Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Running Slow and Nothing is Working [Closed]


  • This topic is locked This topic is locked

#16
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Nuts, forgot a bracket :)

%WINDIR%\SWReg null query "HKEY_USERS\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F0FB132-8310-1A66-EF0A-0BD8D873EC9A}" /s >> C:\exportnulls.txt
  • 0

Advertisements


#17
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell extensions\approved\{8f0fb132-8310-1a66-ef0a-0bd8d873ec9a does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: s-1-5-21-1043806178-727526901-2694514658-1000\software\microsoft\windows\currentversion\shell extensions\approved\{8f0fb132-8310-1a66-ef0a-0bd8d873ec9a} does not exist!
  • 0

#18
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Okay, looks like its not going to work :)

I wonder if its actually been deleted, as it was there in the ComboFix log. I'll look at this thread fully when I get home, as I'm at work :yes:
  • 0

#19
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
Sounds like a plan. Keep me updated.
  • 0

#20
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Sorry, weekends are my 'I'm not here' time. Okay, as a few programs are having problems running, from your original post, see if this will work:

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

eddie
  • 0

#21
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
Logfile of random's system information tool 1.09 (written by random/random)
Run by Chris Reaper at 2011-10-31 19:44:49
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 94 GB (32%) free of 290 GB
Total RAM: 4061 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:24 PM, on 10/31/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Program Files (x86)\Brownie\brpjp04a.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chris Reaper\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Chris Reaper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:  C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bradford Persistent Agent Service (BNPagent) - Bradford Networks - C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastBootAgent - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Lexar Media, Inc. - C:\Windows\system32\LxrSII1s.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Nortel VPN Client (NvcSvcMgr) - Nortel Networks - C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14065 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://www.google.com/"
prefs.js - "extensions.enabledItems" -  "{c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6760, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5, {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5, [email protected]:1.2.3, {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10, {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2, {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, [email protected]:2.1.1, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323, {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94, [email protected]:3.3.3.2, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" -  "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npCouponPrinter.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npCouponPrinter.dll
npdeployJava1.dll
npDivxPlayerPlugin.dll
npMozCouponPrinter.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nsIDivxPlayerPlugin.xpt
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml

C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\
[email protected]
[email protected]
{258735dc-6743-4805-95fc-f95941fffdad}
{3EC9C995-8072-4fc0-953E-4F30620D17F3}
{6AC85730-7D0F-4de0-B3FA-21142DD85326}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{c45c406e-ab73-11d8-be73-000a95be3b12}
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}

C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\searchplugins\
aim-search.xml
daemon-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07 3118976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-09-22 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll [2010-08-24 612616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-10-11 258512]
"BrStsWnd"=C:\Program Files (x86)\Brownie\BrstsW64.exe [2009-08-19 3695928]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-10-09 421736]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2011-08-31 449608]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-09-05 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\AsScrProlog.exe [2009-10-04 72248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2009-10-04 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\SysWOW64\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2011-04-10 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"vidc.iv50"=ir50_32.dll
"wave4"=wdmaud.drv
"mixer4"=wdmaud.drv
"midi4"=wdmaud.drv
"wave5"=wdmaud.drv
"mixer5"=wdmaud.drv
"midi5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - 

======List of files/folders created in the last 3 months======

2011-10-31 19:44:49 ----D---- C:\rsit
2011-10-28 18:49:48 ----D---- C:\ProgramData\PreEmptive Solutions
2011-10-28 18:20:21 ----D---- C:\ProgramData\VS
2011-10-28 17:59:06 ----A---- C:\Windows\SysWOW64\shell32.dll
2011-10-28 13:53:30 ----D---- C:\Program Files (x86)\QuickTime
2011-10-25 20:00:12 ----A---- C:\exportnulls.txt
2011-10-19 09:43:05 ----SHD---- C:\$RECYCLE.BIN
2011-10-18 19:46:59 ----A---- C:\TDSSKiller.2.6.10.0_18.10.2011_19.46.59_log.txt
2011-10-16 20:04:16 ----A---- C:\ComboFix.txt
2011-10-16 19:37:33 ----A---- C:\Windows\zip.exe
2011-10-16 19:37:33 ----A---- C:\Windows\SWSC.exe
2011-10-16 19:37:33 ----A---- C:\Windows\SWREG.exe
2011-10-16 19:37:33 ----A---- C:\Windows\sed.exe
2011-10-16 19:37:33 ----A---- C:\Windows\PEV.exe
2011-10-16 19:37:33 ----A---- C:\Windows\NIRCMD.exe
2011-10-16 19:37:33 ----A---- C:\Windows\MBR.exe
2011-10-16 19:37:33 ----A---- C:\Windows\grep.exe
2011-10-16 19:37:24 ----D---- C:\Windows\ERDNT
2011-10-16 19:37:22 ----D---- C:\username123
2011-10-16 19:36:17 ----D---- C:\Qoobox
2011-10-14 08:56:35 ----A---- C:\Windows\SysWOW64\javaws.exe
2011-10-14 08:56:35 ----A---- C:\Windows\SysWOW64\javaw.exe
2011-10-14 08:56:35 ----A---- C:\Windows\SysWOW64\java.exe
2011-10-14 07:42:29 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-10-14 07:42:28 ----A---- C:\Windows\SysWOW64\url.dll
2011-10-14 07:42:28 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-10-14 07:42:27 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-10-14 07:42:25 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-10-14 07:42:24 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-10-14 07:42:22 ----A---- C:\Windows\SysWOW64\jscript9.dll
2011-10-14 07:42:22 ----A---- C:\Windows\SysWOW64\jscript.dll
2011-10-14 07:42:21 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-10-14 07:42:19 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-10-14 07:42:15 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-10-13 12:35:45 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2011-10-13 12:35:35 ----A---- C:\Windows\SysWOW64\oleaut32.dll
2011-10-13 12:35:35 ----A---- C:\Windows\SysWOW64\oleacc.dll
2011-10-13 08:33:40 ----D---- C:\Program Files (x86)\iTunes
2011-10-13 08:30:05 ----D---- C:\Program Files (x86)\Bonjour
2011-10-11 12:54:43 ----A---- C:\Windows\BRVIDEO.INI
2011-10-11 12:54:43 ----A---- C:\Windows\brmx2001.ini
2011-10-11 12:54:42 -------- C:\Windows\SysWOW64\brlmw03a.ini
2011-10-11 12:54:42 -------- C:\Windows\SysWOW64\brlmw03a.dll
2011-10-11 12:54:40 ----D---- C:\Program Files (x86)\Brownie
2011-10-11 12:54:40 ----A---- C:\Windows\HL-2140.INI
2011-10-11 12:53:19 ----A---- C:\Windows\SysWOW64\BD2140.DAT
2011-10-11 12:53:19 ----A---- C:\Windows\BRWMARK.INI
2011-10-11 12:53:11 ----D---- C:\Program Files (x86)\Brother
2011-10-11 12:53:11 ----A---- C:\Windows\SysWOW64\BRRBTOOL.EXE
2011-10-11 12:53:11 ----A---- C:\Windows\SysWOW64\BRLM03A.DLL
2011-10-11 12:53:11 -------- C:\Windows\SysWOW64\Pdrvinst.dll
2011-10-11 12:53:11 -------- C:\Windows\SysWOW64\BROSNMP.DLL
2011-10-11 12:52:48 ----A---- C:\Windows\Brownie.ini
2011-10-11 09:37:10 ----D---- C:\Users\Chris Reaper\AppData\Roaming\Avira
2011-10-11 09:35:12 ----D---- C:\ProgramData\Avira
2011-10-11 09:35:12 ----D---- C:\Program Files (x86)\Avira
2011-10-08 09:31:59 ----D---- C:\Program Files (x86)\Google
2011-10-08 09:06:13 ----AH---- C:\Windows\SysWOW64\mlfcache.dat
2011-10-03 17:54:37 ----D---- C:\Program Files (x86)\Trend Micro
2011-10-02 22:12:34 ----D---- C:\Users\Chris Reaper\AppData\Roaming\PrimoPDF
2011-10-02 22:10:43 ----D---- C:\Users\Chris Reaper\AppData\Roaming\OpenCandy
2011-10-02 22:10:41 ----D---- C:\Program Files (x86)\Nitro PDF
2011-09-28 14:35:24 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2011-09-28 14:28:05 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2011-09-28 14:27:54 ----D---- C:\Program Files (x86)\IIS
2011-09-28 14:17:14 ----D---- C:\Program Files (x86)\Common Files\Designer
2011-09-28 14:16:40 ----D---- C:\Windows\SysWOW64\1033
2011-09-28 14:15:00 ----D---- C:\Program Files (x86)\Microsoft F#
2011-09-28 14:15:00 ----D---- C:\Program Files (x86)\HTML Help Workshop
2011-09-28 14:14:59 ----D---- C:\Program Files (x86)\Common Files\Merge Modules
2011-09-28 14:06:43 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0
2011-09-28 14:05:51 ----D---- C:\Program Files (x86)\Microsoft SDKs
2011-09-23 12:27:13 ----D---- C:\ProgramData\Nortel
2011-09-23 12:27:12 ----D---- C:\Program Files (x86)\Nortel
2011-09-23 12:26:43 ----A---- C:\Windows\SysWOW64\MadCHook.dll
2011-09-23 12:26:31 ----D---- C:\Program Files (x86)\PharosSystems
2011-09-23 12:25:55 ----D---- C:\Program Files (x86)\Pharos
2011-09-23 12:25:25 ----D---- C:\Temp
2011-09-22 13:54:54 ----D---- C:\Program Files (x86)\Application Verifier
2011-09-22 13:53:15 ----D---- C:\Windows\symbols
2011-09-22 13:53:10 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2011-09-19 19:06:31 ----D---- C:\Program Files (x86)\ASUS Bluetooth Suite
2011-09-19 18:27:54 ----A---- C:\Windows\SysWOW64\LxrSII1s.exe
2011-09-19 18:27:52 ----A---- C:\Windows\SysWOW64\LxrSII1.dll
2011-09-07 13:57:53 ----D---- C:\Users\Chris Reaper\AppData\Roaming\Mathematica
2011-09-07 11:57:30 ----D---- C:\Program Files (x86)\Common Files\Wolfram Research
2011-09-07 11:57:30 ----D---- C:\Program Files (x86)\Common Files\ResearchSoft
2011-09-07 11:57:29 ----D---- C:\ProgramData\Mathematica
2011-09-07 11:48:51 ----A---- C:\Windows\SysWOW64\mlmodule32.dll
2011-09-07 11:48:51 ----A---- C:\Windows\SysWOW64\ml32i3.dll
2011-09-07 11:48:50 ----A---- C:\Windows\SysWOW64\ml32i2.dll
2011-09-07 11:48:50 ----A---- C:\Windows\SysWOW64\ml32i1.dll
2011-08-30 23:05:04 ----A---- C:\Windows\SysWOW64\jdns_sd.dll
2011-08-30 23:05:04 ----A---- C:\Windows\SysWOW64\dnssdX.dll
2011-08-30 23:05:04 ----A---- C:\Windows\SysWOW64\dns-sd.exe
2011-08-30 23:05:04 ----A---- C:\Windows\SysWOW64\dnssd.dll
2011-08-28 21:23:16 ----D---- C:\Program Files (x86)\Maple 15
2011-08-23 23:14:03 ----A---- C:\Windows\SysWOW64\tzres.dll
2011-08-23 11:47:04 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2011-08-23 11:44:28 ----D---- C:\BcmSqlSetup
2011-08-23 11:02:17 ----D---- C:\Program Files (x86)\Microsoft Lync
2011-08-23 10:38:47 ----D---- C:\Windows\PCHEALTH
2011-08-23 10:36:35 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-08-23 10:35:15 ----D---- C:\Program Files (x86)\Microsoft Analysis Services
2011-08-23 10:33:31 ----RHD---- C:\MSOCache
2011-08-22 21:51:39 ----D---- C:\Users\Chris Reaper\AppData\Roaming\e-academy Inc
2011-08-21 13:07:51 ----D---- C:\Program Files (x86)\MSN Toolbar
2011-08-21 13:07:19 ----D---- C:\Users\Chris Reaper\AppData\Roaming\HpUpdate
2011-08-21 13:05:49 ----D---- C:\ProgramData\HP
2011-08-21 13:05:43 ----D---- C:\Program Files (x86)\HP
2011-08-12 22:54:28 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-08-10 16:23:06 ----A---- C:\Windows\SysWOW64\xmllite.dll
2011-08-10 16:23:03 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2011-08-10 16:23:03 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2011-08-10 16:23:02 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2011-08-10 16:23:02 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2011-08-10 16:23:02 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2011-08-10 16:22:27 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-08-10 16:22:26 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-08-10 16:22:26 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-08-10 16:22:26 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-08-10 16:22:26 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-10 16:22:25 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-10 16:22:24 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-10 16:22:24 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-10 16:22:24 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-10 16:22:24 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-10 16:22:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-10 16:22:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-10 16:22:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-10 16:22:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-10 16:22:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-10 16:22:23 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-10 16:22:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-10 16:22:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-10 16:22:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-10 16:22:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-10 16:22:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-10 16:22:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-10 16:22:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-10 16:22:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-10 16:22:20 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-10 16:22:19 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-10 16:22:19 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-10 16:22:19 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-08-10 16:22:18 ----A---- C:\Windows\SysWOW64\user.exe
2011-08-10 16:22:11 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-10 16:22:10 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2011-08-10 15:56:45 ----D---- C:\Program Files (x86)\LynxMessenger
2011-08-10 15:56:43 ----D---- C:\Windows\Lynx
2011-08-10 11:12:59 ----D---- C:\ProgramData\Bradford Networks
2011-08-10 11:12:56 ----D---- C:\Program Files (x86)\Bradford Networks
2011-08-06 23:38:58 ----D---- C:\Users\Chris Reaper\AppData\Roaming\ManyCam
2011-08-06 23:38:03 ----D---- C:\Program Files (x86)\ManyCam

======List of files/folders modified in the last 3 months======

2011-10-31 19:45:05 ----D---- C:\Windows\Temp
2011-10-31 19:44:51 ----D---- C:\Windows\Prefetch
2011-10-31 08:52:09 ----SHD---- C:\System Volume Information
2011-10-31 07:52:59 ----D---- C:\Windows\System32
2011-10-31 07:50:24 ----D---- C:\Windows\SysWOW64\drivers
2011-10-30 23:57:40 ----D---- C:\Users\Chris Reaper\AppData\Roaming\Skype
2011-10-30 22:30:21 ----D---- C:\Windows\Microsoft.NET
2011-10-30 22:26:59 ----RSD---- C:\Windows\assembly
2011-10-30 21:14:25 ----SHD---- C:\Windows\Installer
2011-10-30 21:14:25 ----D---- C:\Config.Msi
2011-10-28 20:56:01 ----D---- C:\Windows\winsxs
2011-10-28 20:51:56 ----D---- C:\Windows\SysWOW64
2011-10-28 18:49:48 ----D---- C:\ProgramData
2011-10-28 18:35:22 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-10-28 13:53:30 ----D---- C:\Program Files (x86)
2011-10-27 12:53:20 ----D---- C:\Windows\inf
2011-10-27 08:48:53 ----RD---- C:\Users
2011-10-26 07:58:12 ----D---- C:\Windows
2011-10-24 20:54:21 ----RSD---- C:\Windows\Fonts
2011-10-24 09:25:39 ----D---- C:\Program Files (x86)\JDownloader
2011-10-20 13:41:29 ----D---- C:\Users\Chris Reaper\AppData\Roaming\Notepad++
2011-10-20 13:41:01 ----D---- C:\Windows\debug
2011-10-20 13:40:25 ----D---- C:\Program Files (x86)\CCleaner
2011-10-16 19:57:48 ----A---- C:\Windows\system.ini
2011-10-16 19:49:30 ----D---- C:\Windows\AppPatch
2011-10-16 19:49:24 ----D---- C:\Program Files (x86)\Common Files
2011-10-15 00:12:36 ----RD---- C:\Program Files (x86)\Skype
2011-10-14 23:56:58 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-14 11:57:57 ----D---- C:\Users\Chris Reaper\AppData\Roaming\Download Manager
2011-10-14 08:58:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 08:57:29 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-14 08:57:28 ----D---- C:\Windows\SysWOW64\migration
2011-10-14 08:57:27 ----D---- C:\Windows\ehome
2011-10-14 08:56:27 ----D---- C:\Program Files (x86)\Java
2011-10-13 08:33:41 ----RD---- C:\Program Files
2011-10-13 08:33:40 ----D---- C:\Program Files (x86)\Common Files\Apple
2011-10-11 12:53:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-10-11 12:52:29 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-10-08 09:32:05 ----D---- C:\Windows\Tasks
2011-10-07 13:47:10 ----A---- C:\Windows\SysWOW64\guard32.dll
2011-10-03 20:47:01 ----D---- C:\Users\Chris Reaper\AppData\Roaming\DAEMON Tools Lite
2011-10-03 20:46:32 ----D---- C:\Windows\Panther
2011-10-03 17:15:26 ----D---- C:\Windows\pss
2011-10-02 23:02:05 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2011-10-02 09:55:51 ----D---- C:\ProgramData\Microsoft Help
2011-09-28 14:35:24 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-09-28 14:27:07 ----SD---- C:\Users\Chris Reaper\AppData\Roaming\Microsoft
2011-09-28 14:27:07 ----SD---- C:\ProgramData\Microsoft
2011-09-28 14:03:31 ----D---- C:\Program Files (x86)\Britannica 10.0
2011-09-25 10:48:54 ----D---- C:\Windows\Minidump
2011-09-22 13:44:43 ----D---- C:\Program Files (x86)\MSBuild
2011-09-06 23:06:01 ----A---- C:\Windows\win.ini
2011-08-24 20:33:47 ----D---- C:\Windows\rescache
2011-08-24 07:44:26 ----D---- C:\Windows\SysWOW64\en-US
2011-08-23 10:40:54 ----D---- C:\Windows\ShellNew
2011-08-23 10:38:47 ----D---- C:\Program Files (x86)\Microsoft.NET
2011-08-23 07:38:53 ----D---- C:\Program Files (x86)\Microsoft Office
2011-08-23 07:38:50 ----D---- C:\Program Files (x86)\Microsoft Works
2011-08-21 13:07:56 ----D---- C:\Program Files (x86)\Bing Bar Installer
2011-08-21 13:05:43 ----D---- C:\Windows\twain_32
2011-08-21 00:07:04 ----D---- C:\ProgramData\Skype
2011-08-12 22:54:32 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-08-08 18:09:58 ----D---- C:\Windows\Logs
2011-08-02 00:14:53 ----D---- C:\Users\Chris Reaper\AppData\Roaming\Hoyle Puzzle and Board Games

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AsDsm;AsDsm; C:\Windows\SysWOW64\drivers\AsDsm.sys []
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys []
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys []
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys []
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys []
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 adfs;adfs; C:\Windows\SysWOW64\drivers\adfs.sys []
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 LxrSII1d;Secure II Driver; \??\C:\Windows\System32\Drivers\LxrSII1d.sys []
R2 nvcwfpco;nvcwfpco; C:\Windows\system32\DRIVERS\nvcwfpco.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1E62x64.sys []
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys []
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys []
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 NT_NvcA;Nortel VPN Adapter; C:\Windows\system32\DRIVERS\ntnvca.sys []
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys []
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys []
S3 AthDfu;Atheros Valkyrie USB BootROM; C:\Windows\System32\Drivers\AthDfu.sys []
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys []
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys []
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys []
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys []
S3 BthAvrcp;Bluetooth AVRCP Profile; C:\Windows\system32\DRIVERS\BthAvrcp.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 catchme;catchme; \??\C:\username123\catchme.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys []
S3 PulseUsb;Livescribe Smartpen USB Driver; C:\Windows\system32\DRIVERS\PulseUsb.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys []
S3 StarOpen;StarOpen; C:\Windows\SysWOW64\drivers\StarOpen.sys []
S3 TIEHDUSB;TI Core USB Driver; C:\Windows\system32\DRIVERS\tiehdusb.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\Windows\TEMP\mc2D2B9.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe []
R2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-11 110032]
R2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-09 55144]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BNPagent;Bradford Persistent Agent Service; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2011-03-07 3079960]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CinemaNow Service;CinemaNow Service; C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 2663568]
R2 FastBootAgent;FastBootAgent; C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-23 306232]
R2 LxrSII1s;Lexar Secure II; C:\Windows\system32\LxrSII1s.exe [2009-12-30 65536]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 NvcSvcMgr;Nortel VPN Client; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2009-10-05 615704]
R2 PenCommService;Livescribe Pulse Smartpen Service; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-05-19 468992]
R2 Pharos Systems ComTaskMaster;Pharos Systems ComTaskMaster; C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe [2008-05-16 290816]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R3 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-10-09 934760]
R3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-06-16 73728]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-12-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-08 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2011-10-31 19:45:36

======Uninstall list======

-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Acoustica Effects Pack-->C:\PROGRA~2\ACOUST~2\UNWISE.EXE C:\PROGRA~2\ACOUST~2\INSTALL.LOG
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader X (10.1.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{5A22D889-FBDD-4AE8-86EC-089D45FC133E}\SETUP.EXE -runfromtemp -l0x0409
AoA Audio Extractor-->"C:\Program Files (x86)\AoA Audio Extractor\unins000.exe"
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ASUS AI Recovery-->MsiExec.exe /I{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}
ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
ASUS Data Security Manager-->MsiExec.exe /X{FA2092C5-7979-412D-A962-6485274AE1EE}
ASUS FancyStart-->MsiExec.exe /I{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\setup.exe" -l0x9
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
Atheros Client Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly
ATK Generic Function Service-->C:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
Audacity 1.3.10 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe"
Auslogics Registry Cleaner-->"C:\Program Files (x86)\Auslogics\Auslogics Registry Cleaner\unins000.exe"
Avira Antivirus Premium 2012-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
AVS Update Manager 1.0-->"C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files (x86)\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bing Bar Platform-->MsiExec.exe /I{623B8278-8CAD-45C1-B844-58B687C07805}
Bing Bar-->C:\Program Files (x86)\Bing Bar Installer\InstallManager.exe /UNINSTALL
Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}
BlackBerry Desktop Software 6.1-->MsiExec.exe /i{75157F34-02C6-4831-BD66-3BC49E7A8394}
BlackBerry Desktop Software 6.1-->MsiExec.exe /I{75157F34-02C6-4831-BD66-3BC49E7A8394}
Bradford Persistent Agent-->MsiExec.exe /X{2A7FA717-F5B9-4303-9866-F1C16F90482E}
Brother HL-2140-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BB5F576B-5ED5-4007-B531-F81A8E658AFE}\setup.exe" -l0x9 -removeonly /uninst
CinemaNow Media Manager-->MsiExec.exe /X{6C122441-1861-4CD7-B1C5-A163A6984E12}
ControlDeck-->MsiExec.exe /I{5B65EF64-1DFA-414A-8C94-7BB726158E21}
ConvertXtoDVD 4.0.5.315-->"C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe"
Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
Crystal Reports for Visual Studio-->MsiExec.exe /I{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Digital Voice Editor 3-->C:\Program Files (x86)\InstallShield Installation Information\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}\setup.exe -runfromtemp -l0x0009 UNINSTALL /z -removeonly
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dotfuscator Software Services - Community Edition-->MsiExec.exe /X{1AA5BD63-6614-44B2-88A7-605191EDB835}
DVD Decrypter (Remove Only)-->"C:\Program Files (x86)\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
ffdshow [rev 2527] [2008-12-19]-->"C:\Windows\SysWOW64\unins000.exe"
Free YouTube to MP3 Converter version 3.9.35.324-->"C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Google Earth Plug-in-->MsiExec.exe /X{98780400-EC17-11E0-96CF-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HD Tune Pro 4.60-->"C:\Program Files (x86)\HD Tune Pro\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2522890)-->c:\Windows\SysWOW64\msiexec.exe /package {D6B15AE6-B052-363E-B6BB-C4714CBA6509} /uninstall {32DC3D84-B359-3558-9CFF-7EA74EB7F0E3} /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)-->c:\Windows\SysWOW64\msiexec.exe /package {D6B15AE6-B052-363E-B6BB-C4714CBA6509} /uninstall {90A659B3-6BB5-3E0D-ACE4-D72FF8D54783} /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)-->c:\Windows\SysWOW64\msiexec.exe /package {D6B15AE6-B052-363E-B6BB-C4714CBA6509} /uninstall {3EE9D984-E7A6-30B9-8FF5-A1FE2242440A} /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)-->c:\Windows\SysWOW64\msiexec.exe /package {D6B15AE6-B052-363E-B6BB-C4714CBA6509} /uninstall {40BA5965-82C8-3220-BAFA-B247A761053C} /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)-->c:\Windows\SysWOW64\msiexec.exe /package {D6B15AE6-B052-363E-B6BB-C4714CBA6509} /uninstall {FB360275-493B-3BFB-B6EC-79FDB4EB05E2} /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)-->C:\Windows\SysWOW64\msiexec.exe /package {2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)-->C:\Windows\SysWOW64\msiexec.exe /package {81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB} /uninstall /qb+ REBOOTPROMPT=&quot;&quot;
Hoyle Puzzle and Board Games 2011 (remove only)-->"C:\Program Files (x86)\Encore\Hoyle Puzzle and Board Games 2011\Uninstall.exe"
HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Java™ 6 Update 27-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
JDownloader-->C:\Program Files (x86)\JDownloader\uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KeyNote 1.6.5-->"C:\Program Files (x86)\KeyNote\unins000.exe"
Knoll Light Factory EZ Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 14\Plugins\RTFx\klfezstudio.log
LAME v3.98.2 for Audacity-->"C:\Program Files (x86)\Lame for Audacity\unins000.exe"
LightScribe System Software-->MsiExec.exe /X{07E49BC1-24FF-4D7A-AC74-727BE95801AF}
Livescribe Connect-->msiexec /qb /x {7DD13BB4-8F1A-7648-C0FC-CFF679B9297A}
Livescribe Connect-->MsiExec.exe /I{7DD13BB4-8F1A-7648-C0FC-CFF679B9297A}
Livescribe Desktop-->"C:\Program Files (x86)\Livescribe\uninstall.exe" "/U:C:\Program Files (x86)\Livescribe\Uninstall\uninstall.xml"
Magic Bullet Looks Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 14\Plugins\RTFx\mblooksstudio.log
Magic ISO Maker v5.5 (build 0281)-->C:\PROGRA~2\MagicISO\UNWISE.EXE C:\PROGRA~2\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware version 1.51.2.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.6.55 (remove only)-->"C:\Program Files (x86)\ManyCam\uninstall.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools-->MsiExec.exe /X{40416836-56CC-4C0E-A6AF-5C34BADCE483}
Microsoft ASP.NET MVC 2-->MsiExec.exe /X{1803A630-3C38-4D2B-9B9A-0CB37243539C}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight 3 SDK-->MsiExec.exe /X{2012098D-EEE9-4769-8DD3-B038050854D4}
Microsoft Silverlight 4 SDK-->MsiExec.exe /X{05855322-BE43-41FE-B583-D3AE0C326D58}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Database Publishing Wizard 1.4-->MsiExec.exe /I{ACE28263-76A4-4BF5-B6F4-8BD719595969}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{877B76B2-F83F-4F5A-B28D-3F398641ADB6}
Microsoft Sync Framework SDK v1.0 SP1-->MsiExec.exe /I{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219-->MsiExec.exe /X{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
Microsoft Visual F# 2.0 Runtime-->MsiExec.exe /X{85467CBC-7A39-33C9-8940-D72D9269B84F}
Microsoft Visual Studio 2010 Professional - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual Studio 2010 Professional - ENU\setup.exe
Microsoft Visual Studio 2010 Service Pack 1-->C:\ProgramData\VS\vs10sp1\SetupCache\Setup.exe
Microsoft Visual Studio 2010 Service Pack 1-->MsiExec.exe /X{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}
Microsoft Visual Studio Macro Tools-->msiexec.exe /uninstall {6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}
Microsoft Visual Studio Macro Tools-->MsiExec.exe /X{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}
Mozilla Firefox 7.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (7.0.1)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 7 Ultra Edition-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
Password Unlocker Bundle 6.0.0.6-->"C:\Program Files (x86)\Password Unlocker Bundle\unins000.exe"
Pharos-->C:\PROGRA~2\Pharos\bin\Local.EXE
Pinnacle Studio 14-->MsiExec.exe /I{AADD1C8F-D59F-4D55-A726-768C71A205A8}
Pinnacle Studio Ultimate Collection Plugins-->MsiExec.exe /I{F5C372A1-40F3-49DA-A049-F75CDE9177DC}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Red Giant ToonIt Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 14\Plugins\RTFx\rgtoonitstudio.log
SBP2 Filter-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2995259E-05BE-4C9A-B58E-B9491B878CB2}\Setup.exe" -l0x9
Secure Download Manager-->MsiExec.exe /I{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
SmartSound Common Data-->"C:\Program Files (x86)\InstallShield Installation Information\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Common Data-->MsiExec.exe /I{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}
SmartSound Quicktracks 5-->"C:\Program Files (x86)\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TomTom HOME 2.8.2.2264-->C:\Program Files (x86)\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TransMac version 8.1-->"C:\Program Files (x86)\TransMac\unins000.exe"
Trapcode 3DStroke Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 14\Plugins\RTFx\tc3dstrokestudio.log
Trapcode Particular Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 14\Plugins\RTFx\tcparticularstudio.log
Trapcode Shine Studio-->C:\Windows\unvise32.exe C:\Program Files (x86)\Pinnacle\Studio 14\Plugins\RTFx\tcshinestudio.log
Turbo Lister 2-->MsiExec.exe /X{8927E07C-97F7-4A54-88FB-D976F50DD46E}
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}
WCF RIA Services V1.0 SP1-->MsiExec.exe /X{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
Winrar 3.93-->C:\Program Files (x86)\Winrar\Uninstall.exe
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
XPort 360-->"C:\Program Files (x86)\Datel\XPort 360\unins000.exe"

======System event log======

Computer Name: ChrisReaper-PC
Event Code: 14365
Message: Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
Record Number: 173473
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20110524232513.000000-000
Event Type: Error
User:

Computer Name: ChrisReaper-PC
Event Code: 14365
Message: Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
Record Number: 173470
Source Name: Microsoft-Windows-WMPNSS-Service
Time Written: 20110524232211.000000-000
Event Type: Error
User:

Computer Name: ChrisReaper-PC
Event Code: 34001
Message: The ICS_IPV6 failed to configure IPv6 stack.
Record Number: 173469
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20110524232129.000000-000
Event Type: Error
User:

Computer Name: ChrisReaper-PC
Event Code: 34005
Message: The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 173467
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20110524231948.000000-000
Event Type: Warning
User:

Computer Name: ChrisReaper-PC
Event Code: 34005
Message: The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 173466
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20110524231921.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: ChrisReaper-PC
Event Code: 33
Message: Activation context generation failed for "C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 1348
Source Name: SideBySide
Time Written: 20091121200904.000000-000
Event Type: Error
User:

Computer Name: ChrisReaper-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
8 user registry handles leaked from \Registry\User\S-1-5-21-1043806178-727526901-2694514658-1000:
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1820 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1380 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Record Number: 1298
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091121192925.137943-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ChrisReaper-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
9 user registry handles leaked from \Registry\User\S-1-5-21-1043806178-727526901-2694514658-1000:
Process 1868 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1868 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1344 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

Record Number: 950
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091121191146.079432-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ChrisReaper-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-1043806178-727526901-2694514658-1000:
Process 480 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1528 (\Device\HarddiskVolume2\Windows\SysWOW64\Fast Boot\FastBootAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1232 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 1232 (\Device\HarddiskVolume2\Windows\System32\FBAgent.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000
Process 4252 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-1043806178-727526901-2694514658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer

Record Number: 899
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091121175425.445744-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: ChrisReaper-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 833
Source Name: Microsoft-Windows-Search
Time Written: 20091121172651.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: ChrisReaper-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-1043806178-727526901-2694514658-1000
Account Name: Chris Reaper
Account Domain: ChrisReaper-PC
Logon ID: 0x3d5322
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: OWNER-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Owner-PC
Additional Information: Owner-PC

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2373902
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111028025356.812916-000
Event Type: Audit Success
User:

Computer Name: ChrisReaper-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-1043806178-727526901-2694514658-1000
Account Name: Chris Reaper
Account Domain: ChrisReaper-PC
Logon ID: 0x3d5322
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: OWNER-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Owner-PC
Additional Information: Owner-PC

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2373901
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111028025312.981849-000
Event Type: Audit Success
User:

Computer Name: ChrisReaper-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-1043806178-727526901-2694514658-1000
Account Name: Chris Reaper
Account Domain: ChrisReaper-PC
Logon ID: 0x3d5322
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: OWNER-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Owner-PC
Additional Information: Owner-PC

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2373900
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111028025312.931849-000
Event Type: Audit Success
User:

Computer Name: ChrisReaper-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-1043806178-727526901-2694514658-1000
Account Name: Chris Reaper
Account Domain: ChrisReaper-PC
Logon ID: 0x3d5322
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: OWNER-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Owner-PC
Additional Information: Owner-PC

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2373899
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111028025312.891849-000
Event Type: Audit Success
User:

Computer Name: ChrisReaper-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-1043806178-727526901-2694514658-1000
Account Name: Chris Reaper
Account Domain: ChrisReaper-PC
Logon ID: 0x3d5322
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: HomeGroupUser$
Account Domain: OWNER-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: Owner-PC
Additional Information: Owner-PC

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 2373898
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111028025312.831849-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\DivX Shared;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files\TortoiseSVN\bin;C:\Program Files (x86)\Pinnacle\Shared Files;C:\Program Files (x86)\Pinnacle\Shared Files\Filter;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files\Microsoft Windows Performance Toolkit;C:\Program Files (x86)\PharosSystems\Core;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"configsetroot"=%SystemRoot%\ConfigSetRoot
"asl.log"=Destination=file;OnFirstLog=command,environment
"VS100COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
  • 0

#22
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Sorry for the lateness, had a lousy cold, and fell to sleep early most nights :)

No excuse, but after drinking plenty of milk, honey and rum drinks, I'm right as rain again :yes:

Okay, there are some file associations I want to triple-check on, so if you can do this after the following, that would be great:

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

-----------------------------------

Go to AddRemove Programs via the Control Panel, and uninstall these:

Java™ 6 Update 27
Java™ 6 Update 26
JDownloader



Then, please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Now, go here and download the latest Java Version.


----

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :file
    C:\Program Files (x86)\Brownie\BrstsW64.exe
    C:\Windows\system32\DRIVERS\L1E62x64.sys
    C:\Windows\system32\DRIVERS\MarvinBus64.sys
    C:\Windows\system32\DRIVERS\ATK64AMD.sys
    c:\windows\system32\PSRA069F.DLL
    c:\windows\SysWow64\MadCHook.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt


------------

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • c:\windows\SysWow64\MadCHook.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Also, do the same for this one:

c:\windows\system32\PSRA069F.DLL




eddie
  • 0

#23
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
VirSCAN.org Scanned Report :
Scanned time : 2011/11/04 17:57:35 (EDT)
Scanner results: Scanners did not find malware!
File Name : MadCHook.dll
File Size : 109568 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 969f1451d1505bc53561d34fdd969eab
SHA1 : f758b493af0d1a26a3bab71fec04d3a564a7ee1d
Online report : http://r.virscan.org...e41c67a8411e6ff

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111105050141 2011-11-05 0.48 -
AhnLab V3 2011.11.04.03 2011.11.04 2011-11-04 3.04 -
AntiVir 8.2.6.104 7.11.17.18 2011-11-04 0.29 -
Antiy 2.0.18 20111105.13756800 2011-11-05 0.02 -
Arcavir 2011 201111041901 2011-11-04 2.82 -
Authentium 5.1.1 201111041028 2011-11-04 1.44 -
AVAST! 4.7.4 111104-1 2011-11-04 0.02 -
AVG 8.5.850 271.1.1/3941 2011-10-06 0.30 -
BitDefender 7.90123.9381054 7.39753 2011-11-05 4.64 -
ClamAV 0.97.1 13889 2011-11-04 0.03 -
Comodo 5.1 10665 2011-11-04 2.12 -
CP Secure 1.3.0.5 2011.11.03 2011-11-03 0.06 -
Dr.Web 5.0.2.3300 2011.11.05 2011-11-05 15.47 -
F-Prot 4.6.2.117 20111104 2011-11-04 0.84 -
F-Secure 7.02.73807 2011.11.04.05 2011-11-04 0.21 -
Fortinet 4.2.257 14.312 2011-11-03 0.17 -
GData 22.2679 20111105 2011-11-05 6.08 -
ViRobot 20111104 2011.11.04 2011-11-04 0.38 -
Ikarus T3.1.32.20.0 2011.11.04.79724 2011-11-04 4.84 -
JiangMin 13.0.900 2011.11.04 2011-11-04 1.84 -
Kaspersky 5.5.10 2011.11.04 2011-11-04 0.10 -
KingSoft 2009.2.5.15 2011.11.4.9 2011-11-04 0.87 -
McAfee 5400.1158 6520 2011-11-04 10.86 -
Microsoft 1.7801 2011.11.04 2011-11-04 3.98 -
NOD32 3.0.21 6584 2011-10-28 0.03 -
Norman 6.07.11 6.07.00 2011-09-17 20.02 -
Panda 9.05.01 2011.11.04 2011-11-04 4.76 -
Trend Micro 9.500-1005 8.548.02 2011-11-04 0.04 -
Quick Heal 11.00 2011.11.04 2011-11-04 1.23 -
Rising 20.0 23.82.04.03 2011-11-04 2.14 -
Sophos 3.24.4 4.70 2011-11-05 4.62 -
Sunbelt 3.9.2515.2 10964 2011-11-04 0.83 -
Symantec 1.3.0.24 20111104.002 2011-11-04 0.05 -
nProtect 20111104.01 13131081 2011-11-04 1.27 -
The Hacker 6.7.0.1 v00338 2011-11-04 0.51 -
VBA32 3.12.16.4 20111104.0723 2011-11-04 5.21 -
VirusBuster 5.4.0.10 14.1.46.0/6612390 2011-11-05 0.46 -



For the second one, it said file not found.

Attached Files


  • 0

#24
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Thanks :)

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\Chris Reaper\AppData\Roaming\Mozilla\FireFox\Profiles\n5hn24af.default\prefs.js
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
YN -> extensions.enabledItems -> [email protected]:3.3.3.2
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
YN -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
< FireFox Extensions [User Folders] > -> 
YY -> ~EmptyValue -> C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [DAEMON Tools Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "Locked" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
YN -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8CE646EE
NY -> @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

eddie
  • 0

#25
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
[Registry - Safe List]
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\lib folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected] folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\Contains\Files\ not found.
not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
[Files/Folders - Created Within 30 Days]
C:\Windows\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 Days]
[Alternate Data Streams]
ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.1.46.0 fix logfile created on 11082011_184235
  • 0

Advertisements


#26
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


---------------

Also, after doing the above, can you delete the copy of OTL that you have, and download a fresh copy as follows. One log may only appear:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Attached Files


  • 0

#27
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
OTL logfile created on: 11/10/2011 8:37:01 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris Reaper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 33.64% Memory free
7.93 Gb Paging File | 5.12 Gb Available in Paging File | 64.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 103.16 Gb Free Space | 36.39% Space Free | Partition Type: NTFS

Computer Name: CHRISREAPER-PC | User Name: Chris Reaper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 20:36:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Reaper\Desktop\OTL.exe
PRC - [2011/11/08 20:34:09 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/11/08 20:33:59 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 08:29:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 08:29:05 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 08:28:56 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/10/11 08:28:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/11 08:28:53 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/08/31 16:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/19 19:04:08 | 000,468,992 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/07 21:11:40 | 003,079,960 | ---- | M] (Bradford Networks) -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
PRC - [2009/12/30 12:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) -- C:\Windows\SysWOW64\LxrSII1s.exe
PRC - [2009/10/05 08:19:46 | 000,615,704 | ---- | M] (Nortel Networks) -- C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
PRC - [2009/10/04 22:59:16 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/07/23 19:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
PRC - [2009/07/22 19:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/16 12:07:54 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/24 14:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/06/11 17:13:40 | 000,158,584 | ---- | M] () -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
PRC - [2009/06/11 17:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/06/11 17:13:30 | 002,088,296 | ---- | M] (CinemaNow Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
PRC - [2009/05/18 17:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/10/17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/08 20:34:11 | 001,988,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2011/11/08 20:34:11 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011/11/08 20:34:11 | 000,021,656 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011/11/08 20:33:59 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/14 08:13:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 08:12:34 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/14 08:11:59 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/14 08:11:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/14 08:11:30 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 08:11:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/22 19:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/06/11 17:13:40 | 000,158,584 | ---- | M] () -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
MOD - [2007/06/15 12:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 19:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/07 12:47:14 | 002,663,568 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/15 15:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 02:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/10/11 08:29:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 08:29:05 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 08:28:56 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/10/11 08:28:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 16:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/19 19:04:08 | 000,468,992 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/07 21:11:40 | 003,079,960 | ---- | M] (Bradford Networks) [Auto | Running] -- C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe -- (BNPagent)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/30 12:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\LxrSII1s.exe -- (LxrSII1s)
SRV - [2009/10/05 08:19:46 | 000,615,704 | ---- | M] (Nortel Networks) [Auto | Running] -- C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe -- (NvcSvcMgr)
SRV - [2009/07/23 19:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/11 17:13:40 | 000,127,352 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007/03/06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/11 08:29:53 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/11 08:29:52 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/10/11 08:29:52 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/08/31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/19 19:04:40 | 000,026,112 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PulseUsb.sys -- (PulseUsb)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/12/30 09:32:04 | 000,063,064 | ---- | M] (Lexar Media, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV:64bit: - [2009/11/22 02:21:47 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/23 10:04:24 | 000,329,728 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2009/10/22 07:49:28 | 000,057,344 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2009/10/22 07:46:22 | 000,240,128 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2009/10/21 11:58:14 | 000,031,744 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2009/10/21 07:42:38 | 000,126,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2009/10/20 09:51:28 | 000,025,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2009/10/05 08:19:48 | 000,077,832 | ---- | M] (Nortel Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nvcwfpco.sys -- (nvcwfpco)
DRV:64bit: - [2009/10/05 08:19:43 | 000,044,040 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntnvca.sys -- (NT_NvcA)
DRV:64bit: - [2009/10/04 22:59:10 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/23 05:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/13 07:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/25 14:23:56 | 000,047,616 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2009/07/20 04:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/09 03:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/08 22:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/18 14:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 05:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 08:32:37 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/20 03:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/20 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 20:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/06/27 10:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/03/13 02:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/07/24 13:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6760
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {258735dc-6743-4805-95fc-f95941fffdad}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://slirsredirect...b-en-us&query="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.0.1802959\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Chris Reaper\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/05/01 20:07:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/05/01 20:07:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 20:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/09 07:55:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/28 12:53:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/10/28 12:53:58 | 000,000,000 | ---D | M]

[2011/02/04 15:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Extensions
[2010/01/19 22:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/02/04 15:07:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Extensions\[email protected]
[2009/11/28 19:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/08 18:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions
[2010/01/25 21:31:21 | 000,000,000 | ---D | M] (Flash Game Maximizer) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{258735dc-6743-4805-95fc-f95941fffdad}
[2010/01/01 12:14:12 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2011/10/04 09:45:49 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/07/10 05:52:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/14 20:03:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/07 17:46:53 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/10/11 11:49:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/12/09 14:41:21 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/11/04 20:32:04 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\extensions\[email protected]
[2009/12/14 19:37:07 | 000,004,554 | ---- | M] () -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\searchplugins\aim-search.xml
[2011/02/08 22:36:43 | 000,002,059 | ---- | M] () -- C:\Users\Chris Reaper\AppData\Roaming\Mozilla\Firefox\Profiles\n5hn24af.default\searchplugins\daemon-search.xml
[2011/11/09 07:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/14 23:13:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/04 17:04:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\CHRIS REAPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5HN24AF.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\CHRIS REAPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5HN24AF.DEFAULT\EXTENSIONS\{9BAE5926-8513-417D-8E47-774955A7C60D}.XPI
() (No name found) -- C:\USERS\CHRIS REAPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5HN24AF.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\CHRIS REAPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5HN24AF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CHRIS REAPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5HN24AF.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 20:33:59 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/04 17:04:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/02 10:02:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 20:34:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/10/16 18:57:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res:///105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - res:///105 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.8.1.231 10.8.1.237
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECA166F0-A4A0-4C34-B335-E573B8A0C591}: DhcpNameServer = 10.8.1.231 10.8.1.237
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) -C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 20:36:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Reaper\Desktop\OTL.exe
[2011/11/10 20:35:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/10 18:25:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/10 18:23:43 | 004,289,249 | R--- | C] (Swearware) -- C:\Users\Chris Reaper\Desktop\ComboFix.exe
[2011/11/09 08:49:41 | 000,000,000 | ---D | C] -- C:\Users\Chris Reaper\AppData\Local\ElevatedDiagnostics
[2011/11/08 18:42:35 | 000,000,000 | ---D | C] -- C:\_OTS
[2011/11/04 17:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/04 16:08:18 | 000,646,144 | ---- | C] (OldTimer Tools) -- C:\Users\Chris Reaper\Desktop\OTS.exe
[2011/11/01 20:16:09 | 000,000,000 | ---D | C] -- C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoft
[2011/10/31 18:44:49 | 000,000,000 | ---D | C] -- C:\rsit
[2011/10/31 06:52:59 | 000,041,200 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2011/10/28 17:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2011/10/28 17:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2011/10/28 17:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2011/10/28 12:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/28 12:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/16 18:37:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/16 18:37:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/16 18:37:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/16 18:37:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/16 18:37:22 | 000,000,000 | ---D | C] -- C:\username123
[2011/10/16 18:36:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/15 08:16:46 | 000,000,000 | ---D | C] -- C:\Users\Chris Reaper\AppData\Local\Apps
[2011/10/13 07:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/13 07:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/13 07:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/13 07:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/13 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/13 07:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2009/11/22 02:21:47 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Chris Reaper\AppData\Roaming\pcouffin.sys
[2008/08/11 23:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2011/11/10 20:36:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Reaper\Desktop\OTL.exe
[2011/11/10 19:47:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 18:24:03 | 004,289,249 | R--- | M] (Swearware) -- C:\Users\Chris Reaper\Desktop\ComboFix.exe
[2011/11/10 17:47:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 13:13:21 | 000,786,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/10 13:13:21 | 000,665,562 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/10 13:13:21 | 000,123,298 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/09 09:32:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 09:32:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 09:25:07 | 000,000,425 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/11/09 09:24:19 | 000,000,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/11/09 09:22:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/09 09:22:21 | 3193,765,888 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/09 07:59:04 | 004,630,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/08 20:37:19 | 000,002,112 | ---- | M] () -- C:\Users\Chris Reaper\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/06 22:21:07 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/04 16:56:06 | 000,165,376 | ---- | M] () -- C:\Users\Chris Reaper\Desktop\SystemLook_x64.exe
[2011/11/04 16:08:35 | 000,646,144 | ---- | M] (OldTimer Tools) -- C:\Users\Chris Reaper\Desktop\OTS.exe
[2011/10/31 18:44:16 | 000,781,383 | ---- | M] () -- C:\Users\Chris Reaper\Desktop\RSIT.exe
[2011/10/16 18:57:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/16 09:15:21 | 000,002,133 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/10/16 09:15:11 | 000,002,946 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/10/14 22:56:57 | 000,001,095 | ---- | M] () -- C:\Users\Chris Reaper\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/10/14 22:56:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 07:34:42 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2011/11/09 07:55:45 | 004,630,232 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/04 16:56:05 | 000,165,376 | ---- | C] () -- C:\Users\Chris Reaper\Desktop\SystemLook_x64.exe
[2011/10/31 18:44:09 | 000,781,383 | ---- | C] () -- C:\Users\Chris Reaper\Desktop\RSIT.exe
[2011/10/16 18:37:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/16 18:37:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/16 18:37:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/16 18:37:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/16 18:37:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/13 07:34:42 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 11:54:43 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011/10/11 11:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/10/11 11:54:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011/10/11 11:54:40 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2140.INI
[2011/10/11 11:53:19 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/11 11:53:19 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/10/11 11:52:48 | 000,000,425 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/10/08 08:06:13 | 000,816,556 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/05 16:30:16 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2011/05/05 16:10:11 | 000,010,600 | R--- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/05/05 16:10:10 | 000,124,264 | R--- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/05/05 16:10:10 | 000,081,920 | R--- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/01/09 19:19:38 | 000,013,384 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Local\Temp10.html
[2011/01/09 19:19:32 | 000,001,667 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Local\Temp1.html
[2010/10/04 20:30:30 | 000,024,064 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/25 20:50:59 | 000,000,088 | RHS- | C] () -- C:\ProgramData\F3AE7F81BB.sys
[2010/07/25 20:50:58 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/31 09:58:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/08 19:49:05 | 000,000,092 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Roaming\RSBot Accounts.ini
[2010/04/21 17:14:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/04/21 17:14:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/04/21 17:14:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/18 19:57:19 | 000,000,019 | ---- | C] () -- C:\Windows\rrver.ini
[2010/02/20 14:59:28 | 000,800,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/08 06:33:04 | 000,359,320 | ---- | C] () -- C:\Windows\SysWow64\vfprintpthelper.dll
[2010/01/07 18:27:59 | 000,000,158 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Roaming\default.rss
[2010/01/07 18:27:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/14 19:27:50 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009/12/14 19:25:38 | 000,695,901 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2009/12/14 19:25:38 | 000,034,333 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2009/12/08 17:17:31 | 000,000,017 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Local\resmon.resmoncfg
[2009/12/06 16:42:40 | 000,089,088 | ---- | C] () -- C:\Windows\SysWow64\NWKL2_64.DLL
[2009/12/06 16:42:40 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\KL2DLL64.DLL
[2009/12/06 16:42:40 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\ppmon.exe
[2009/11/24 10:52:38 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2009/11/22 02:21:47 | 000,007,859 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Roaming\pcouffin.cat
[2009/11/22 02:21:47 | 000,001,167 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Roaming\pcouffin.inf
[2009/11/21 14:51:01 | 000,000,000 | ---- | C] () -- C:\Users\Chris Reaper\AppData\Roaming\wklnhst.dat
[2009/11/21 12:58:30 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
[2009/10/04 22:59:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2009/08/19 03:33:09 | 000,018,432 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
[2009/08/19 03:33:09 | 000,000,031 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
[2009/07/29 00:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/28 02:34:11 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/08 12:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2009/04/08 02:52:24 | 004,338,246 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2009/04/08 02:52:24 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2009/04/08 02:52:24 | 000,791,742 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/08 02:52:24 | 000,741,376 | ---- | C] () -- C:\Windows\SysWow64\audxlib.dll
[2009/04/08 02:52:24 | 000,683,520 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2009/04/08 02:52:24 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/04/08 02:52:24 | 000,485,888 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2009/04/08 02:52:24 | 000,257,024 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2009/04/08 02:52:24 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2009/04/08 02:52:24 | 000,238,080 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/04/08 02:52:24 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2009/04/08 02:52:24 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2009/04/08 02:52:24 | 000,146,944 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll
[2009/04/08 02:52:24 | 000,145,609 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/04/08 02:52:24 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2009/04/08 02:52:24 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2009/04/08 02:52:24 | 000,097,280 | ---- | C] () -- C:\Windows\SysWow64\ff_realaac.dll
[2009/04/08 02:52:24 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2009/04/08 02:52:24 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2006/05/18 22:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== LOP Check ==========

[2009/12/14 19:32:02 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\acccore
[2010/03/13 18:23:55 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Acoustica
[2010/01/02 14:12:39 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\AnvSoft
[2011/05/16 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Audacity
[2009/11/22 14:19:14 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Auslogics
[2009/11/23 04:03:42 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Canneverbe_Limited
[2009/11/22 04:09:03 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\com.adobe.ExMan
[2011/06/11 21:50:11 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\com.livescribe.LivescribeConnect
[2011/02/07 17:26:24 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\DAEMON Tools
[2011/10/03 19:47:01 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\DAEMON Tools Lite
[2011/07/24 02:57:10 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Datel
[2010/02/14 12:16:04 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\DeviceDoctorSoftware
[2011/11/01 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoft
[2011/03/24 22:58:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/22 20:51:40 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\e-academy Inc
[2010/11/10 17:58:36 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\FMZilla
[2009/12/20 11:08:24 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Foxit
[2011/01/15 16:28:34 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Foxit Software
[2011/06/06 11:09:59 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\FrostWire
[2010/06/05 23:04:03 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\GameTuts
[2011/07/31 07:06:45 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\go
[2010/02/17 18:01:12 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\HandBrake
[2011/04/03 17:39:58 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\HB Studios
[2011/01/16 12:01:30 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\HD Tune Pro
[2011/01/14 23:54:33 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Hoyle FaceCreator
[2011/08/01 23:14:53 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Hoyle Puzzle and Board Games
[2010/02/28 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Mael
[2011/08/06 22:39:47 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\ManyCam
[2011/11/08 08:54:17 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Notepad++
[2011/10/02 21:10:43 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\OpenCandy
[2011/03/11 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Orbit
[2011/10/02 21:43:32 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\PrimoPDF
[2011/03/11 01:35:27 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\ProgSense
[2011/01/31 00:04:57 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Research In Motion
[2010/06/09 05:53:22 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Subversion
[2009/11/21 14:51:13 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Template
[2011/11/03 12:41:37 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Thinstall
[2010/01/19 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Thunderbird
[2011/02/04 15:07:17 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\TomTom
[2010/12/12 20:52:40 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Ulead Systems
[2011/07/31 19:44:44 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Vso
[2009/11/23 04:30:18 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Windows Live Writer
[2010/01/07 17:39:37 | 000,000,000 | ---D | M] -- C:\Users\Chris Reaper\AppData\Roaming\Xilisoft Corporation
[2011/09/19 16:59:03 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




There was no extras file

Attached Files


  • 0

#28
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    :Files
    ipconfig /flushdns /c 
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply

eddie
  • 0

#29
Slayer21

Slayer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 198 posts
It keeps stopping saying that it cannot create hosts
  • 0

#30
eddie5659

eddie5659

    Trusted Helper

  • Malware Removal
  • 1,980 posts
  • MVP
Go here:

http://www.bleepingc...opic114351.html

And disable Avira AntiVir, and then run the fix again, as it may be blocking access to the hosts file.

Re-enable once its done :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP