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-17 15:54 . 2010-10-17 23:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-16 12:45 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-16 10:09 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-16 10:01 . 2010-10-16 10:01 -------- d-----w- c:\windows\CheckSur
2010-10-16 02:42 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 02:23 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-16 02:20 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 02:20 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 02:20 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 02:20 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 02:20 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 01:41 . 2010-10-16 02:01 -------- d-----w- C:\MalwarebytesPortable
2010-10-13 22:23 . 2010-10-13 22:23 -------- d-----w- C:\bcfc3ac9245f16ca6505ddefed
2010-10-13 02:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:31 . 2010-10-13 04:51 -------- d-----w- c:\users\Mitch\AppData\Roaming\.minecraft
2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
2010-10-18 00:08 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\steam\steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-04-23 4435968]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-02 75048]
"CHotkey "= "zHotkey.exe" [2006-11-07 547840]
"ModPS2 "= "ModPS2Key.exe" [2006-11-07 53248]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"ShowWnd "= "ShowWnd.exe" [2005-01-27 36864]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Trend Micro Client Framework "= "c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-18 112632]
"Trend Micro Titanium "= "c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-10-18 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@= "[6cFgE][S?Ã»?d, ?Ã¬deÃ´ ??d gª?Ã¨ ¢o?tr?l?Ã¨?š !!! !!! !] "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@= "Portable Media Devices "

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/09 17:19];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 87536]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-10-18 64080]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3CD5BA76-9114-442D-BB31-45AAD6FA5721} - c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}
FF - HiddenExtension: XULRunner: {41D2D2E6-FBD7-40AC-A333-5DB10C27573B} - c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}
FF - HiddenExtension: XULRunner: {6F297557-72A9-4E1E-869B-00ABF34E4564} - c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\
FF - HiddenExtension: XULRunner: {FC34A486-C113-41A3-A77F-FFCE46E4005A} - c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\
FF - HiddenExtension: XULRunner: {80119070-146C-4601-8DD1-2C9C77472A26} - c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\
FF - HiddenExtension: XULRunner: {AB4295A0-6278-4D5E-8E58-B7028EEEDBE0} - c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\
FF - HiddenExtension: XULRunner: {0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1} - c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\
FF - HiddenExtension: XULRunner: {021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} - c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}
FF - HiddenExtension: XULRunner: {A87EB6EE-E449-436F-95E5-B97985E078BF} - c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\
FF - HiddenExtension: XULRunner: {FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} - c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}
FF - HiddenExtension: XULRunner: {D4A4CCE1-34ED-444B-B462-F7AE98E4257C} - c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\
FF - HiddenExtension: XULRunner: {01AF4BC4-E612-4D01-AABD-4026D89B0220} - c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\
FF - HiddenExtension: XULRunner: {DCA46154-0766-4AD6-8454-1257208B4C86} - c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\
FF - HiddenExtension: XULRunner: {3B2676BD-D009-4E84-B77D-B2A77CC4F067} - c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\
FF - HiddenExtension: XULRunner: {6338F594-28F8-456E-AB83-36AE2ABCC174} - c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\
FF - HiddenExtension: XULRunner: {F98798E9-967A-4DC6-8E2F-219D49A08CA5} - c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\
FF - HiddenExtension: XULRunner: {01821E4B-21D3-4790-8A4E-94143451F52F} - c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}
FF - HiddenExtension: XULRunner: {F6398D06-40A8-4EA1-9661-949CD74133EA} - c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\
FF - HiddenExtension: XULRunner: {6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E} - c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\
FF - HiddenExtension: XULRunner: {683FA8FB-F01E-44C1-ABAC-C6475BB96925} - c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\
FF - HiddenExtension: XULRunner: {BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA} - c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\
FF - HiddenExtension: XULRunner: {5D7A8ABB-8592-44BD-B2BA-BF0990146BBA} - c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\
FF - HiddenExtension: XULRunner: {BD731480-A9EC-4816-B79D-24F95F057CBD} - c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\
FF - HiddenExtension: XULRunner: {3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269} - c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\
FF - HiddenExtension: XULRunner: {EC979111-16D4-4E50-8BAC-EE34414910AE} - c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\
FF - HiddenExtension: XULRunner: {0DA90A41-3898-42ED-98E2-3D419A50CAA1} - c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\
FF - HiddenExtension: XULRunner: {BAF7AE01-27FB-4B79-988D-FECEA71FA20D} - c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\
FF - HiddenExtension: XULRunner: {C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD} - c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\
FF - HiddenExtension: XULRunner: {68039E31-090F-46FC-AB41-DFDB6C02BBF5} - c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\
FF - HiddenExtension: XULRunner: {4544806E-EDAA-4F0E-A7B5-6240275647BE} - c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\
FF - HiddenExtension: XULRunner: {A6CE39D0-E71C-414D-B947-40A159B0BCB8} - c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\
FF - HiddenExtension: XULRunner: {F1002F26-2DA2-498F-B365-12B963ACF028} - c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\
FF - HiddenExtension: XULRunner: {26D99F41-F45E-415B-9A88-9C021FF8B261} - c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\
FF - HiddenExtension: XULRunner: {CDCD1E9A-0507-4214-8F09-35AA7BE29CCA} - c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\
FF - HiddenExtension: XULRunner: {7481D296-4103-484E-AE4D-02A2D50810B3} - c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\
FF - HiddenExtension: XULRunner: {4088E2FF-59C5-40EA-ADBC-464B50028E94} - c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\
FF - HiddenExtension: XULRunner: {C6160785-6D8E-4B62-9FA0-7626CA51E5D6} - c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}
FF - HiddenExtension: XULRunner: {022FD96B-7F52-4014-AE04-59ADDBDE423B} - c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\
FF - HiddenExtension: XULRunner: {1DB86530-0A76-486B-B420-60A53D9E71CC} - c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\
FF - HiddenExtension: XULRunner: {ED436D7D-4AB9-4822-80BE-8E00D777D7FB} - c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\
FF - HiddenExtension: XULRunner: {AE84F59B-307C-448C-A770-6C1452076321} - c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\
FF - HiddenExtension: XULRunner: {6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C} - c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\
FF - HiddenExtension: XULRunner: {0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0} - c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\
FF - HiddenExtension: XULRunner: {A0DC25C0-24F3-4191-931B-2B3EF93927CD} - c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\
FF - HiddenExtension: XULRunner: {0FAB358A-C40F-478C-A5FF-8779B638AD9E} - c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\
FF - HiddenExtension: XULRunner: {C9F54624-A59B-4325-AABB-66FF9FD98736} - c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\
FF - HiddenExtension: XULRunner: {C95D7C0B-ADBD-47DF-B008-FB67FEF7A973} - c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\
FF - HiddenExtension: XULRunner: {FE607F62-6217-4E73-9248-8B7A6B366F88} - c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\
FF - HiddenExtension: XULRunner: {4112B3DA-79AD-48EC-96CD-70B4BC640126} - c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\
FF - HiddenExtension: XULRunner: {ED17B3FF-1891-4950-80D0-8A81EC2BA586} - c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\
FF - HiddenExtension: XULRunner: {475C8C3D-2621-4C5F-9809-64A15F673D88} - c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\
FF - HiddenExtension: XULRunner: {55743ADC-2F04-4171-A8D8-6D61E6D761DF} - c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\
FF - HiddenExtension: XULRunner: {3B6758DE-B570-4947-8819-AF6487C6D70F} - c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\
FF - HiddenExtension: XULRunner: {87240927-E5C3-4273-B261-06E215C25FDB} - c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\
FF - HiddenExtension: XULRunner: {914891D9-9D3A-4FAF-8338-A591EDF7B91F} - c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\
FF - HiddenExtension: XULRunner: {D2C007E5-07C5-44CC-B784-B15CB859CC51} - c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\
FF - HiddenExtension: XULRunner: {672C3E82-15C1-435D-A0E9-10055B4BB729} - c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\
FF - HiddenExtension: XULRunner: {8177E358-6724-4F4F-94ED-F3BA266B2F4D} - c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\
FF - HiddenExtension: XULRunner: {32C66F5A-FE41-4125-A0D7-BB515C3C5CD5} - c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\
FF - HiddenExtension: XULRunner: {371F34D1-442E-4DFE-83B5-94FFD0E28AA5} - c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\
FF - HiddenExtension: XULRunner: {CFAE447E-2334-49F3-816B-18C3BE603BAA} - c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\
FF - HiddenExtension: XULRunner: {1810704F-1C9F-4845-8233-294709282F64} - c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\
FF - HiddenExtension: XULRunner: {CEF792E0-EB57-4F61-A923-86583A453012} - c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\
FF - HiddenExtension: XULRunner: {B75241CE-1315-473E-9F67-5BD0CC5B81CE} - c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\
FF - HiddenExtension: XULRunner: {5FFCEFE7-55D7-4596-BB26-35F146CB6514} - c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\
FF - HiddenExtension: XULRunner: {B24AA79A-3D0F-488B-B3F2-C272EB293B33} - c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}
FF - HiddenExtension: XULRunner: {31AC73BF-FC18-4531-992F-1A997056EC2D} - c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\
FF - HiddenExtension: XULRunner: {EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB} - c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\
FF - HiddenExtension: XULRunner: {31C36255-13C9-47C0-9A9A-86B79BEB0BEB} - c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\
FF - HiddenExtension: XULRunner: {314DA6F3-F502-4BD1-9E98-3871D2181070} - c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\
FF - HiddenExtension: XULRunner: {B7CF1820-6297-46A8-8698-EB993DC9F725} - c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\
FF - HiddenExtension: XULRunner: {F94377AE-23E6-4B0D-980C-F6752EBD5BA6} - c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\
FF - HiddenExtension: XULRunner: {15DE25A5-6AF4-427C-B0BA-BB6B756A51AA} - c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\
FF - HiddenExtension: XULRunner: {8F45B187-F84B-4F9B-B355-C6D470852FE5} - c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\
FF - HiddenExtension: XULRunner: {26340601-01DA-4892-9DB4-C1DB073BCD2A} - c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\
FF - HiddenExtension: XULRunner: {C31F456D-3905-407A-BF5F-0C1BF8C7C00E} - c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\
FF - HiddenExtension: XULRunner: {881B7250-BB32-49A5-BF2A-6C50AEB36157} - c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\
FF - HiddenExtension: XULRunner: {A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8} - c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\
FF - HiddenExtension: XULRunner: {E31A19FB-6077-4256-BA0B-296C016B8660} - c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\
FF - HiddenExtension: XULRunner: {05F81070-019B-45B7-8F80-A9F5C4494815} - c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\
FF - HiddenExtension: XULRunner: {5EDEF787-857A-492E-B679-87A15F6F82C9} - c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\
FF - HiddenExtension: XULRunner: {C7C476CA-30CD-4DC9-9988-1B56431ED140} - c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\
FF - HiddenExtension: XULRunner: {85F75B53-2E79-4607-A1AA-D4E2D7018781} - c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-drmkaud
SafeBoot-HdAudAddService

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-20 19:10:42
ComboFix-quarantined-files.txt 2010-10-21 02:10

Pre-Run: 288,669,097,984 bytes free
Post-Run: 288,465,166,336 bytes free

- - End Of File - - F5C8B7223D047A0D0D21DDBE9EFB2F0B

broni · 2010/10/20

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

DDS::
FF - HiddenExtension: XULRunner: {3CD5BA76-9114-442D-BB31-45AAD6FA5721} - c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}
FF - HiddenExtension: XULRunner: {41D2D2E6-FBD7-40AC-A333-5DB10C27573B} - c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}
FF - HiddenExtension: XULRunner: {6F297557-72A9-4E1E-869B-00ABF34E4564} - c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\
FF - HiddenExtension: XULRunner: {FC34A486-C113-41A3-A77F-FFCE46E4005A} - c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\
FF - HiddenExtension: XULRunner: {80119070-146C-4601-8DD1-2C9C77472A26} - c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\
FF - HiddenExtension: XULRunner: {AB4295A0-6278-4D5E-8E58-B7028EEEDBE0} - c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\
FF - HiddenExtension: XULRunner: {0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1} - c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\
FF - HiddenExtension: XULRunner: {021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} - c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}
FF - HiddenExtension: XULRunner: {A87EB6EE-E449-436F-95E5-B97985E078BF} - c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\
FF - HiddenExtension: XULRunner: {FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} - c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}
FF - HiddenExtension: XULRunner: {D4A4CCE1-34ED-444B-B462-F7AE98E4257C} - c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\
FF - HiddenExtension: XULRunner: {01AF4BC4-E612-4D01-AABD-4026D89B0220} - c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\
FF - HiddenExtension: XULRunner: {DCA46154-0766-4AD6-8454-1257208B4C86} - c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\
FF - HiddenExtension: XULRunner: {3B2676BD-D009-4E84-B77D-B2A77CC4F067} - c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\
FF - HiddenExtension: XULRunner: {6338F594-28F8-456E-AB83-36AE2ABCC174} - c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\
FF - HiddenExtension: XULRunner: {F98798E9-967A-4DC6-8E2F-219D49A08CA5} - c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\
FF - HiddenExtension: XULRunner: {01821E4B-21D3-4790-8A4E-94143451F52F} - c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}
FF - HiddenExtension: XULRunner: {F6398D06-40A8-4EA1-9661-949CD74133EA} - c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\
FF - HiddenExtension: XULRunner: {6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E} - c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\
FF - HiddenExtension: XULRunner: {683FA8FB-F01E-44C1-ABAC-C6475BB96925} - c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\
FF - HiddenExtension: XULRunner: {BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA} - c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\
FF - HiddenExtension: XULRunner: {5D7A8ABB-8592-44BD-B2BA-BF0990146BBA} - c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\
FF - HiddenExtension: XULRunner: {BD731480-A9EC-4816-B79D-24F95F057CBD} - c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\
FF - HiddenExtension: XULRunner: {3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269} - c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\
FF - HiddenExtension: XULRunner: {EC979111-16D4-4E50-8BAC-EE34414910AE} - c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\
FF - HiddenExtension: XULRunner: {0DA90A41-3898-42ED-98E2-3D419A50CAA1} - c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\
FF - HiddenExtension: XULRunner: {BAF7AE01-27FB-4B79-988D-FECEA71FA20D} - c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\
FF - HiddenExtension: XULRunner: {C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD} - c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\
FF - HiddenExtension: XULRunner: {68039E31-090F-46FC-AB41-DFDB6C02BBF5} - c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\
FF - HiddenExtension: XULRunner: {4544806E-EDAA-4F0E-A7B5-6240275647BE} - c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\
FF - HiddenExtension: XULRunner: {A6CE39D0-E71C-414D-B947-40A159B0BCB8} - c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\
FF - HiddenExtension: XULRunner: {F1002F26-2DA2-498F-B365-12B963ACF028} - c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\
FF - HiddenExtension: XULRunner: {26D99F41-F45E-415B-9A88-9C021FF8B261} - c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\
FF - HiddenExtension: XULRunner: {CDCD1E9A-0507-4214-8F09-35AA7BE29CCA} - c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\
FF - HiddenExtension: XULRunner: {7481D296-4103-484E-AE4D-02A2D50810B3} - c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\
FF - HiddenExtension: XULRunner: {4088E2FF-59C5-40EA-ADBC-464B50028E94} - c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\
FF - HiddenExtension: XULRunner: {C6160785-6D8E-4B62-9FA0-7626CA51E5D6} - c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}
FF - HiddenExtension: XULRunner: {022FD96B-7F52-4014-AE04-59ADDBDE423B} - c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\
FF - HiddenExtension: XULRunner: {1DB86530-0A76-486B-B420-60A53D9E71CC} - c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\
FF - HiddenExtension: XULRunner: {ED436D7D-4AB9-4822-80BE-8E00D777D7FB} - c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\
FF - HiddenExtension: XULRunner: {AE84F59B-307C-448C-A770-6C1452076321} - c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\
FF - HiddenExtension: XULRunner: {6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C} - c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\
FF - HiddenExtension: XULRunner: {0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0} - c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\
FF - HiddenExtension: XULRunner: {A0DC25C0-24F3-4191-931B-2B3EF93927CD} - c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\
FF - HiddenExtension: XULRunner: {0FAB358A-C40F-478C-A5FF-8779B638AD9E} - c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\
FF - HiddenExtension: XULRunner: {C9F54624-A59B-4325-AABB-66FF9FD98736} - c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\
FF - HiddenExtension: XULRunner: {C95D7C0B-ADBD-47DF-B008-FB67FEF7A973} - c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\
FF - HiddenExtension: XULRunner: {FE607F62-6217-4E73-9248-8B7A6B366F88} - c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\
FF - HiddenExtension: XULRunner: {4112B3DA-79AD-48EC-96CD-70B4BC640126} - c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\
FF - HiddenExtension: XULRunner: {ED17B3FF-1891-4950-80D0-8A81EC2BA586} - c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\
FF - HiddenExtension: XULRunner: {475C8C3D-2621-4C5F-9809-64A15F673D88} - c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\
FF - HiddenExtension: XULRunner: {55743ADC-2F04-4171-A8D8-6D61E6D761DF} - c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\
FF - HiddenExtension: XULRunner: {3B6758DE-B570-4947-8819-AF6487C6D70F} - c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\
FF - HiddenExtension: XULRunner: {87240927-E5C3-4273-B261-06E215C25FDB} - c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\
FF - HiddenExtension: XULRunner: {914891D9-9D3A-4FAF-8338-A591EDF7B91F} - c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\
FF - HiddenExtension: XULRunner: {D2C007E5-07C5-44CC-B784-B15CB859CC51} - c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\
FF - HiddenExtension: XULRunner: {672C3E82-15C1-435D-A0E9-10055B4BB729} - c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\
FF - HiddenExtension: XULRunner: {8177E358-6724-4F4F-94ED-F3BA266B2F4D} - c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\
FF - HiddenExtension: XULRunner: {32C66F5A-FE41-4125-A0D7-BB515C3C5CD5} - c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\
FF - HiddenExtension: XULRunner: {371F34D1-442E-4DFE-83B5-94FFD0E28AA5} - c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\
FF - HiddenExtension: XULRunner: {CFAE447E-2334-49F3-816B-18C3BE603BAA} - c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\
FF - HiddenExtension: XULRunner: {1810704F-1C9F-4845-8233-294709282F64} - c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\
FF - HiddenExtension: XULRunner: {CEF792E0-EB57-4F61-A923-86583A453012} - c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\
FF - HiddenExtension: XULRunner: {B75241CE-1315-473E-9F67-5BD0CC5B81CE} - c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\
FF - HiddenExtension: XULRunner: {5FFCEFE7-55D7-4596-BB26-35F146CB6514} - c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\
FF - HiddenExtension: XULRunner: {B24AA79A-3D0F-488B-B3F2-C272EB293B33} - c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}
FF - HiddenExtension: XULRunner: {31AC73BF-FC18-4531-992F-1A997056EC2D} - c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\
FF - HiddenExtension: XULRunner: {EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB} - c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\
FF - HiddenExtension: XULRunner: {31C36255-13C9-47C0-9A9A-86B79BEB0BEB} - c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\
FF - HiddenExtension: XULRunner: {314DA6F3-F502-4BD1-9E98-3871D2181070} - c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\
FF - HiddenExtension: XULRunner: {B7CF1820-6297-46A8-8698-EB993DC9F725} - c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\
FF - HiddenExtension: XULRunner: {F94377AE-23E6-4B0D-980C-F6752EBD5BA6} - c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\
FF - HiddenExtension: XULRunner: {15DE25A5-6AF4-427C-B0BA-BB6B756A51AA} - c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\
FF - HiddenExtension: XULRunner: {8F45B187-F84B-4F9B-B355-C6D470852FE5} - c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\
FF - HiddenExtension: XULRunner: {26340601-01DA-4892-9DB4-C1DB073BCD2A} - c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\
FF - HiddenExtension: XULRunner: {C31F456D-3905-407A-BF5F-0C1BF8C7C00E} - c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\
FF - HiddenExtension: XULRunner: {881B7250-BB32-49A5-BF2A-6C50AEB36157} - c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\
FF - HiddenExtension: XULRunner: {A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8} - c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\
FF - HiddenExtension: XULRunner: {E31A19FB-6077-4256-BA0B-296C016B8660} - c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\
FF - HiddenExtension: XULRunner: {05F81070-019B-45B7-8F80-A9F5C4494815} - c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\
FF - HiddenExtension: XULRunner: {5EDEF787-857A-492E-B679-87A15F6F82C9} - c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\
FF - HiddenExtension: XULRunner: {C7C476CA-30CD-4DC9-9988-1B56431ED140} - c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\
FF - HiddenExtension: XULRunner: {85F75B53-2E79-4607-A1AA-D4E2D7018781} - c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Mburgess · 2010/10/20

New Log:

ComboFix 10-10-20.01 - Mitch 10/20/2010 19:50:11.2.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2282 [GMT -7:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
Command switches used :: c:\users\Mitch\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 02:53 . 2010-10-21 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-21 02:53 . 2010-10-21 02:53 -------- d-----w- c:\users\Burgess\AppData\Local\temp
2010-10-21 02:53 . 2010-10-21 02:53 -------- d-----w- c:\users\AppData\AppData\Local\temp
2010-10-21 02:48 . 2010-10-21 02:49 -------- d-----w- C:\32788R22FWJFW
2010-10-21 02:10 . 2010-10-21 02:53 -------- d-----w- c:\users\Mitch\AppData\Local\temp
2010-10-20 00:25 . 2010-10-20 00:25 -------- d-----w- C:\temp
2010-10-18 00:10 . 2010-10-18 00:08 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-18 00:10 . 2010-10-18 00:08 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-10-18 00:10 . 2010-10-18 00:08 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 00:10 . 2010-10-18 00:08 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-10-18 00:08 . 2010-10-18 00:09 -------- d-----w- c:\program files\Trend Micro
2010-10-17 23:19 . 2010-10-17 23:19 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-10-17 15:54 . 2010-10-17 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-17 15:54 . 2010-10-17 23:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-16 12:45 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-16 10:09 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-16 10:01 . 2010-10-16 10:01 -------- d-----w- c:\windows\CheckSur
2010-10-16 02:42 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 02:23 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-16 02:20 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 02:20 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 02:20 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 02:20 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 02:20 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 01:41 . 2010-10-16 02:01 -------- d-----w- C:\MalwarebytesPortable
2010-10-13 22:23 . 2010-10-13 22:23 -------- d-----w- C:\bcfc3ac9245f16ca6505ddefed
2010-10-13 02:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:31 . 2010-10-13 04:51 -------- d-----w- c:\users\Mitch\AppData\Roaming\.minecraft
2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
2010-10-18 00:08 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\steam\steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-04-23 4435968]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-02 75048]
"CHotkey "= "zHotkey.exe" [2006-11-07 547840]
"ModPS2 "= "ModPS2Key.exe" [2006-11-07 53248]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"ShowWnd "= "ShowWnd.exe" [2005-01-27 36864]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Trend Micro Client Framework "= "c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-18 112632]
"Trend Micro Titanium "= "c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-10-18 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@= "[6cFgE][S?Ã»?d, ?Ã¬deÃ´ ??d gª?Ã¨ ¢o?tr?l?Ã¨?š !!! !!! !] "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@= "Portable Media Devices "

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/09 17:19];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 87536]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-10-18 64080]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3CD5BA76-9114-442D-BB31-45AAD6FA5721} - c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}
FF - HiddenExtension: XULRunner: {41D2D2E6-FBD7-40AC-A333-5DB10C27573B} - c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}
FF - HiddenExtension: XULRunner: {6F297557-72A9-4E1E-869B-00ABF34E4564} - c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\
FF - HiddenExtension: XULRunner: {FC34A486-C113-41A3-A77F-FFCE46E4005A} - c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\
FF - HiddenExtension: XULRunner: {80119070-146C-4601-8DD1-2C9C77472A26} - c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\
FF - HiddenExtension: XULRunner: {AB4295A0-6278-4D5E-8E58-B7028EEEDBE0} - c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\
FF - HiddenExtension: XULRunner: {0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1} - c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\
FF - HiddenExtension: XULRunner: {021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} - c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}
FF - HiddenExtension: XULRunner: {A87EB6EE-E449-436F-95E5-B97985E078BF} - c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\
FF - HiddenExtension: XULRunner: {FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} - c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}
FF - HiddenExtension: XULRunner: {D4A4CCE1-34ED-444B-B462-F7AE98E4257C} - c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\
FF - HiddenExtension: XULRunner: {01AF4BC4-E612-4D01-AABD-4026D89B0220} - c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\
FF - HiddenExtension: XULRunner: {DCA46154-0766-4AD6-8454-1257208B4C86} - c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\
FF - HiddenExtension: XULRunner: {3B2676BD-D009-4E84-B77D-B2A77CC4F067} - c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\
FF - HiddenExtension: XULRunner: {6338F594-28F8-456E-AB83-36AE2ABCC174} - c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\
FF - HiddenExtension: XULRunner: {F98798E9-967A-4DC6-8E2F-219D49A08CA5} - c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\
FF - HiddenExtension: XULRunner: {01821E4B-21D3-4790-8A4E-94143451F52F} - c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}
FF - HiddenExtension: XULRunner: {F6398D06-40A8-4EA1-9661-949CD74133EA} - c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\
FF - HiddenExtension: XULRunner: {6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E} - c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\
FF - HiddenExtension: XULRunner: {683FA8FB-F01E-44C1-ABAC-C6475BB96925} - c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\
FF - HiddenExtension: XULRunner: {BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA} - c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\
FF - HiddenExtension: XULRunner: {5D7A8ABB-8592-44BD-B2BA-BF0990146BBA} - c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\
FF - HiddenExtension: XULRunner: {BD731480-A9EC-4816-B79D-24F95F057CBD} - c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\
FF - HiddenExtension: XULRunner: {3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269} - c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\
FF - HiddenExtension: XULRunner: {EC979111-16D4-4E50-8BAC-EE34414910AE} - c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\
FF - HiddenExtension: XULRunner: {0DA90A41-3898-42ED-98E2-3D419A50CAA1} - c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\
FF - HiddenExtension: XULRunner: {BAF7AE01-27FB-4B79-988D-FECEA71FA20D} - c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\
FF - HiddenExtension: XULRunner: {C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD} - c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\
FF - HiddenExtension: XULRunner: {68039E31-090F-46FC-AB41-DFDB6C02BBF5} - c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\
FF - HiddenExtension: XULRunner: {4544806E-EDAA-4F0E-A7B5-6240275647BE} - c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\
FF - HiddenExtension: XULRunner: {A6CE39D0-E71C-414D-B947-40A159B0BCB8} - c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\
FF - HiddenExtension: XULRunner: {F1002F26-2DA2-498F-B365-12B963ACF028} - c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\
FF - HiddenExtension: XULRunner: {26D99F41-F45E-415B-9A88-9C021FF8B261} - c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\
FF - HiddenExtension: XULRunner: {CDCD1E9A-0507-4214-8F09-35AA7BE29CCA} - c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\
FF - HiddenExtension: XULRunner: {7481D296-4103-484E-AE4D-02A2D50810B3} - c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\
FF - HiddenExtension: XULRunner: {4088E2FF-59C5-40EA-ADBC-464B50028E94} - c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\
FF - HiddenExtension: XULRunner: {C6160785-6D8E-4B62-9FA0-7626CA51E5D6} - c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}
FF - HiddenExtension: XULRunner: {022FD96B-7F52-4014-AE04-59ADDBDE423B} - c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\
FF - HiddenExtension: XULRunner: {1DB86530-0A76-486B-B420-60A53D9E71CC} - c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\
FF - HiddenExtension: XULRunner: {ED436D7D-4AB9-4822-80BE-8E00D777D7FB} - c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\
FF - HiddenExtension: XULRunner: {AE84F59B-307C-448C-A770-6C1452076321} - c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\
FF - HiddenExtension: XULRunner: {6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C} - c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\
FF - HiddenExtension: XULRunner: {0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0} - c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\
FF - HiddenExtension: XULRunner: {A0DC25C0-24F3-4191-931B-2B3EF93927CD} - c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\
FF - HiddenExtension: XULRunner: {0FAB358A-C40F-478C-A5FF-8779B638AD9E} - c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\
FF - HiddenExtension: XULRunner: {C9F54624-A59B-4325-AABB-66FF9FD98736} - c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\
FF - HiddenExtension: XULRunner: {C95D7C0B-ADBD-47DF-B008-FB67FEF7A973} - c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\
FF - HiddenExtension: XULRunner: {FE607F62-6217-4E73-9248-8B7A6B366F88} - c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\
FF - HiddenExtension: XULRunner: {4112B3DA-79AD-48EC-96CD-70B4BC640126} - c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\
FF - HiddenExtension: XULRunner: {ED17B3FF-1891-4950-80D0-8A81EC2BA586} - c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\
FF - HiddenExtension: XULRunner: {475C8C3D-2621-4C5F-9809-64A15F673D88} - c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\
FF - HiddenExtension: XULRunner: {55743ADC-2F04-4171-A8D8-6D61E6D761DF} - c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\
FF - HiddenExtension: XULRunner: {3B6758DE-B570-4947-8819-AF6487C6D70F} - c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\
FF - HiddenExtension: XULRunner: {87240927-E5C3-4273-B261-06E215C25FDB} - c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\
FF - HiddenExtension: XULRunner: {914891D9-9D3A-4FAF-8338-A591EDF7B91F} - c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\
FF - HiddenExtension: XULRunner: {D2C007E5-07C5-44CC-B784-B15CB859CC51} - c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\
FF - HiddenExtension: XULRunner: {672C3E82-15C1-435D-A0E9-10055B4BB729} - c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\
FF - HiddenExtension: XULRunner: {8177E358-6724-4F4F-94ED-F3BA266B2F4D} - c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\
FF - HiddenExtension: XULRunner: {32C66F5A-FE41-4125-A0D7-BB515C3C5CD5} - c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\
FF - HiddenExtension: XULRunner: {371F34D1-442E-4DFE-83B5-94FFD0E28AA5} - c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\
FF - HiddenExtension: XULRunner: {CFAE447E-2334-49F3-816B-18C3BE603BAA} - c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\
FF - HiddenExtension: XULRunner: {1810704F-1C9F-4845-8233-294709282F64} - c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\
FF - HiddenExtension: XULRunner: {CEF792E0-EB57-4F61-A923-86583A453012} - c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\
FF - HiddenExtension: XULRunner: {B75241CE-1315-473E-9F67-5BD0CC5B81CE} - c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\
FF - HiddenExtension: XULRunner: {5FFCEFE7-55D7-4596-BB26-35F146CB6514} - c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\
FF - HiddenExtension: XULRunner: {B24AA79A-3D0F-488B-B3F2-C272EB293B33} - c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}
FF - HiddenExtension: XULRunner: {31AC73BF-FC18-4531-992F-1A997056EC2D} - c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\
FF - HiddenExtension: XULRunner: {EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB} - c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\
FF - HiddenExtension: XULRunner: {31C36255-13C9-47C0-9A9A-86B79BEB0BEB} - c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\
FF - HiddenExtension: XULRunner: {314DA6F3-F502-4BD1-9E98-3871D2181070} - c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\
FF - HiddenExtension: XULRunner: {B7CF1820-6297-46A8-8698-EB993DC9F725} - c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\
FF - HiddenExtension: XULRunner: {F94377AE-23E6-4B0D-980C-F6752EBD5BA6} - c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\
FF - HiddenExtension: XULRunner: {15DE25A5-6AF4-427C-B0BA-BB6B756A51AA} - c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\
FF - HiddenExtension: XULRunner: {8F45B187-F84B-4F9B-B355-C6D470852FE5} - c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\
FF - HiddenExtension: XULRunner: {26340601-01DA-4892-9DB4-C1DB073BCD2A} - c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\
FF - HiddenExtension: XULRunner: {C31F456D-3905-407A-BF5F-0C1BF8C7C00E} - c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\
FF - HiddenExtension: XULRunner: {881B7250-BB32-49A5-BF2A-6C50AEB36157} - c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\
FF - HiddenExtension: XULRunner: {A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8} - c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\
FF - HiddenExtension: XULRunner: {E31A19FB-6077-4256-BA0B-296C016B8660} - c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\
FF - HiddenExtension: XULRunner: {05F81070-019B-45B7-8F80-A9F5C4494815} - c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\
FF - HiddenExtension: XULRunner: {5EDEF787-857A-492E-B679-87A15F6F82C9} - c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\
FF - HiddenExtension: XULRunner: {C7C476CA-30CD-4DC9-9988-1B56431ED140} - c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\
FF - HiddenExtension: XULRunner: {85F75B53-2E79-4607-A1AA-D4E2D7018781} - c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(816)
c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll
.
Completion time: 2010-10-20 19:55:12
ComboFix-quarantined-files.txt 2010-10-21 02:55
ComboFix2.txt 2010-10-21 02:10

Pre-Run: 288,521,994,240 bytes free
Post-Run: 288,468,582,400 bytes free

- - End Of File - - ED0BCB80B8719ED47956A6840932E150

broni · 2010/10/20

Ooops...wrong code...sorry for that

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

FireFox::
FF - HiddenExtension: XULRunner: {3CD5BA76-9114-442D-BB31-45AAD6FA5721} - c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}
FF - HiddenExtension: XULRunner: {41D2D2E6-FBD7-40AC-A333-5DB10C27573B} - c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}
FF - HiddenExtension: XULRunner: {6F297557-72A9-4E1E-869B-00ABF34E4564} - c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\
FF - HiddenExtension: XULRunner: {FC34A486-C113-41A3-A77F-FFCE46E4005A} - c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\
FF - HiddenExtension: XULRunner: {80119070-146C-4601-8DD1-2C9C77472A26} - c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\
FF - HiddenExtension: XULRunner: {AB4295A0-6278-4D5E-8E58-B7028EEEDBE0} - c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\
FF - HiddenExtension: XULRunner: {0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1} - c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\
FF - HiddenExtension: XULRunner: {021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} - c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}
FF - HiddenExtension: XULRunner: {A87EB6EE-E449-436F-95E5-B97985E078BF} - c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\
FF - HiddenExtension: XULRunner: {FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} - c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}
FF - HiddenExtension: XULRunner: {D4A4CCE1-34ED-444B-B462-F7AE98E4257C} - c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\
FF - HiddenExtension: XULRunner: {01AF4BC4-E612-4D01-AABD-4026D89B0220} - c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\
FF - HiddenExtension: XULRunner: {DCA46154-0766-4AD6-8454-1257208B4C86} - c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\
FF - HiddenExtension: XULRunner: {3B2676BD-D009-4E84-B77D-B2A77CC4F067} - c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\
FF - HiddenExtension: XULRunner: {6338F594-28F8-456E-AB83-36AE2ABCC174} - c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\
FF - HiddenExtension: XULRunner: {F98798E9-967A-4DC6-8E2F-219D49A08CA5} - c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\
FF - HiddenExtension: XULRunner: {01821E4B-21D3-4790-8A4E-94143451F52F} - c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}
FF - HiddenExtension: XULRunner: {F6398D06-40A8-4EA1-9661-949CD74133EA} - c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\
FF - HiddenExtension: XULRunner: {6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E} - c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\
FF - HiddenExtension: XULRunner: {683FA8FB-F01E-44C1-ABAC-C6475BB96925} - c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\
FF - HiddenExtension: XULRunner: {BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA} - c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\
FF - HiddenExtension: XULRunner: {5D7A8ABB-8592-44BD-B2BA-BF0990146BBA} - c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\
FF - HiddenExtension: XULRunner: {BD731480-A9EC-4816-B79D-24F95F057CBD} - c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\
FF - HiddenExtension: XULRunner: {3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269} - c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\
FF - HiddenExtension: XULRunner: {EC979111-16D4-4E50-8BAC-EE34414910AE} - c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\
FF - HiddenExtension: XULRunner: {0DA90A41-3898-42ED-98E2-3D419A50CAA1} - c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\
FF - HiddenExtension: XULRunner: {BAF7AE01-27FB-4B79-988D-FECEA71FA20D} - c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\
FF - HiddenExtension: XULRunner: {C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD} - c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\
FF - HiddenExtension: XULRunner: {68039E31-090F-46FC-AB41-DFDB6C02BBF5} - c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\
FF - HiddenExtension: XULRunner: {4544806E-EDAA-4F0E-A7B5-6240275647BE} - c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\
FF - HiddenExtension: XULRunner: {A6CE39D0-E71C-414D-B947-40A159B0BCB8} - c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\
FF - HiddenExtension: XULRunner: {F1002F26-2DA2-498F-B365-12B963ACF028} - c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\
FF - HiddenExtension: XULRunner: {26D99F41-F45E-415B-9A88-9C021FF8B261} - c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\
FF - HiddenExtension: XULRunner: {CDCD1E9A-0507-4214-8F09-35AA7BE29CCA} - c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\
FF - HiddenExtension: XULRunner: {7481D296-4103-484E-AE4D-02A2D50810B3} - c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\
FF - HiddenExtension: XULRunner: {4088E2FF-59C5-40EA-ADBC-464B50028E94} - c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\
FF - HiddenExtension: XULRunner: {C6160785-6D8E-4B62-9FA0-7626CA51E5D6} - c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}
FF - HiddenExtension: XULRunner: {022FD96B-7F52-4014-AE04-59ADDBDE423B} - c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\
FF - HiddenExtension: XULRunner: {1DB86530-0A76-486B-B420-60A53D9E71CC} - c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\
FF - HiddenExtension: XULRunner: {ED436D7D-4AB9-4822-80BE-8E00D777D7FB} - c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\
FF - HiddenExtension: XULRunner: {AE84F59B-307C-448C-A770-6C1452076321} - c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\
FF - HiddenExtension: XULRunner: {6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C} - c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\
FF - HiddenExtension: XULRunner: {0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0} - c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\
FF - HiddenExtension: XULRunner: {A0DC25C0-24F3-4191-931B-2B3EF93927CD} - c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\
FF - HiddenExtension: XULRunner: {0FAB358A-C40F-478C-A5FF-8779B638AD9E} - c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\
FF - HiddenExtension: XULRunner: {C9F54624-A59B-4325-AABB-66FF9FD98736} - c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\
FF - HiddenExtension: XULRunner: {C95D7C0B-ADBD-47DF-B008-FB67FEF7A973} - c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\
FF - HiddenExtension: XULRunner: {FE607F62-6217-4E73-9248-8B7A6B366F88} - c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\
FF - HiddenExtension: XULRunner: {4112B3DA-79AD-48EC-96CD-70B4BC640126} - c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\
FF - HiddenExtension: XULRunner: {ED17B3FF-1891-4950-80D0-8A81EC2BA586} - c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\
FF - HiddenExtension: XULRunner: {475C8C3D-2621-4C5F-9809-64A15F673D88} - c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\
FF - HiddenExtension: XULRunner: {55743ADC-2F04-4171-A8D8-6D61E6D761DF} - c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\
FF - HiddenExtension: XULRunner: {3B6758DE-B570-4947-8819-AF6487C6D70F} - c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\
FF - HiddenExtension: XULRunner: {87240927-E5C3-4273-B261-06E215C25FDB} - c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\
FF - HiddenExtension: XULRunner: {914891D9-9D3A-4FAF-8338-A591EDF7B91F} - c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\
FF - HiddenExtension: XULRunner: {D2C007E5-07C5-44CC-B784-B15CB859CC51} - c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\
FF - HiddenExtension: XULRunner: {672C3E82-15C1-435D-A0E9-10055B4BB729} - c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\
FF - HiddenExtension: XULRunner: {8177E358-6724-4F4F-94ED-F3BA266B2F4D} - c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\
FF - HiddenExtension: XULRunner: {32C66F5A-FE41-4125-A0D7-BB515C3C5CD5} - c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\
FF - HiddenExtension: XULRunner: {371F34D1-442E-4DFE-83B5-94FFD0E28AA5} - c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\
FF - HiddenExtension: XULRunner: {CFAE447E-2334-49F3-816B-18C3BE603BAA} - c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\
FF - HiddenExtension: XULRunner: {1810704F-1C9F-4845-8233-294709282F64} - c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\
FF - HiddenExtension: XULRunner: {CEF792E0-EB57-4F61-A923-86583A453012} - c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\
FF - HiddenExtension: XULRunner: {B75241CE-1315-473E-9F67-5BD0CC5B81CE} - c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\
FF - HiddenExtension: XULRunner: {5FFCEFE7-55D7-4596-BB26-35F146CB6514} - c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\
FF - HiddenExtension: XULRunner: {B24AA79A-3D0F-488B-B3F2-C272EB293B33} - c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}
FF - HiddenExtension: XULRunner: {31AC73BF-FC18-4531-992F-1A997056EC2D} - c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\
FF - HiddenExtension: XULRunner: {EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB} - c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\
FF - HiddenExtension: XULRunner: {31C36255-13C9-47C0-9A9A-86B79BEB0BEB} - c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\
FF - HiddenExtension: XULRunner: {314DA6F3-F502-4BD1-9E98-3871D2181070} - c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\
FF - HiddenExtension: XULRunner: {B7CF1820-6297-46A8-8698-EB993DC9F725} - c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\
FF - HiddenExtension: XULRunner: {F94377AE-23E6-4B0D-980C-F6752EBD5BA6} - c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\
FF - HiddenExtension: XULRunner: {15DE25A5-6AF4-427C-B0BA-BB6B756A51AA} - c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\
FF - HiddenExtension: XULRunner: {8F45B187-F84B-4F9B-B355-C6D470852FE5} - c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\
FF - HiddenExtension: XULRunner: {26340601-01DA-4892-9DB4-C1DB073BCD2A} - c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\
FF - HiddenExtension: XULRunner: {C31F456D-3905-407A-BF5F-0C1BF8C7C00E} - c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\
FF - HiddenExtension: XULRunner: {881B7250-BB32-49A5-BF2A-6C50AEB36157} - c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\
FF - HiddenExtension: XULRunner: {A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8} - c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\
FF - HiddenExtension: XULRunner: {E31A19FB-6077-4256-BA0B-296C016B8660} - c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\
FF - HiddenExtension: XULRunner: {05F81070-019B-45B7-8F80-A9F5C4494815} - c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\
FF - HiddenExtension: XULRunner: {5EDEF787-857A-492E-B679-87A15F6F82C9} - c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\
FF - HiddenExtension: XULRunner: {C7C476CA-30CD-4DC9-9988-1B56431ED140} - c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\
FF - HiddenExtension: XULRunner: {85F75B53-2E79-4607-A1AA-D4E2D7018781} - c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Mburgess · 2010/10/20

New Log:

ComboFix 10-10-20.01 - Mitch 10/20/2010 20:18:41.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.2249 [GMT -7:00]
Running from: c:\users\Mitch\Desktop\ComboFix.exe
Command switches used :: c:\users\Mitch\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\
c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\\chrome.manifest
c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\\install.rdf
c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\
c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\\chrome.manifest
c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\\install.rdf
c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\
c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\\chrome.manifest
c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\\install.rdf
c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\
c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\\chrome.manifest
c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\\install.rdf
c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\
c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\\chrome.manifest
c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\\install.rdf
c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\
c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\\chrome.manifest
c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\\install.rdf
c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\
c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\\chrome.manifest
c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\\install.rdf
c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\
c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\\chrome.manifest
c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\\install.rdf
c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\
c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\\chrome.manifest
c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\\install.rdf
c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\
c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\\chrome.manifest
c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\\install.rdf
c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\
c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\\chrome.manifest
c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\\install.rdf
c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\
c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\\chrome.manifest
c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\\install.rdf
c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\
c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\\chrome.manifest
c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\\install.rdf
c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\
c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\\chrome.manifest
c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\\install.rdf
c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\
c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\\chrome.manifest
c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\\install.rdf
c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\
c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\\chrome.manifest
c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\\install.rdf
c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}
c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}\chrome.manifest
c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}\install.rdf
c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\
c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\\chrome.manifest
c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\\install.rdf
c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\
c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\\chrome.manifest
c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\\install.rdf
c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\
c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\\chrome.manifest
c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\\install.rdf
c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\
c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\\chrome.manifest
c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\\install.rdf
c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\
c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\\chrome.manifest
c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\\install.rdf
c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\
c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\\chrome.manifest
c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\\install.rdf
c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\
c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\\chrome.manifest
c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\\install.rdf
c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\
c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\\chrome.manifest
c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\\install.rdf
c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\
c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\\chrome.manifest
c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\\install.rdf
c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\
c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\\chrome.manifest
c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\\install.rdf
c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\
c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\\chrome.manifest
c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\\install.rdf
c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\
c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\\chrome.manifest
c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\\install.rdf
c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\
c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\\chrome.manifest
c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\\install.rdf
c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\
c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\\chrome.manifest
c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\\install.rdf
c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\
c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\\chrome.manifest
c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\\install.rdf
c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\
c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\\chrome.manifest
c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\\install.rdf
c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\
c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\\chrome.manifest
c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\\install.rdf
c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\
c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\\chrome.manifest
c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\\install.rdf
c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\
c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\\chrome.manifest
c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\\install.rdf
c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\
c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\\chrome.manifest
c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\\install.rdf
c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\
c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\\chrome.manifest
c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\\install.rdf
c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\
c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\\chrome.manifest
c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\\install.rdf
c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\
c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\\chrome.manifest
c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\\install.rdf
c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\
c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\\chrome.manifest
c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\\install.rdf
c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}
c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}\chrome.manifest
c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}\install.rdf
c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\
c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\\chrome.manifest
c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\\install.rdf
c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\
c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\\chrome.manifest
c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\\install.rdf
c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\
c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\\chrome.manifest
c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\\install.rdf
c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\
c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\\chrome.manifest
c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\\install.rdf
c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\
c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\\chrome.manifest
c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\\install.rdf
c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\
c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\\chrome.manifest
c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\\install.rdf
c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}
c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}\chrome.manifest
c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}\install.rdf
c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\
c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\\chrome.manifest
c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\\install.rdf
c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\
c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\\chrome.manifest
c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\\install.rdf
c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\
c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\\chrome.manifest
c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\\install.rdf
c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\
c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\\chrome.manifest
c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\\install.rdf
c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\
c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\\chrome.manifest
c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\\install.rdf
c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\
c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\\chrome.manifest
c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\\install.rdf
c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\
c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\\chrome.manifest
c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\\install.rdf
c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\
c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\\chrome.manifest
c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\\install.rdf
c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\
c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\\chrome.manifest
c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\\install.rdf
c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\
c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\\chrome.manifest
c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\\install.rdf
c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\
c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\\chrome.manifest
c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\\install.rdf
c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\
c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\\chrome.manifest
c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\\install.rdf
c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\
c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\\chrome.manifest
c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\\install.rdf
c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\
c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\\chrome.manifest
c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\\install.rdf
c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\
c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\\chrome.manifest
c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\\install.rdf
c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\
c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\\chrome.manifest
c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\\chrome\content\_cfg.js
c:\users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\\install.rdf
c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}
c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}\chrome.manifest
c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F}\install.rdf
c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}
c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}\chrome.manifest
c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}\install.rdf
c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\
c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\\chrome.manifest
c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\\install.rdf
c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\
c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\\chrome.manifest
c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\\install.rdf
c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\
c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\\chrome.manifest
c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\\install.rdf
c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\
c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\\chrome.manifest
c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\\install.rdf
c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\
c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\\chrome.manifest
c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\\install.rdf
c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\
c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\\chrome.manifest
c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\\install.rdf
c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}
c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}\chrome.manifest
c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}\install.rdf
c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\
c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\\chrome.manifest
c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\\install.rdf
c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\
c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\\chrome.manifest
c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\\install.rdf
c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\
c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\\chrome.manifest
c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\\install.rdf
c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\
c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\\chrome.manifest
c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\\install.rdf
c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\
c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\\chrome.manifest
c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\\install.rdf
c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\
c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\\chrome.manifest
c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\\install.rdf
c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\
c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\\chrome.manifest
c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\\install.rdf
c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}
c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}\chrome.manifest
c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}\install.rdf
c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\
c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\\chrome.manifest
c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\\chrome\content\_cfg.js
c:\users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-21 03:22 . 2010-10-21 03:22 -------- d-----w- c:\users\Mitch\AppData\Local\temp
2010-10-21 03:22 . 2010-10-21 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-21 03:22 . 2010-10-21 03:22 -------- d-----w- c:\users\Burgess\AppData\Local\temp
2010-10-21 03:22 . 2010-10-21 03:22 -------- d-----w- c:\users\AppData\AppData\Local\temp
2010-10-21 03:17 . 2010-10-21 03:17 -------- d-----w- C:\32788R22FWJFW
2010-10-20 00:25 . 2010-10-20 00:25 -------- d-----w- C:\temp
2010-10-18 00:10 . 2010-10-18 00:08 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-10-18 00:10 . 2010-10-18 00:08 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-10-18 00:10 . 2010-10-18 00:08 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-10-18 00:10 . 2010-10-18 00:08 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-10-18 00:08 . 2010-10-18 00:09 -------- d-----w- c:\program files\Trend Micro
2010-10-17 23:19 . 2010-10-17 23:19 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-10-17 15:54 . 2010-10-17 23:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-17 15:54 . 2010-10-17 23:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-16 12:45 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-16 10:09 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-16 10:01 . 2010-10-16 10:01 -------- d-----w- c:\windows\CheckSur
2010-10-16 02:42 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 02:23 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-16 02:20 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-16 02:20 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-16 02:20 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-16 02:20 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-16 02:20 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\users\Mitch\AppData\Roaming\Malwarebytes
2010-10-16 01:41 . 2010-10-16 01:41 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 01:41 . 2010-10-16 02:01 -------- d-----w- C:\MalwarebytesPortable
2010-10-13 22:23 . 2010-10-13 22:23 -------- d-----w- C:\bcfc3ac9245f16ca6505ddefed
2010-10-13 02:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:31 . 2010-10-13 04:51 -------- d-----w- c:\users\Mitch\AppData\Roaming\.minecraft
2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
2010-10-18 00:08 234832 ----a-w- c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam "= "c:\program files\steam\steam.exe" [2010-08-24 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-04-23 4435968]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-02 75048]
"CHotkey "= "zHotkey.exe" [2006-11-07 547840]
"ModPS2 "= "ModPS2Key.exe" [2006-11-07 53248]
"PDVD9LanguageShortcut "= "c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"RemoteControl9 "= "c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"ShowWnd "= "ShowWnd.exe" [2005-01-27 36864]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Trend Micro Client Framework "= "c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-18 112632]
"Trend Micro Titanium "= "c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-10-18 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Audiosrv]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDAudBus]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MMCSS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
@= "[6cFgE][S?Ã»?d, ?Ã¬deÃ´ ??d gª?Ã¨ ¢o?tr?l?Ã¨?š !!! !!! !] "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{640167b4-59b0-47a6-b335-a6b3c0695aea}]
@= "Portable Media Devices "

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/10/09 17:19];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 87536]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-10-18 64080]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-18 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 02:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
FF - ProfilePath - c:\users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD9\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-20 20:23:58
ComboFix-quarantined-files.txt 2010-10-21 03:23
ComboFix2.txt 2010-10-21 02:55
ComboFix3.txt 2010-10-21 02:10

Pre-Run: 288,522,989,568 bytes free
Post-Run: 288,231,493,632 bytes free

- - End Of File - - 6B19CF7F7A6C4DF32C590265518F4084

broni · 2010/10/20

Good

Let me know, if you can start in normal mode now.

Mburgess · 2010/10/20

No it did not start in normal mode it frooze on the starting windows

broni · 2010/10/20

Both program listed below can be run in Safe Mode....

Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

===========================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

Mburgess · 2010/10/20

I just had to do one right?

Well heres the MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ELITEGROUP
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Gateway
System Product Name: GT5654
Logical Drives Mask: 0x0000079c

Kernel Drivers (total 157):
0x82240000 \SystemRoot\system32\ntkrnlpa.exe
0x82209000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x8A41E000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8A429000 \SystemRoot\system32\PSHED.dll
0x8A43A000 \SystemRoot\system32\BOOTVID.dll
0x8A442000 \SystemRoot\system32\CLFS.SYS
0x8A484000 \SystemRoot\system32\CI.dll
0x8A52F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A5A0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A5AE000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8A5F6000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8A400000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8A621000 \SystemRoot\system32\DRIVERS\pci.sys
0x8A64B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8A656000 \SystemRoot\System32\drivers\partmgr.sys
0x8A667000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8A66E000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8A67C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8A68C000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A6D7000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A6ED000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8A6F6000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8A719000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8A73E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A785000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8A78E000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x8A7AB000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A7DF000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A833000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A962000 \SystemRoot\System32\Drivers\msrpc.sys
0x8A98D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A9A0000 \SystemRoot\System32\Drivers\cng.sys
0x8A800000 \SystemRoot\System32\drivers\pcw.sys
0x8A80E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AA32000 \SystemRoot\system32\drivers\ndis.sys
0x8AAE9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AB27000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AC2E000 \SystemRoot\System32\drivers\tcpip.sys
0x8AD77000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8ADA8000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8AC00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8ADEF000 \SystemRoot\System32\Drivers\mup.sys
0x8AB4C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AB54000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AB86000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AB97000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8ADE7000 \SystemRoot\System32\Drivers\Null.SYS
0x8AA11000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AA18000 \SystemRoot\System32\drivers\vga.sys
0x8A600000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AA24000 \SystemRoot\System32\drivers\watchdog.sys
0x8ABF8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8A817000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8A822000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E638000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E64F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E65A000 \SystemRoot\system32\drivers\afd.sys
0x8E6B4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E6E6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E6ED000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E70C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E71A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E75B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E765000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E77D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8E79E000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E7B6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E7C3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8E805000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E850000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E85F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8E88B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E8AA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E8C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E8CF000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x8E920000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8E92E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8E93B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E945000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8E957000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E96F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E97A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E99C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E9B4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E9CB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E9E2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E9EC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E7CD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E600000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E7DA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8EC23000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90E37000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x90E00000 \SystemRoot\system32\drivers\portcls.sys
0x90FE6000 \SystemRoot\system32\drivers\drmk.sys
0x8EC67000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92570000 \SystemRoot\System32\win32k.sys
0x8EC78000 \SystemRoot\System32\drivers\Dxapi.sys
0x8EC82000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EC8F000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8EC99000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x8ECBE000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x927C0000 \SystemRoot\System32\drivers\dxg.sys
0x927F0000 \SystemRoot\System32\TSDDD.dll
0x92470000 \SystemRoot\System32\framebuf.dll
0x8ECCF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x90E2F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ECE6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8ECF1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED04000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED0B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8ED16000 \SystemRoot\system32\drivers\WudfPf.sys
0x8ED30000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8ED49000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8ED5B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8ED7E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8EDB9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x779D0000 \Windows\System32\ntdll.dll
0x47A10000 \Windows\System32\smss.exe
0x77C10000 \Windows\System32\apisetschema.dll
0x009B0000 \Windows\System32\autochk.exe
0x77BB0000 \Windows\System32\Wldap32.dll
0x77B80000 \Windows\System32\imagehlp.dll
0x77B60000 \Windows\System32\sechost.dll
0x778F0000 \Windows\System32\kernel32.dll
0x77860000 \Windows\System32\oleaut32.dll
0x776C0000 \Windows\System32\setupapi.dll
0x775C0000 \Windows\System32\wininet.dll
0x77480000 \Windows\System32\urlmon.dll
0x77400000 \Windows\System32\comdlg32.dll
0x77B50000 \Windows\System32\lpk.dll
0x767B0000 \Windows\System32\shell32.dll
0x77B10000 \Windows\System32\ws2_32.dll
0x76750000 \Windows\System32\difxapi.dll
0x766A0000 \Windows\System32\msvcrt.dll
0x76600000 \Windows\System32\usp10.dll
0x765F0000 \Windows\System32\nsi.dll
0x76520000 \Windows\System32\msctf.dll
0x76480000 \Windows\System32\advapi32.dll
0x76420000 \Windows\System32\shlwapi.dll
0x76350000 \Windows\System32\user32.dll
0x76150000 \Windows\System32\iertutil.dll
0x760A0000 \Windows\System32\rpcrt4.dll
0x76080000 \Windows\System32\imm32.dll
0x75F20000 \Windows\System32\ole32.dll
0x75F10000 \Windows\System32\normaliz.dll
0x75F00000 \Windows\System32\psapi.dll
0x75EB0000 \Windows\System32\gdi32.dll
0x75E20000 \Windows\System32\clbcatq.dll
0x75E00000 \Windows\System32\devobj.dll
0x75DB0000 \Windows\System32\KernelBase.dll
0x75D80000 \Windows\System32\wintrust.dll
0x75C60000 \Windows\System32\crypt32.dll
0x75C30000 \Windows\System32\cfgmgr32.dll
0x75BA0000 \Windows\System32\comctl32.dll
0x75B90000 \Windows\System32\msasn1.dll

Processes (total 28):
0 System Idle Process
4 System
252 C:\Windows\System32\smss.exe
372 csrss.exe
408 C:\Windows\System32\wininit.exe
416 csrss.exe
464 C:\Windows\System32\winlogon.exe
488 C:\Windows\System32\services.exe
496 C:\Windows\System32\lsass.exe
504 C:\Windows\System32\lsm.exe
616 C:\Windows\System32\svchost.exe
692 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\audiodg.exe
1028 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\svchost.exe
1476 C:\Windows\explorer.exe
1532 C:\Windows\System32\ctfmon.exe
376 C:\Program Files\Internet Explorer\iexplore.exe
300 C:\Program Files\Internet Explorer\iexplore.exe
1436 C:\Program Files\Internet Explorer\iexplore.exe
1196 C:\Program Files\Internet Explorer\iexplore.exe
264 C:\Users\Mitch\Desktop\MBRCheck.exe
656 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`b2c88200 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDC WD4000AAJS-00YFA, Rev: 12.0

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

broni · 2010/10/20

No
Both.
GMER too.

Mburgess · 2010/10/20

softpedia link is dead but here is the log

GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-20 21:40:39
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Mitch\AppData\Local\Temp\uwtdrpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82283599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822A7F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[300] USER32.dll!CallNextHookEx 7635CC8F 5 Bytes JMP 72999D7C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[300] USER32.dll!CreateWindowExW 76360E51 5 Bytes JMP 729A8187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[300] ole32.dll!CoCreateInstance 75F7590C 5 Bytes JMP 729A8C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[376] USER32.dll!CreateWindowExW 76360E51 5 Bytes JMP 729A8187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!CallNextHookEx 7635CC8F 5 Bytes JMP 72999D7C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1436] USER32.dll!CreateWindowExW 76360E51 5 Bytes JMP 729A8187 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1436] ole32.dll!CoCreateInstance 75F7590C 5 Bytes JMP 729A8C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

broni · 2010/10/20

Nothing suspicious there.

While in safe mode....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Try to restart in normal mode. Can you?

Mburgess · 2010/10/21

No this did not work

broni · 2010/10/21

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Mburgess · 2010/10/21

OTL logfile created on: 10/21/2010 6:11:23 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Users\Mitch\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 361.67 Gb Total Space | 268.54 Gb Free Space | 74.25% Space Free | Partition Type: NTFS
Drive D: | 10.79 Gb Total Space | 4.50 Gb Free Space | 41.70% Space Free | Partition Type: NTFS

Computer Name: BURGESS-BIG | User Name: Mitch | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
PRC - [2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 18:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 18:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 18:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 18:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 18:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 18:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 18:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/10/17 17:08:09 | 000,196,320 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe -- (Amsp)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 18:12:25 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/18 03:01:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/09/15 17:29:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/13 18:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 18:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 18:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 18:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 18:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 18:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 18:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 18:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 18:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 18:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 18:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 18:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 18:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 18:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

========== Driver Services (SafeList) ==========

DRV - [2010/10/17 17:08:10 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/10/17 17:08:10 | 000,092,112 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/10/17 17:08:10 | 000,080,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/10/17 17:08:10 | 000,064,080 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/11 21:05:54 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/12/11 00:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/09/01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/10/09 17:19:27] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/08/09 14:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VClone.sys -- (VClone)
DRV - [2009/07/13 18:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 18:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 18:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 18:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 18:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 18:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 18:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 18:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 18:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 18:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 18:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 18:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 18:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 18:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 18:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 18:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 18:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 18:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 18:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 18:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 18:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 18:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 18:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 18:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 18:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 18:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 18:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 18:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 18:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 18:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 18:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 18:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 18:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 18:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 18:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 18:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 18:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 17:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 17:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 17:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 16:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 16:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 16:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 16:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 16:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 16:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 16:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 16:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 16:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 16:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 16:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 16:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 16:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 15:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 15:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 15:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 15:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 15:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 15:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 15:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 15:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/23 18:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5654
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22181a4d-af90-4ca3-a569-faed9118d6bc}:1.6.0.1126

FF - HKLM\software\mozilla\Firefox\Extensions\\{3CD5BA76-9114-442D-BB31-45AAD6FA5721}: C:\Users\Mitch\AppData\Local\{3CD5BA76-9114-442D-BB31-45AAD6FA5721} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B}: C:\Users\Burgess\AppData\Local\{41D2D2E6-FBD7-40AC-A333-5DB10C27573B} [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6F297557-72A9-4E1E-869B-00ABF34E4564}: C:\Users\Burgess\AppData\Local\{6F297557-72A9-4E1E-869B-00ABF34E4564}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FC34A486-C113-41A3-A77F-FFCE46E4005A}: C:\Users\Mitch\AppData\Local\{FC34A486-C113-41A3-A77F-FFCE46E4005A}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{80119070-146C-4601-8DD1-2C9C77472A26}: C:\Users\Burgess\AppData\Local\{80119070-146C-4601-8DD1-2C9C77472A26}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}: C:\Users\Mitch\AppData\Local\{AB4295A0-6278-4D5E-8E58-B7028EEEDBE0}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}: C:\Users\Burgess\AppData\Local\{0AA69C98-F3D7-481E-B41F-EE5E6ACA31F1}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428}: C:\Users\Mitch\AppData\Local\{021B1EB6-B74C-4D9B-89BB-78AB8CCEE428} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A87EB6EE-E449-436F-95E5-B97985E078BF}: C:\Users\Burgess\AppData\Local\{A87EB6EE-E449-436F-95E5-B97985E078BF}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8}: C:\Users\Mitch\AppData\Local\{FBB9C9A7-5C7C-49C2-B537-44A25B9EFAA8} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}: C:\Users\Burgess\AppData\Local\{D4A4CCE1-34ED-444B-B462-F7AE98E4257C}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01AF4BC4-E612-4D01-AABD-4026D89B0220}: C:\Users\Burgess\AppData\Local\{01AF4BC4-E612-4D01-AABD-4026D89B0220}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{DCA46154-0766-4AD6-8454-1257208B4C86}: C:\Users\Mitch\AppData\Local\{DCA46154-0766-4AD6-8454-1257208B4C86}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}: C:\Users\Mitch\AppData\Local\{3B2676BD-D009-4E84-B77D-B2A77CC4F067}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6338F594-28F8-456E-AB83-36AE2ABCC174}: C:\Users\Burgess\AppData\Local\{6338F594-28F8-456E-AB83-36AE2ABCC174}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}: C:\Users\Burgess\AppData\Local\{F98798E9-967A-4DC6-8E2F-219D49A08CA5}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{01821E4B-21D3-4790-8A4E-94143451F52F}: C:\Users\Mitch\AppData\Local\{01821E4B-21D3-4790-8A4E-94143451F52F} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F6398D06-40A8-4EA1-9661-949CD74133EA}: C:\Users\Burgess\AppData\Local\{F6398D06-40A8-4EA1-9661-949CD74133EA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}: C:\Users\Burgess\AppData\Local\{6A0B4CA1-86C5-4DBA-943F-EE39FB73BB5E}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}: C:\Users\Burgess\AppData\Local\{683FA8FB-F01E-44C1-ABAC-C6475BB96925}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}: C:\Users\Burgess\AppData\Local\{BE74F2CC-9CD1-4F7A-9A6C-80A0481670AA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}: C:\Users\Burgess\AppData\Local\{5D7A8ABB-8592-44BD-B2BA-BF0990146BBA}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BD731480-A9EC-4816-B79D-24F95F057CBD}: C:\Users\Burgess\AppData\Local\{BD731480-A9EC-4816-B79D-24F95F057CBD}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}: C:\Users\Burgess\AppData\Local\{3B3CBCB8-F53B-4937-A1F7-ECEE6F55F269}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EC979111-16D4-4E50-8BAC-EE34414910AE}: C:\Users\Burgess\AppData\Local\{EC979111-16D4-4E50-8BAC-EE34414910AE}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}: C:\Users\Burgess\AppData\Local\{0DA90A41-3898-42ED-98E2-3D419A50CAA1}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}: C:\Users\Burgess\AppData\Local\{BAF7AE01-27FB-4B79-988D-FECEA71FA20D}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}: C:\Users\Burgess\AppData\Local\{C0E5F93A-B27A-4B5F-8801-428B4E0FC2BD}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}: C:\Users\Burgess\AppData\Local\{68039E31-090F-46FC-AB41-DFDB6C02BBF5}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4544806E-EDAA-4F0E-A7B5-6240275647BE}: C:\Users\Burgess\AppData\Local\{4544806E-EDAA-4F0E-A7B5-6240275647BE}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}: C:\Users\Burgess\AppData\Local\{A6CE39D0-E71C-414D-B947-40A159B0BCB8}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F1002F26-2DA2-498F-B365-12B963ACF028}: C:\Users\Burgess\AppData\Local\{F1002F26-2DA2-498F-B365-12B963ACF028}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{26D99F41-F45E-415B-9A88-9C021FF8B261}: C:\Users\Burgess\AppData\Local\{26D99F41-F45E-415B-9A88-9C021FF8B261}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}: C:\Users\Burgess\AppData\Local\{CDCD1E9A-0507-4214-8F09-35AA7BE29CCA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7481D296-4103-484E-AE4D-02A2D50810B3}: C:\Users\Burgess\AppData\Local\{7481D296-4103-484E-AE4D-02A2D50810B3}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4088E2FF-59C5-40EA-ADBC-464B50028E94}: C:\Users\Burgess\AppData\Local\{4088E2FF-59C5-40EA-ADBC-464B50028E94}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6}: C:\Users\Burgess\AppData\Local\{C6160785-6D8E-4B62-9FA0-7626CA51E5D6} [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{022FD96B-7F52-4014-AE04-59ADDBDE423B}: C:\Users\Burgess\AppData\Local\{022FD96B-7F52-4014-AE04-59ADDBDE423B}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1DB86530-0A76-486B-B420-60A53D9E71CC}: C:\Users\Burgess\AppData\Local\{1DB86530-0A76-486B-B420-60A53D9E71CC}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}: C:\Users\Burgess\AppData\Local\{ED436D7D-4AB9-4822-80BE-8E00D777D7FB}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{AE84F59B-307C-448C-A770-6C1452076321}: C:\Users\Burgess\AppData\Local\{AE84F59B-307C-448C-A770-6C1452076321}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}: C:\Users\Burgess\AppData\Local\{6999CA1D-4C37-47AF-9FEE-F06C1E4B6C2C}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}: C:\Users\Burgess\AppData\Local\{0EE3C837-9EA3-4698-BCD5-BD4E8D25D6A0}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}: C:\Users\Burgess\AppData\Local\{A0DC25C0-24F3-4191-931B-2B3EF93927CD}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}: C:\Users\Burgess\AppData\Local\{0FAB358A-C40F-478C-A5FF-8779B638AD9E}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C9F54624-A59B-4325-AABB-66FF9FD98736}: C:\Users\Burgess\AppData\Local\{C9F54624-A59B-4325-AABB-66FF9FD98736}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}: C:\Users\Burgess\AppData\Local\{C95D7C0B-ADBD-47DF-B008-FB67FEF7A973}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FE607F62-6217-4E73-9248-8B7A6B366F88}: C:\Users\Burgess\AppData\Local\{FE607F62-6217-4E73-9248-8B7A6B366F88}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4112B3DA-79AD-48EC-96CD-70B4BC640126}: C:\Users\Burgess\AppData\Local\{4112B3DA-79AD-48EC-96CD-70B4BC640126}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}: C:\Users\Burgess\AppData\Local\{ED17B3FF-1891-4950-80D0-8A81EC2BA586}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{475C8C3D-2621-4C5F-9809-64A15F673D88}: C:\Users\Burgess\AppData\Local\{475C8C3D-2621-4C5F-9809-64A15F673D88}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}: C:\Users\Burgess\AppData\Local\{55743ADC-2F04-4171-A8D8-6D61E6D761DF}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3B6758DE-B570-4947-8819-AF6487C6D70F}: C:\Users\Burgess\AppData\Local\{3B6758DE-B570-4947-8819-AF6487C6D70F}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{87240927-E5C3-4273-B261-06E215C25FDB}: C:\Users\Burgess\AppData\Local\{87240927-E5C3-4273-B261-06E215C25FDB}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}: C:\Users\Burgess\AppData\Local\{914891D9-9D3A-4FAF-8338-A591EDF7B91F}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D2C007E5-07C5-44CC-B784-B15CB859CC51}: C:\Users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{672C3E82-15C1-435D-A0E9-10055B4BB729}: C:\Users\Burgess\AppData\Local\{672C3E82-15C1-435D-A0E9-10055B4BB729}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}: C:\Users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}: C:\Users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}: C:\Users\Burgess\AppData\Local\{371F34D1-442E-4DFE-83B5-94FFD0E28AA5}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CFAE447E-2334-49F3-816B-18C3BE603BAA}: C:\Users\Burgess\AppData\Local\{CFAE447E-2334-49F3-816B-18C3BE603BAA}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1810704F-1C9F-4845-8233-294709282F64}: C:\Users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{CEF792E0-EB57-4F61-A923-86583A453012}: C:\Users\Burgess\AppData\Local\{CEF792E0-EB57-4F61-A923-86583A453012}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}: C:\Users\Burgess\AppData\Local\{B75241CE-1315-473E-9F67-5BD0CC5B81CE}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}: C:\Users\Burgess\AppData\Local\{5FFCEFE7-55D7-4596-BB26-35F146CB6514}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B24AA79A-3D0F-488B-B3F2-C272EB293B33}: C:\Users\Burgess\AppData\Local\{B24AA79A-3D0F-488B-B3F2-C272EB293B33} [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{31AC73BF-FC18-4531-992F-1A997056EC2D}: C:\Users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}: C:\Users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}: C:\Users\Burgess\AppData\Local\{31C36255-13C9-47C0-9A9A-86B79BEB0BEB}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{314DA6F3-F502-4BD1-9E98-3871D2181070}: C:\Users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7CF1820-6297-46A8-8698-EB993DC9F725}: C:\Users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}: C:\Users\Burgess\AppData\Local\{F94377AE-23E6-4B0D-980C-F6752EBD5BA6}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}: C:\Users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8F45B187-F84B-4F9B-B355-C6D470852FE5}: C:\Users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}\ [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{26340601-01DA-4892-9DB4-C1DB073BCD2A}: C:\Users\Burgess\AppData\Local\{26340601-01DA-4892-9DB4-C1DB073BCD2A}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}: C:\Users\Burgess\AppData\Local\{C31F456D-3905-407A-BF5F-0C1BF8C7C00E}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{881B7250-BB32-49A5-BF2A-6C50AEB36157}: C:\Users\Burgess\AppData\Local\{881B7250-BB32-49A5-BF2A-6C50AEB36157}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D39F2292-FDDF-4A13-A130-8928898C222D}: C:\Users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D} [2010/10/21 18:21:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}: C:\Users\Burgess\AppData\Local\{A1DD4D3B-AC42-4D35-8EB2-A6801FBD1CC8}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E31A19FB-6077-4256-BA0B-296C016B8660}: C:\Users\Burgess\AppData\Local\{E31A19FB-6077-4256-BA0B-296C016B8660}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{05F81070-019B-45B7-8F80-A9F5C4494815}: C:\Users\Burgess\AppData\Local\{05F81070-019B-45B7-8F80-A9F5C4494815}\ [2010/10/21 18:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5EDEF787-857A-492E-B679-87A15F6F82C9}: C:\Users\Burgess\AppData\Local\{5EDEF787-857A-492E-B679-87A15F6F82C9}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C7C476CA-30CD-4DC9-9988-1B56431ED140}: C:\Users\Burgess\AppData\Local\{C7C476CA-30CD-4DC9-9988-1B56431ED140}\ [2010/10/21 18:21:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{85F75B53-2E79-4607-A1AA-D4E2D7018781}: C:\Users\Burgess\AppData\Local\{85F75B53-2E79-4607-A1AA-D4E2D7018781}\ [2010/10/21 18:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/10/17 17:10:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/10/21 18:21:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 18:21:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 18:21:12 | 000,000,000 | ---D | M]

[2010/01/17 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Mozilla\Extensions
[2010/01/17 13:50:52 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\extensions
[2009/11/17 07:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/17 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Mozilla\Firefox\Profiles\y5t2ykcy.default\extensions\staged-xpis
[2010/04/21 20:14:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 16:41:06 | 000,122,856 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2009/09/15 17:27:37 | 000,000,792 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Mitch\Pictures\assassins_creed_2.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mitch\Pictures\assassins_creed_2.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Mburgess · 2010/10/21

Otl Log Continued:

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/21 18:10:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2010/10/20 20:24:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/20 20:17:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/10/20 18:57:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/19 17:25:41 | 000,000,000 | ---D | C] -- C:\temp
[2010/10/17 18:14:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/10/17 17:10:43 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/10/17 17:10:35 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/10/17 17:10:35 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/10/17 17:10:34 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2010/10/17 17:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/17 16:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010/10/17 08:54:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/17 08:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/10/16 03:01:03 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/10/15 18:41:14 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\Malwarebytes
[2010/10/15 18:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/15 18:41:09 | 000,000,000 | ---D | C] -- C:\MalwarebytesPortable
[2010/10/13 15:23:31 | 000,000,000 | ---D | C] -- C:\bcfc3ac9245f16ca6505ddefed
[2010/10/11 16:51:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/28 15:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Roaming\.minecraft
[2010/08/10 10:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\35344
[2010/08/09 08:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\PixiePack Codec Pack
[2010/08/09 08:26:55 | 000,000,000 | ---D | C] -- C:\Users\Mitch\Documents\iMesh
[2010/08/09 08:26:55 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\iMesh
[2010/08/09 08:25:50 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\PackageAware
[2010/08/06 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010/08/05 19:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MySoftware
[2010/08/03 18:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\R-Studio
[2010/08/02 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{D39F2292-FDDF-4A13-A130-8928898C222D}
[2010/08/01 20:17:01 | 000,000,000 | ---D | C] -- C:\HammerAutosave
[2010/08/01 19:55:09 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{8F45B187-F84B-4F9B-B355-C6D470852FE5}
[2010/08/01 15:08:49 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{15DE25A5-6AF4-427C-B0BA-BB6B756A51AA}
[2010/08/01 12:10:02 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{B7CF1820-6297-46A8-8698-EB993DC9F725}
[2010/08/01 10:07:31 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{314DA6F3-F502-4BD1-9E98-3871D2181070}
[2010/07/31 19:21:57 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{EF8738F8-113D-4A9E-99E2-FD24EFDFB8EB}
[2010/07/31 11:51:36 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{31AC73BF-FC18-4531-992F-1A997056EC2D}
[2010/07/31 09:09:03 | 000,000,000 | -HSD | C] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2010/07/31 09:09:03 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2010/07/31 09:09:02 | 000,000,000 | ---D | C] -- C:\Windows\RemotePackages
[2010/07/30 16:10:02 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{1810704F-1C9F-4845-8233-294709282F64}
[2010/07/29 19:41:00 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{32C66F5A-FE41-4125-A0D7-BB515C3C5CD5}
[2010/07/29 17:51:21 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{8177E358-6724-4F4F-94ED-F3BA266B2F4D}
[2010/07/29 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\Mitch\AppData\Local\{D2C007E5-07C5-44CC-B784-B15CB859CC51}
[2010/07/29 10:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/07/29 09:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/07/29 09:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/07/29 09:35:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/29 09:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/29 09:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/07/29 09:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/07/24 11:17:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe
[2010/10/21 18:07:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/21 18:07:16 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 17:11:38 | 000,673,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/17 17:11:38 | 000,125,104 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/17 17:11:25 | 000,020,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 17:11:25 | 000,020,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 17:08:10 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010/10/17 17:08:10 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2010/10/17 17:08:10 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2010/10/17 17:08:10 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2010/10/15 19:24:06 | 000,334,625 | RHS- | M] () -- C:\VKNCI
[2010/10/15 19:24:06 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010/10/13 16:55:55 | 000,430,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/29 17:26:18 | 000,013,017 | ---- | M] () -- C:\Users\Mitch\Documents\french rev 2.docx
[2010/09/29 16:53:54 | 000,013,888 | ---- | M] () -- C:\Users\Mitch\Documents\French rev.docx
[2010/09/28 15:31:31 | 000,000,721 | ---- | M] () -- C:\Users\Mitch\Desktop\Minecraft - Shortcut.lnk
[2010/09/02 19:03:42 | 000,011,413 | ---- | M] () -- C:\Users\Mitch\Documents\Private Hack.xlsx
[2010/08/14 11:45:45 | 000,198,184 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010/08/03 12:39:06 | 000,000,000 | ---- | M] () -- C:\Users\Mitch\AppData\Local\Kyeji.bin
[2010/07/24 11:21:33 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/15 19:24:06 | 000,334,625 | RHS- | C] () -- C:\VKNCI
[2010/10/13 21:28:41 | 000,000,020 | RHS- | C] () -- C:\win7.ld
[2010/09/29 17:26:18 | 000,013,017 | ---- | C] () -- C:\Users\Mitch\Documents\french rev 2.docx
[2010/09/29 16:38:37 | 000,013,888 | ---- | C] () -- C:\Users\Mitch\Documents\French rev.docx
[2010/09/28 15:31:31 | 000,000,721 | ---- | C] () -- C:\Users\Mitch\Desktop\Minecraft - Shortcut.lnk
[2010/08/14 11:45:45 | 000,198,184 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/08/05 19:37:44 | 000,172,032 | ---- | C] () -- C:\Windows\System32\rsUtil.dll
[2010/07/31 09:29:47 | 000,171,136 | RHS- | C] () -- C:\grldr
[2010/07/31 09:07:56 | 000,051,867 | ---- | C] () -- C:\Windows\Ultimate.xml
[2010/07/24 11:18:15 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/22 13:16:02 | 000,000,120 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Npamupukalegete.dat
[2010/06/22 13:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Mitch\AppData\Local\Kyeji.bin
[2010/06/20 06:14:42 | 000,014,497 | ---- | C] () -- C:\Users\Mitch\AppData\Local\agefepohebafi.dll
[2010/06/19 20:42:59 | 000,014,497 | ---- | C] () -- C:\Users\Mitch\AppData\Local\ayujigucinep.dll
[2010/06/19 19:40:20 | 000,014,497 | ---- | C] () -- C:\Users\Mitch\AppData\Local\iyasadoqenezudu.dll
[2010/06/19 18:00:17 | 000,014,713 | ---- | C] () -- C:\Users\Mitch\AppData\Local\okotiholuracan.dll
[2009/11/25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/09 07:37:08 | 000,000,066 | ---- | C] () -- C:\Windows\razor.INI
[2009/10/06 20:48:06 | 000,000,058 | ---- | C] () -- C:\Windows\System32\msadio.dll
[2009/09/28 10:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/09/13 19:14:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/09 22:59:15 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2009/09/09 22:59:15 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007/04/27 11:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

========== LOP Check ==========

[2010/10/12 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\.minecraft
[2010/07/29 18:58:04 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\BitTorrent
[2010/06/17 06:36:27 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\LolClient
[2010/01/17 13:50:45 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/05/28 14:56:02 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\MAGIX
[2010/01/19 22:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\MusicNet
[2009/11/07 07:04:33 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\SampleView
[2010/01/17 13:50:52 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\Spare Backup
[2010/10/21 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Mitch\AppData\Roaming\uTorrent
[2010/09/24 09:48:58 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/10 14:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 18:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/17 13:22:16 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/10/20 20:23:59 | 000,039,257 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 14:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/08/02 09:59:51 | 000,171,136 | RHS- | M] () -- C:\grldr
[2010/10/21 18:07:16 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/20 08:05:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/09 23:12:21 | 000,000,165 | ---- | M] () -- C:\labelPrint.log
[2009/09/09 23:03:39 | 000,000,010 | ---- | M] () -- C:\MOVE_RECOVERY
[2010/06/20 08:05:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/10/21 18:07:20 | 3219,644,416 | -HS- | M] () -- C:\pagefile.sys
[2009/09/09 23:17:42 | 000,000,163 | ---- | M] () -- C:\power2go.log
[2009/09/10 06:02:51 | 000,001,191 | ---- | M] () -- C:\RebootLog.ini
[2009/09/09 23:01:15 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log
[2009/09/09 22:58:02 | 000,000,002 | RHS- | M] () -- C:\USER
[2010/10/15 19:24:06 | 000,334,625 | RHS- | M] () -- C:\VKNCI
[2010/10/15 19:24:06 | 000,000,020 | RHS- | M] () -- C:\win7.ld

< %systemroot%\Fonts\*.com >
[2009/07/13 21:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/19 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD8S.DLL
[2007/03/19 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP8S.DLL
[2009/07/13 18:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 18:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/14 15:21:54 | 000,000,286 | ---- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2010/01/17 14:23:39 | 000,000,221 | ---- | M] () -- C:\Users\Mitch\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/21 18:10:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Mitch\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2009/12/02 20:29:06 | 000,241,328 | ---- | M] () -- C:\Users\Mitch\GT704-WGB_RAW-USB_Drivers.exe

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 12:38:56 | 000,000,402 | ---- | M] () -- C:\Users\Mitch\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Log in or Sign up

Inactive Unknown Bug

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

Mburgess Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Unknown Bug

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

broni Moderator Malware Analyst

Mburgess Inactive Thread Starter

Mburgess Inactive Thread Starter

Share This Page

Useful Searches