Solved C:\Windows\SysWOW64\PING.EXE

Extras.Txt:

OTL Extras logfile created on: 10/4/2011 6:50:52 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Minister\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.66 Gb Available Physical Memory | 70.73% Memory free
15.99 Gb Paging File | 13.63 Gb Available in Paging File | 85.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 448.60 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 60.62 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 212.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 116.19 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 243.91 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive W: | 931.28 Gb Total Space | 931.28 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MINISTER-PC | User Name: Minister | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = Texturizer.INI] -- C:\Program Files (x86)\Texturizer\Texturizer.exe (Boingos Productions)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = Texturizer.TXT] -- C:\Program Files (x86)\Texturizer\Texturizer.exe (Boingos Productions)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = Texturizer.INI] -- C:\Program Files (x86)\Texturizer\Texturizer.exe (Boingos Productions)
.txt [@ = Texturizer.TXT] -- C:\Program Files (x86)\Texturizer\Texturizer.exe (Boingos Productions)

[HKEY_USERS\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe" = C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe:*:Enabled:Monster Central Control Software 7 -- ()
"C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe" = C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe:*:Enabled:Monster Central Control Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\2010\APPS\Best Soft\2\Portable.Soft.19.05.2010\PortableApps\BabylonPortable\App\Babylon\Babylon.exe" = I:\2010\APPS\Best Soft\2\Portable.Soft.19.05.2010\PortableApps\BabylonPortable\App\Babylon\Babylon.exe:*isabled:Babylon -- (Babylon Ltd.)
"C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe" = C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe:*:Enabled:Monster Central Control Software 7 -- ()
"I:\2010\APPS\Best Soft\2\Portable.Soft.19.05.2010\PortableApps\BabylonPortable\App\Babylon\Babylon.exe" = I:\2010\APPS\Best Soft\2\Portable.Soft.19.05.2010\PortableApps\BabylonPortable\App\Babylon\Babylon.exe:*isabled:Babylon -- (Babylon Ltd.)
"C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe" = C:\Program Files (x86)\Monster\Monster Central Control Software 7\MonsterRemote.exe:*:Enabled:Monster Central Control Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022ECE10-F8A9-401D-BEB9-3B2563A372EF}" = Cerberus FTP Server
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{2F227ACA-204C-4529-BA33-D095C42C72DB}" = Avid Audio Drivers (x64)
"{38B4E24E-4F6E-4A6C-A414-F956FC35F376}" = NVIDIA CUDA Toolkit v4.0 (64 bit)
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for AMD64 and Intel EM64T
"{51317AF5-D39F-49EC-A4B5-87451466B837}" = AMD Fuel
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68465690-5B83-40B3-9C9B-DA0A29BA0A7A}_is1" = Remo Recover Outlook (PST)
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver
"{72BC0353-CDDB-40EB-A5D9-15E48A9AC703}" = Cerberus FTP Server
"{7688DE34-87F5-45D5-AADA-E5501C1E0814}" = Oracle VM VirtualBox 4.1.0
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DD83A4D4-745F-4B69-94BA-FF1E1CCC03D1}" = ESET NOD32 Antivirus
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CC74429DF534AD466D4B7995A134561F8E4A78FF" = Windows Driver Package - Avid Technology (AvidDX) Media (08/25/2010 4.07.01.20955)
"CCleaner" = CCleaner
"Houdini 11.0.733" = Houdini 11.0.733
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 3.0.3.21
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0299DF57-FF2E-42C6-A4D7-9480E537D191}" = Pinnacle Creative Pack Volume 2
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C8EBB00-4909-459C-8347-B2068B7F0319}" = CyberLink DVD Menu Template Pack
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0FE07808-87DF-45A7-AEF8-97F3A60F4E00}" = FNC 11 Installer
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{15663E2F-4C49-4949-9490-8806050654E0}" = Avid Studio Bonus Content
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1A834332-A9EE-440C-9505-2D07F445F05A}" = MOBILedit! Support Libraries
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A7A2022-4FA3-4FA4-898B-83311B704D31}" = Avid Studio Registration Freebie - Adorage Vol. 11 Selection
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3369649B-FE61-46A0-9268-D938B660EE5C}_is1" = MOBILedit! Forensic ver. 5.5.0.1140
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3DCF00F5-04A5-4543-A088-705480811206}_is1" = Compiled Driver Disk (Samsung) 0.99
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{4044436C-3A01-4ECA-8FC9-AC8F3F838EDC}" = Audials TV
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{46EA439E-2D16-49B6-AA80-00DE992FE7CE}" = Microsoft Windows Debugging Symbols
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1" = MOBILedit! ver. 5.5.0.1140
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{4C66FDAB-2CEE-42C6-A3E9-909FFCBF331B}_is1" = Avalon Legends Solitaire version 1.5
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5454085C-840F-4070-8FAA-441000038301}" = BioShock 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A180ED5-0AC1-410A-B790-5E0319CD0A93}" = Sentinel Protection Installer 7.4.0
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = AMD VISION Engine Control Center
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{672017AB-BD22-FEED-D058-BC761279EF3D}" = Catalyst Control Center InstallProxy
"{67330878-0617-41A9-A3B0-B5298E89E7BC}" = Pinnacle Winter Pack
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A519E1D-44B8-4DC9-BC30-552C68D41C01}" = Avid Studio Plugins
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{74E5BA31-CB34-4388-BC7F-91DC8830AABC}" = ScoreFitter Volume 2
"{7649309B-F1ED-4225-8B50-1A4224883E55}" = Monster Central Control Software 7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EE8ED57-682B-4AB0-860C-2E079BCD90B1}" = Pinnacle Creative Pack Volume 1
"{7F2D1105-70ED-4379-8772-3F06E1D23F5A}" = Creative Pack Volume 3 - Kids
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8BBA35B6-E1A9-4FE0-892B-8F7980584D52}" = NetZero Internet and Voice Offer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CDF216E-B813-4CB3-B3F1-360D0405CCDE}_is1" = Pinnacle Studio 15 Content, версия 2.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{8FAA57C5-7BD1-4285-B4B1-36D7337D7BE5}" = Vhd Resizer
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{96FE1BDC-6A66-470B-86A9-75A2966C92BF}" = TitleExtreme
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D4A7A-DD9A-4044-B200-24E569B8D121}_is1" = Pinnacle Studio 14 Content v.0.1
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D79188E-8FDF-4187-BE92-418DB5EB656C}_is1" = File Restore Professional 3.1
"{9DCBDF08-F1C0-4935-A958-9501384FC528}" = ScoreFitter Volume 1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.09.16
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEEB246-6839-42DC-8BB8-F2B21B1D868D}_is1" = KillBox
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B35DC076-CEF2-4631-9EF7-45380E27C841}" = Avid Studio
"{B4C1D069-6001-4233-B247-00E5906B2CEC}" = MOBILedit! Forensic Support Libraries
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{C8242A93-DA0A-4DED-997B-CBA00E254E91}" = Pinnacle Scorefitter Volume 3 - Travel
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD05EBCD-65C2-44E2-9133-5A36736C1E4B}" = Monster Central Control Software 7
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.17.362
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E666E822-53A9-460B-BA99-35184AA80965}" = Hunting Unlimited 2011
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F5E68E00-90A1-4486-8CDF-F4694B62E33A}" = Audials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"4Videosoft Blu-ray Ripper_is1" = 4Videosoft Blu-ray Ripper
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"a4deskpro_webunion_is1" = A4DeskPro v5.05
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Allmyapps" = Allmyapps
"AnalogX NetStat Live" = AnalogX NetStat Live
"AnalogX PacketMon" = AnalogX PacketMon
"AndreaMosaic" = AndreaMosaic 3.32.3
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10 10.0.7
"BitRock InstallBuilder Enterprise 7.0.5" = BitRock InstallBuilder Enterprise
"Call of Duty - Black Ops_is1" = Call of Duty - Black Ops
"Cisco Connect" = Cisco Connect
"Clone2Go DVD Ripper_is1" = Clone2Go DVD Ripper 1.9.2
"COD Training_is1" = Getting Started with Avid Studio MULTILINGUAL
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"DiskAid_is1" = DiskAid 4.11
"DivX Setup.divx.com" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.7.3 (29/01/2011)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.2.2 (28/01/2011)
"DVDneXtCOPYneXtTech" = DVDneXtCOPYneXtTech
"FLAC" = FLAC 1.2.1b (remove only)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Google Chrome" = Google Chrome
"Halo" = Microsoft Halo
"ImTOO Blu Ray Ripper" = ImTOO Blu Ray Ripper
"ImTOO DVD Creator 6" = ImTOO DVD Creator 6
"ImTOO DVD Ripper Ultimate 6" = ImTOO DVD Ripper Ultimate 6
"ImTOO FLV Converter 6" = ImTOO FLV Converter 6
"ImTOO iPod Computer Transfer" = ImTOO iPod Computer Transfer
"ImTOO MKV Converter 6" = ImTOO MKV Converter 6
"ImTOO YouTube HD Video Converter" = ImTOO YouTube HD Video Converter
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"mmexpressdemosetup_is1" = MixMeister Express Demo 7.0.9
"mmssetup_is1" = MixMeister Studio Demo 7.4.4
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"Precision" = EVGA Precision 2.0.3
"proDAD-Adorage-3.0" = proDAD Adorage 3.0
"proDAD-Mercalli-2.0" = proDAD Mercalli 2.0
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"ProShow Producer" = ProShow Producer
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"ResetDRM" = Windows Media DRM Reset
"Return to Castle Wolfenstein - Platinum Edition" = Return to Castle Wolfenstein - Platinum Edition
"Texturizer" = Texturizer
"The KMPlayer" = The KMPlayer (remove only)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"magicJack" = magicJack
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"XBMC" = XBMC

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

 

OLT pt1:

OTL logfile created on: 10/4/2011 6:50:51 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Minister\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 5.66 Gb Available Physical Memory | 70.73% Memory free
15.99 Gb Paging File | 13.63 Gb Available in Paging File | 85.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 448.60 Gb Free Space | 48.16% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 60.62 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 212.65 Gb Free Space | 22.83% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 116.19 Gb Free Space | 12.47% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 243.91 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive W: | 931.28 Gb Total Space | 931.28 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MINISTER-PC | User Name: Minister | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/10/04 18:21:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Minister\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/07/09 23:11:26 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/17 12:48:50 | 003,412,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- I:\2011\APPS\PROCESS EXPLORER X64\procexp.exe
PRC - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/07/26 19:37:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (No Company Name) ==========

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/25 19:39:11 | 006,272,832 | ---- | M] (Cerberus, LLC) [On_Demand | Stopped] -- C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe -- (Cerberus FTP Server)
SRV:64bit: - [2011/05/24 23:18:38 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/24 20:03:38 | 000,204,288 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/10 12:17:52 | 002,545,152 | ---- | M] (Side Effects Software Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\sesinetd.exe -- (HoudiniLicenseServer)
SRV:64bit: - [2011/05/02 23:54:26 | 002,411,520 | ---- | M] (Side Effects Software Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\hserver.exe -- (HoudiniServer)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/15 01:42:12 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\dgdersvc.exe -- (dgdersvc)
SRV:64bit: - [2010/03/29 17:16:40 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/03/29 17:12:18 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/10/30 02:43:30 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\Drivers\WTSRV.EXE -- (WinTabService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/29 15:43:12 | 000,545,792 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2011/09/21 19:35:17 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/03 04:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/07/09 23:11:26 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/15 23:11:25 | 000,186,760 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2011/05/04 21:50:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/11/22 15:50:26 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/11/09 11:07:44 | 000,246,256 | ---- | M] (CyberLink) [On_Demand | Stopped] -- C:\Program Files (x86)\CyberLink\PowerProducer\BDSDK\NavFilter\kmsvc.exe -- (CLKMSVC10_90970B6B)
SRV - [2010/09/28 17:49:52 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2010/09/21 02:58:52 | 000,113,200 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 02:58:22 | 000,334,384 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 02:58:18 | 000,404,016 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 01:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/09/15 01:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010/09/01 21:48:07 | 000,008,192 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010/08/21 03:16:12 | 000,779,944 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/08/19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/04 23:58:36 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/19 13:08:18 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/07/09 23:11:27 | 000,279,136 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/07/09 23:11:25 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/07/09 23:11:23 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/07/09 23:11:18 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011/05/24 21:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/05/24 21:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 19:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/10 02:41:27 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/30 11:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/13 16:59:52 | 000,107,392 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
DRV:64bit: - [2010/12/07 14:12:24 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010/12/07 14:12:24 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010/12/07 14:12:22 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010/12/07 14:12:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010/11/29 06:56:24 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2010/11/20 06:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 06:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 04:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010/11/20 04:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 02:59:58 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/09/21 02:59:50 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/09/21 02:57:50 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2010/09/21 02:57:40 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/09/21 01:42:38 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/09/20 23:18:14 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/09/20 23:18:14 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/09/15 01:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/09/15 01:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/08/05 17:45:19 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/20 03:38:24 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/07/15 18:11:54 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2010/07/15 18:11:52 | 000,377,840 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2010/06/25 10:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/03/29 17:14:20 | 000,124,760 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/03/29 17:12:02 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/03/29 17:07:50 | 000,164,912 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/09/30 07:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/26 19:54:30 | 000,090,544 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/18 04:42:36 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009/06/18 04:42:18 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009/06/18 04:42:00 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009/06/18 04:41:48 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/04/27 07:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/11/17 21:29:20 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/05/18 18:50:30] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/09/15 01:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/09/15 01:33:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/08/19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 A6 63 06 94 33 CB 01 [binary data]
IE - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.71
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/07 15:27:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/18 23:43:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/03 20:47:43 | 000,000,000 | ---D | M]

[2010/08/03 20:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Minister\AppData\Roaming\Mozilla\Extensions
[2011/07/31 04:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Minister\AppData\Roaming\Mozilla\Firefox\Profiles\qrn066vt.default\extensions
[2011/03/11 22:18:22 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Minister\AppData\Roaming\Mozilla\Firefox\Profiles\qrn066vt.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/04/12 15:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/03 20:29:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/07 15:27:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/03 20:29:06 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/12 23:35:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

 

OLT pt2

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/29 17:25:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1001..\Run: [cdloader] C:\Users\Minister\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022..\Run: [ESET Update] C:\Windows\system32\config\systemprofile\AppData\Local\ESET\ESETUpdate\ESETupdt32.exe File not found
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022..\Run: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe File not found
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022..\Run: [Microsoft Update] C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.exe File not found
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022..\Run: [Programs Update] C:\Windows\system32\config\systemprofile\AppData\Local\Programs\ProgramsUpdate\Programsupdt32.exe File not found
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3472329255-229648851-3892005765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3472329255-229648851-3892005765-1022\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with ImTOO YouTube HD Video Converter - C:\Program Files (x86)\ImTOO\YouTube HD Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with ImTOO YouTube HD Video Converter - C:\Program Files (x86)\ImTOO\YouTube HD Video Converter\upod_link.HTM ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABCA62E0-6C5C-4FF2-A7BB-7BFC3367B0D6}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.pDAD - C:\Windows\SysWow64\prodad-codec.dll (proDAD GmbH)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/04 18:21:44 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Minister\Desktop\OTL.exe
[2011/09/29 22:30:59 | 001,739,400 | ---- | C] (Secunia) -- C:\Users\Minister\Desktop\PSISetup.exe
[2011/09/29 17:25:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/29 16:53:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/29 16:53:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/29 16:53:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/29 16:53:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/29 16:53:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/29 16:53:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/29 16:47:58 | 004,234,747 | R--- | C] (Swearware) -- C:\Users\Minister\Desktop\ComboFix.exe
[2011/09/26 17:59:46 | 000,000,000 | R--D | C] -- C:\Users\Minister\Desktop\Malware N Virus Removal
[2011/09/26 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Minister\AppData\Roaming\Malwarebytes
[2011/09/26 17:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/26 17:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/26 17:35:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/09/26 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/22 20:38:43 | 000,000,000 | ---D | C] -- C:\Users\Minister\Desktop\WORD INCERTS
[2011/09/20 16:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2011/09/20 16:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2011/09/19 17:40:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Software
[2011/09/19 17:40:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET SOFTWARE
[2011/09/19 17:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
[2011/09/19 17:39:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TabletPmt
[2011/09/19 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET
[2011/09/17 21:22:33 | 000,080,944 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmci.sys
[2011/09/17 21:22:31 | 000,068,656 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011/09/17 21:22:05 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011/09/17 21:22:01 | 000,404,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011/09/17 21:22:00 | 000,030,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011/09/17 21:21:57 | 000,968,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011/09/17 21:21:32 | 000,031,792 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2011/09/17 21:21:30 | 000,038,448 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011/09/15 21:43:48 | 000,000,000 | R--D | C] -- C:\Users\Minister\Desktop\JATO 3.3
[2011/09/13 20:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2011/09/12 16:15:29 | 000,000,000 | ---D | C] -- C:\Users\Minister\Games
[2011/09/12 16:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2011/09/11 19:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cerberus LLC
[2011/09/10 16:56:12 | 000,000,000 | ---D | C] -- C:\Users\Minister\Documents\3DMark 11
[2011/09/10 16:55:48 | 000,000,000 | ---D | C] -- C:\Users\Minister\AppData\Local\IsolatedStorage
[2011/09/10 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Minister\AppData\Local\Futuremark_Corporation
[2011/09/10 16:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2011/09/10 16:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2011/09/10 16:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Futuremark
[2010/12/09 12:04:18 | 005,206,720 | ---- | C] (URSoft, Inc. ) -- C:\Users\Minister\AppData\Roaming\yu2010setup7.3.2010.33.exe
[2010/08/05 17:45:19 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Minister\AppData\Roaming\pcouffin.sys
[1 C:\Users\Minister\Documents\*.tmp files -> C:\Users\Minister\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/04 18:46:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/04 18:21:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Minister\Desktop\OTL.exe
[2011/10/04 16:33:45 | 000,001,138 | ---- | M] () -- C:\Users\Minister\Documents\chaseonline.chase.com
[2011/10/04 16:18:37 | 000,001,009 | ---- | M] () -- C:\Users\Minister\Desktop\magicJack.lnk
[2011/10/04 15:17:45 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/04 15:09:55 | 000,025,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 15:09:55 | 000,025,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/04 15:02:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/03 19:51:57 | 000,001,189 | ---- | M] () -- C:\Users\Minister\AppData\Roaming\vso_ts_preview.xml
[2011/10/01 15:46:49 | 000,002,302 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/09/29 22:31:02 | 001,739,400 | ---- | M] (Secunia) -- C:\Users\Minister\Desktop\PSISetup.exe
[2011/09/29 22:22:14 | 000,165,376 | ---- | M] () -- C:\Users\Minister\Desktop\SystemLook_x64.exe
[2011/09/29 17:25:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/29 16:48:13 | 004,234,747 | R--- | M] (Swearware) -- C:\Users\Minister\Desktop\ComboFix.exe
[2011/09/27 21:54:39 | 000,001,809 | ---- | M] () -- C:\Users\Minister\Documents\Firefox Sync Key.html
[2011/09/26 17:35:18 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 21:04:40 | 000,001,803 | ---- | M] () -- C:\Users\Minister\Desktop\1 Farrakhan.lnk
[2011/09/21 20:40:17 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\ImTOO FLV Converter 6.lnk
[2011/09/19 18:00:43 | 000,002,402 | ---- | M] () -- C:\Windows\Tablet4000x3000M.ini
[2011/09/19 17:10:59 | 018,126,192 | ---- | M] () -- C:\Users\Minister\Desktop\ISD_DualTouch_701-8.exe
[2011/09/19 11:33:30 | 009,036,324 | ---- | M] () -- C:\Users\Minister\Documents\AutoRuns.arn
[2011/09/17 21:21:27 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2011/09/16 22:28:03 | 000,000,600 | ---- | M] () -- C:\Users\Minister\AppData\Local\PUTTY.RND
[2011/09/16 19:50:24 | 000,001,078 | ---- | M] () -- C:\Users\Minister\Desktop\putty.lnk
[2011/09/14 21:31:02 | 000,313,784 | ---- | M] () -- C:\Users\Minister\Documents\traxxas 3.3.jpg
[2011/09/13 19:11:57 | 000,731,478 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/13 19:11:57 | 000,629,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/13 19:11:57 | 000,107,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/13 17:14:01 | 000,008,287 | ---- | M] () -- C:\Users\Minister\Documents\Pool Receipt Back.png
[2011/09/13 17:13:35 | 000,019,389 | ---- | M] () -- C:\Users\Minister\Documents\Pool Receipt Front.png
[2011/09/11 18:18:55 | 000,583,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/10 16:54:22 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2011/09/08 21:00:54 | 000,598,509 | ---- | M] () -- C:\Users\Minister\Documents\Frys Invoice.pdf
[2011/09/08 20:53:36 | 000,001,007 | ---- | M] () -- C:\Users\Minister\Desktop\System Explorer.exe - Shortcut.lnk
[2011/09/07 15:27:35 | 000,002,052 | ---- | M] () -- C:\Users\Minister\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/06 21:24:55 | 000,004,972 | ---- | M] () -- C:\Users\Minister\Documents\Rio Ordinary Love.mmp
[2011/09/06 16:05:35 | 000,272,433 | ---- | M] () -- C:\Users\Minister\Documents\2011_social_bully1.pdf
[2011/09/05 14:11:59 | 000,036,864 | ---- | M] () -- C:\Users\Minister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 02:45:42 | 000,001,668 | ---- | M] () -- C:\Users\Minister\Desktop\MP3 MUSIC.lnk
[2011/09/05 00:05:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[1 C:\Users\Minister\Documents\*.tmp files -> C:\Users\Minister\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 16:33:45 | 000,001,138 | ---- | C] () -- C:\Users\Minister\Documents\chaseonline.chase.com
[2011/09/29 22:22:13 | 000,165,376 | ---- | C] () -- C:\Users\Minister\Desktop\SystemLook_x64.exe
[2011/09/29 16:53:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/29 16:53:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/29 16:53:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/29 16:53:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/29 16:53:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/26 17:35:18 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 11:13:06 | 000,001,809 | ---- | C] () -- C:\Users\Minister\Documents\Firefox Sync Key.html
[2011/09/21 21:03:39 | 000,001,803 | ---- | C] () -- C:\Users\Minister\Desktop\1 Farrakhan.lnk
[2011/09/21 20:40:17 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\ImTOO FLV Converter 6.lnk
[2011/09/19 18:00:43 | 000,002,402 | ---- | C] () -- C:\Windows\Tablet4000x3000M.ini
[2011/09/19 17:10:53 | 018,126,192 | ---- | C] () -- C:\Users\Minister\Desktop\ISD_DualTouch_701-8.exe
[2011/09/19 11:26:44 | 009,036,324 | ---- | C] () -- C:\Users\Minister\Documents\AutoRuns.arn
[2011/09/16 22:24:18 | 000,000,600 | ---- | C] () -- C:\Users\Minister\AppData\Local\PUTTY.RND
[2011/09/16 19:50:24 | 000,001,078 | ---- | C] () -- C:\Users\Minister\Desktop\putty.lnk
[2011/09/14 21:31:00 | 000,313,784 | ---- | C] () -- C:\Users\Minister\Documents\traxxas 3.3.jpg
[2011/09/13 17:14:01 | 000,008,287 | ---- | C] () -- C:\Users\Minister\Documents\Pool Receipt Back.png
[2011/09/13 17:13:34 | 000,019,389 | ---- | C] () -- C:\Users\Minister\Documents\Pool Receipt Front.png
[2011/09/10 16:54:22 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2011/09/08 21:00:54 | 000,598,509 | ---- | C] () -- C:\Users\Minister\Documents\Frys Invoice.pdf
[2011/09/08 20:53:36 | 000,001,007 | ---- | C] () -- C:\Users\Minister\Desktop\System Explorer.exe - Shortcut.lnk
[2011/09/06 21:24:55 | 000,004,972 | ---- | C] () -- C:\Users\Minister\Documents\Rio Ordinary Love.mmp
[2011/09/06 16:05:35 | 000,272,433 | ---- | C] () -- C:\Users\Minister\Documents\2011_social_bully1.pdf
[2011/09/05 02:44:22 | 000,001,668 | ---- | C] () -- C:\Users\Minister\Desktop\MP3 MUSIC.lnk
[2011/09/05 00:05:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2011/08/28 20:45:46 | 000,000,635 | ---- | C] () -- C:\Windows\rtcwgoty.INI
[2011/08/28 20:42:46 | 000,001,011 | ---- | C] () -- C:\Windows\RTCWPLAT.INI
[2011/08/04 22:37:26 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\Peace.ini
[2011/08/04 22:35:00 | 000,000,091 | ---- | C] () -- C:\Windows\SysWow64\Winter.ini
[2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/06/18 20:18:15 | 000,322,004 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/06/05 21:42:58 | 000,000,889 | ---- | C] () -- C:\Windows\aopr.ini
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/19 15:29:00 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2011/05/14 00:55:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/05/03 21:37:59 | 000,000,392 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/20 20:19:03 | 000,081,920 | -H-- | C] () -- C:\Windows\SysWow64\v3shrtkgn.dll
[2011/02/09 17:48:38 | 000,000,071 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/01/10 03:19:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/01/10 03:07:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/12 22:32:07 | 000,000,109 | ---- | C] () -- C:\Windows\Biblerp.ini
[2010/11/12 22:13:22 | 000,006,147 | ---- | C] () -- C:\Windows\PCLICSB.DAT
[2010/11/12 22:13:22 | 000,000,258 | RH-- | C] () -- C:\Windows\SysWow64\LMF.DAT
[2010/11/12 22:13:02 | 000,132,096 | ---- | C] () -- C:\Program Files (x86)\Common Files\PCSBoff.exe
[2010/10/17 09:43:23 | 000,000,017 | ---- | C] () -- C:\Users\Minister\AppData\Local\resmon.resmoncfg
[2010/09/15 01:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010/09/15 01:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010/09/15 01:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010/09/15 01:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/09/13 15:24:16 | 000,000,020 | -HS- | C] () -- C:\Users\Minister\AppData\Roaming\Windows3718.Settings Collection.bin
[2010/09/13 15:24:16 | 000,000,020 | -HS- | C] () -- C:\Windows\Win9782.DataCollection.sys
[2010/09/01 21:50:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2010/08/30 00:29:24 | 000,036,864 | ---- | C] () -- C:\Users\Minister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 21:39:58 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2010/08/08 16:01:08 | 000,746,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/05 17:46:51 | 000,001,189 | ---- | C] () -- C:\Users\Minister\AppData\Roaming\vso_ts_preview.xml
[2010/08/05 17:45:19 | 000,099,384 | ---- | C] () -- C:\Users\Minister\AppData\Roaming\inst.exe
[2010/08/05 17:45:19 | 000,007,859 | ---- | C] () -- C:\Users\Minister\AppData\Roaming\pcouffin.cat
[2010/08/05 17:45:19 | 000,001,167 | ---- | C] () -- C:\Users\Minister\AppData\Roaming\pcouffin.inf
[2010/08/03 06:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/04/16 10:43:39 | 000,036,044 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/03/03 18:48:14 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2009/11/09 15:21:02 | 000,066,560 | ---- | C] () -- C:\Windows\SysWow64\ntrights.exe
[2009/10/30 03:11:50 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll
[2009/10/05 15:09:42 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\PtSSE2.dll
[2009/10/05 15:09:42 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\Cpuinf32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006/10/21 15:30:18 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\ISP2000.dll
[2006/10/21 15:30:16 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll
[2006/10/21 15:30:16 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2004/05/10 08:33:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe

========== LOP Check ==========

[2011/04/27 18:18:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ableton
[2011/01/19 23:03:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bioshock2
[2011/04/23 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Pro
[2011/03/20 23:09:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2011/08/23 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ERS Game Studios
[2011/04/23 22:35:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ludia Inc
[2011/05/10 05:51:40 | 000,000,000 | ---D | M] -- C:\Users\Lady Michele\AppData\Roaming\DAEMON Tools Pro
[2011/05/10 05:51:51 | 000,000,000 | ---D | M] -- C:\Users\Lady Michele\AppData\Roaming\DameWare Development
[2011/09/22 06:49:41 | 000,000,000 | ---D | M] -- C:\Users\Lady Michele\AppData\Roaming\ImTOO
[2011/05/10 19:41:21 | 000,000,000 | ---D | M] -- C:\Users\Lady Michele\AppData\Roaming\TOMI3
[2010/12/25 23:45:44 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\2K Games
[2010/08/07 19:38:26 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\A4DeskPro
[2011/02/02 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Ableton
[2011/07/09 23:16:28 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Acronis
[2011/05/02 14:33:41 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\AlderGames
[2010/08/05 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Ashampoo
[2011/05/03 22:28:18 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Avid
[2010/09/13 22:47:50 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Babylon
[2011/01/04 18:04:10 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Bioshock
[2011/04/16 19:30:48 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Blue Tea Games
[2011/07/05 20:16:19 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Clone2Go DVD Ripper
[2011/08/26 19:33:15 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Coby
[2011/08/29 01:39:16 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Coby Media Manager
[2011/06/27 21:21:27 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\DAEMON Tools Pro
[2011/05/08 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\DameWare Development
[2011/04/14 16:42:51 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\DarkParablesBriarRoseSE_BFG
[2010/10/25 00:14:21 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\DiskAid
[2011/05/21 20:46:04 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\DreamWoods2ScreenShot
[2010/12/27 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\DriverCure
[2011/05/10 18:00:56 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Elephant Games
[2011/05/21 23:18:51 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Enki Games
[2011/05/21 20:24:06 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\FairyTale
[2011/04/30 21:23:13 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Funswitch
[2011/06/29 22:33:54 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\GetRightToGo
[2011/06/09 15:45:15 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\GigantGames
[2011/02/07 00:00:54 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\HU2011
[2011/09/21 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\ImTOO
[2011/02/04 21:22:17 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\ImTOO Software Studio
[2010/09/13 15:24:15 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\jv16PTPortableBackup
[2011/05/15 09:27:26 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\KillBox
[2011/04/23 18:42:14 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Ludia Inc
[2011/06/27 07:45:46 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\magicJackOutlookAddIn
[2011/04/30 23:22:52 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\MAGIX
[2011/06/05 18:38:35 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Maximize Games
[2011/10/04 16:18:38 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\mjusbsp
[2011/09/04 03:22:13 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\MOBILedit
[2011/09/13 19:38:56 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\MOBILeditForensic
[2011/05/20 15:15:26 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\My Games
[2011/05/15 23:11:27 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Netscape
[2011/05/16 16:09:35 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Orneon
[2011/05/03 22:28:10 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\PACE Anti-Piracy
[2010/12/27 13:40:12 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\ParetoLogic
[2011/05/15 23:10:19 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Photodex
[2011/04/14 22:43:18 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\proDAD
[2011/02/24 17:02:36 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Propellerhead Software
[2011/08/20 18:09:25 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\ReelDealSlotQuest_Alice
[2011/04/22 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Rift
[2010/10/25 17:40:21 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Samsung
[2011/05/13 12:57:14 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Silverback Productions
[2011/05/10 17:19:12 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\SpinTop Games
[2011/04/13 18:52:39 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\SystemRequirementsLab
[2011/09/18 10:44:52 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Thinstall
[2011/05/07 21:13:14 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\TOMI3
[2010/08/05 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\URSoft
[2011/06/02 15:24:45 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Vogat Interactive
[2011/10/03 19:30:52 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\Vso
[2011/07/09 16:29:33 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\XBMC
[2011/05/20 14:45:12 | 000,000,000 | ---D | M] -- C:\Users\Minister\AppData\Roaming\YoudaGames
[2011/04/11 13:15:40 | 000,000,000 | ---D | M] -- C:\Users\Traveler\AppData\Roaming\DAEMON Tools Pro
[2011/09/15 21:29:29 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2011/08/02 06:59:33 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/03/27 10:48:06 | 000,003,500 | ---- | M] () -- C:\0.bak
[2010/10/25 17:40:21 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011/05/13 23:35:31 | 000,635,529 | ---- | M] () -- C:\BESR2010PatchLog.txt
[2011/09/29 17:36:14 | 000,035,568 | ---- | M] () -- C:\ComboFix.txt
[2001/09/05 21:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/10/04 15:02:02 | 4292,403,199 | -HS- | M] () -- C:\pagefile.sys
[2010/11/12 23:00:56 | 000,000,320 | ---- | M] () -- C:\pcsbinit.log

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/07/13 22:01:14 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/05 09:26:11 | 000,000,221 | -HS- | M] () -- C:\Users\Minister\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 16:08:25 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Minister\Desktop\ATF-Cleaner.exe
[2011/09/29 16:48:13 | 004,234,747 | R--- | M] (Swearware) -- C:\Users\Minister\Desktop\ComboFix.exe
[2011/09/19 17:10:59 | 018,126,192 | ---- | M] () -- C:\Users\Minister\Desktop\ISD_DualTouch_701-8.exe
[2011/10/04 18:21:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Minister\Desktop\OTL.exe
[2010/12/21 22:40:17 | 000,916,032 | ---- | M] (Sysinternals) -- C:\Users\Minister\Desktop\procexp64.exe
[2011/09/29 22:31:02 | 001,739,400 | ---- | M] (Secunia) -- C:\Users\Minister\Desktop\PSISetup.exe
[2011/09/29 22:22:14 | 000,165,376 | ---- | M] () -- C:\Users\Minister\Desktop\SystemLook_x64.exe

< %PROGRAMFILES%\Common Files\*.* >
[2003/07/25 10:38:08 | 000,132,096 | ---- | M] () -- C:\Program Files (x86)\Common Files\PCSBoff.exe

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/08/09 19:54:24 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/08/09 19:54:24 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/03/21 00:32:27 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/03/21 00:32:27 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/08/09 19:54:25 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/03/21 10:51:00 | 000,000,402 | -HS- | M] () -- C:\Users\Minister\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/03 23:02:27 | 000,001,426 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2011/05/03 21:37:59 | 000,000,392 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/18 18:15:31 | 000,000,177 | ---- | M] () -- C:\ProgramData\Temp.log
[2011/05/22 20:15:10 | 000,000,067 | ---- | M] () -- C:\ProgramData\__FileUploader.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:443E07A5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:1ECED34B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2AF322BF
@Alternate Data Stream - 1291 bytes -> C:\Users\Minister\AppData\Local\Temp:zJ7AAXJ1sObtqfVZObbWzp787
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B0456F0C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:19474103
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E5B07840
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6E2D80C8
@Alternate Data Stream - 1241 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:1S2DRVxbOaDyXMoBZG7SBz
@Alternate Data Stream - 1236 bytes -> C:\ProgramData\Microsoft:YVKJdTuNgGl1VsNL3X6sbgFkB4
@Alternate Data Stream - 1234 bytes -> C:\ProgramData\Microsoft:VEqBDRXGveY1MUKMT5GBmmdAQnI
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2B856118
@Alternate Data Stream - 1151 bytes -> C:\ProgramData\Microsoft:iB72wIqc3j20EmseUQoq2T4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:67B5DDD6

< End of report >

 

Ok I have a problem here... after the reboot, I cannot find the OLT log file. Can I run it again... or is it somewhere on my PC?

 

2nd run of the OTL file:

All processes killed
========== OTL ==========
File/Folder C:\Users\Minister\Documents\*.tmp not found.
Unable to delete ADS C:\ProgramData\TEMP:1CE11B51 .
Unable to delete ADS C:\ProgramData\TEMP:443E07A5 .
Unable to delete ADS C:\ProgramData\TEMP:1ECED34B .
Unable to delete ADS C:\ProgramData\TEMP:2AF322BF .
Unable to delete ADS C:\Users\Minister\AppData\Local\Temp:zJ7AAXJ1sObtqfVZObbWzp787 .
Unable to delete ADS C:\ProgramData\TEMP:B0456F0C .
Unable to delete ADS C:\ProgramData\TEMP:19474103 .
Unable to delete ADS C:\ProgramData\TEMP:E5B07840 .
Unable to delete ADS C:\ProgramData\TEMP:6E2D80C8 .
Unable to delete ADS C:\Program Files (x86)\Common Files\microsoft shared:1S2DRVxbOaDyXMoBZG7SBz .
Unable to delete ADS C:\ProgramData\Microsoft:YVKJdTuNgGl1VsNL3X6sbgFkB4 .
Unable to delete ADS C:\ProgramData\Microsoft:VEqBDRXGveY1MUKMT5GBmmdAQnI .
Unable to delete ADS C:\ProgramData\TEMP:2B856118 .
Unable to delete ADS C:\ProgramData\Microsoft:iB72wIqc3j20EmseUQoq2T4 .
Unable to delete ADS C:\ProgramData\TEMP:1CB4A530 .
Unable to delete ADS C:\ProgramData\TEMP:67B5DDD6 .
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lady Michele
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Minister
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12146721 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Traveler
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Minister-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 844 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12.00 mb


[EMPTYFLASH]

User: Admin

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lady Michele
->Flash cache emptied: 0 bytes

User: Minister
->Flash cache emptied: 0 bytes

User: Public

User: Traveler
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.Minister-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10042011_213001

Files\Folders moved on Reboot...
C:\Users\Minister\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

Moving of to Security Check...

 

Security Check:

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Windows Media DRM Reset
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player 10.3.183.5
Adobe Reader 9.4.5
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Windows7FirewallControl Windows7FirewallService.exe
Windows7FirewallControl Windows7FirewallControl.exe
``````````End of Log````````````

 

Scanning Report
Tuesday, October 4, 2011 21:59:10 - 22:06:23

Computer name: MINISTER-PC
Scanning type: Quick scan
Target: System
8 malware found
Application.Nirsoft.RDPassView (spyware)

System (Not cleaned)

TrackingCookie.2o7 (spyware)

System (Disinfected)

TrackingCookie.Atdmt (spyware)

System (Disinfected)

TrackingCookie.Fastclick (spyware)

System (Disinfected)

Hack-Tool:W32/Darkgain.W (spyware)

System (Not cleaned)

Trojan.Generic.6681334 (spyware)

System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

System (Disinfected)

Gen:Application.Heur.dq0@b0sqDdpO (spyware)

System (Not cleaned)

Statistics
Scanned:

Files: 7908
System: 7908
Not scanned: 0

Actions:

Disinfected: 5
Renamed: 0
Deleted: 0
Not cleaned: 3
Submitted: 0

 

I will do this tomorrow... I have to get up in 4 hours... but I will update with the following after work. Thank you for you time... even if I don't know what was done LOL... but it was very interesting to see how hard it is to get rid of that un-wanted stuff!!! Again thanks!

 

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lady Michele
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Minister
->Temp folder emptied: 553255745 bytes
->Temporary Internet Files folder emptied: 772631 bytes
->Java cache emptied: 29633 bytes
->FireFox cache emptied: 19666970 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Traveler
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser.Minister-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 547.00 mb


[EMPTYFLASH]

User: Admin

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Lady Michele
->Flash cache emptied: 0 bytes

User: Minister
->Flash cache emptied: 0 bytes

User: Public

User: Traveler
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.Minister-PC
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.29.1 log created on 10042011_223846

Files\Folders moved on Reboot...
C:\Users\Minister\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

We are good to go!!! I have to install a few programs that was uninstalled but my PC is back to smooth sailing!!! Thanks for your time and efforts to get rid of that issue! I will follow your recommendations to hopefully keep it this way...