Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer running very slow, can't use system restore

Started by keegen , Apr 28 2011 01:16 PM

  • This topic is locked This topic is locked

#1
keegen
Posted 28 April 2011 - 01:16 PM

keegen

    Member

  • Member
  • PipPip
  • 58 posts
Hello,
My computer has been running VERY slow for several days now. Something had disabled my Norton 360 and would not let me turn it back on. After uninstalling and reinstalling it several times and updating to the newest version, I've now got Norton running again but I suspect there is a bug at work here. As I said, the system is very slow. Takes forever to do anything and System Restore is unusable. When I try to run SR, I get an error message that says "System restore does not appear to be functioning correctly on this system. A Volume Shadow Copy Service component encountered an unexpected error.", and I am not able to turn it off or on. Hope you are able to find something in my OTL log. Thanks in advance for the help.

OTL logfile created on: 4/28/2011 12:03:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 150.65 Gb Free Space | 32.35% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 12:03:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
PRC - [2011/04/25 20:54:42 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/04/22 15:22:15 | 000,136,336 | ---- | M] (RockMelt Inc.) -- C:\Users\Kevin\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
PRC - [2011/04/20 12:18:49 | 001,339,720 | ---- | M] (RockMelt, Inc.) -- C:\Users\Kevin\AppData\Local\RockMelt\Application\rockmelt.exe
PRC - [2011/04/13 14:09:48 | 025,331,552 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2011/03/17 13:17:58 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/25 13:26:15 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/12/14 17:12:12 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.0.2.1\ccSvcHst.exe
PRC - [2010/11/17 21:41:55 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [1999/12/31 17:00:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 12:03:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/04/25 20:54:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/30 12:51:50 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/17 13:17:58 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/23 18:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.0.2.1\ccSvcHst.exe -- (N360)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/13 08:37:06 | 000,164,352 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [1999/12/31 17:00:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/28 11:58:35 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011/04/27 23:09:55 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/30 21:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0500020.001\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/22 20:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 20:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/17 18:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 18:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/20 20:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/26 21:16:33 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/08/25 13:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/17 09:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [1999/12/31 17:00:00 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV - [2011/04/27 01:00:00 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110427.036\EX64.SYS -- (NAVEX15)
DRV - [2011/04/27 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/04/27 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/27 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110427.036\ENG64.SYS -- (NAVENG)
DRV - [2011/04/15 13:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110419.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110426.001\IDSviA64.sys -- (IDSVia64)
DRV - [2006/10/13 08:18:26 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 7D E2 8E DD FA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/04/27 23:15:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/04/27 23:09:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files (x86)\Flock\components [2011/04/21 10:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2011/04/21 19:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2011/04/21 10:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2011/04/21 19:23:57 | 000,000,000 | ---D | M]

[2011/01/17 12:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2010/04/28 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/17 12:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.0.2.1\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Wishpot Button) - {9E40F4A8-6896-4b67-91F5-F6F287ECB5D9} - C:\Program Files (x86)\Wishpot\ietb.dll (VONeS.NET)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Wishpot Button) - {7DAAFFD0-5A88-447d-96C6-E6CA06AF0758} - C:\Program Files (x86)\Wishpot\ietb.dll (VONeS.NET)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.0.2.1\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Alcmtr] File not found
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDCPL] File not found
O4:64bit: - HKLM..\Run: [SkyTel] File not found
O4:64bit: - HKLM..\Run: [SoundMan] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [ISUSPM] File not found
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Kevin\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dcfd0269-51b3-11df-ac3b-00044b033dfa}\Shell - "" = AutoRun
O33 - MountPoints2\{dcfd0269-51b3-11df-ac3b-00044b033dfa}\Shell\AutoRun\command - "" = F:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 09:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/04/28 09:41:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab
[2011/04/28 08:24:17 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/04/28 08:24:17 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/04/27 23:09:43 | 000,802,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymEFA64.sys
[2011/04/27 23:09:43 | 000,735,864 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtsp64.sys
[2011/04/27 23:09:43 | 000,450,608 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymDS64.sys
[2011/04/27 23:09:43 | 000,382,072 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500020.001\symnets.sys
[2011/04/27 23:09:43 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Ironx64.sys
[2011/04/27 23:09:43 | 000,040,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtspx64.sys
[2011/04/27 23:09:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0500020.001
[2011/04/27 21:05:21 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/04/27 21:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/27 21:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/27 21:04:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/04/27 21:04:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
[2011/04/27 21:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
[2011/04/26 20:53:04 | 000,000,000 | -HSD | C] -- C:\found.008
[2011/04/25 20:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/04/25 20:46:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/04/25 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
[2011/04/25 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Duplicate File Finder
[2011/04/25 20:22:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\SlimWare Utilities Inc
[2011/04/25 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2011/04/25 20:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2011/04/25 20:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installers
[2011/04/24 04:59:47 | 000,000,000 | -HSD | C] -- C:\found.007
[2011/04/23 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\FaxionOnline
[2011/04/23 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\player_client.exe
[2011/04/23 12:06:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\HeroEngine
[2011/04/22 22:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueGames
[2011/04/22 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt
[2011/04/22 13:41:19 | 000,000,000 | -HSD | C] -- C:\found.006
[2011/04/21 08:12:12 | 000,000,000 | -HSD | C] -- C:\found.005
[2011/04/18 09:31:04 | 000,000,000 | -HSD | C] -- C:\found.004
[2011/04/17 22:30:59 | 000,000,000 | -HSD | C] -- C:\found.003
[2011/04/12 10:09:51 | 000,000,000 | -HSD | C] -- C:\found.002
[2011/03/30 10:49:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\reakktor
[2011/03/30 10:48:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\Reakktor Media
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/28 12:06:09 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 12:06:09 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/28 11:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
[2011/04/28 11:58:47 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/04/28 11:58:35 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/04/28 11:58:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 11:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/28 11:58:05 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 11:47:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1004UA.job
[2011/04/28 11:27:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
[2011/04/28 11:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1003UA.job
[2011/04/28 11:16:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 09:22:56 | 001,593,054 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Cat.DB
[2011/04/28 07:59:04 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
[2011/04/27 23:14:23 | 000,001,305 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton Installation Files.lnk
[2011/04/27 23:13:51 | 000,002,553 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/27 23:09:55 | 000,174,640 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/04/27 23:09:55 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/04/27 23:09:55 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/04/27 19:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1003Core.job
[2011/04/25 20:22:08 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2011/04/23 16:59:58 | 387,340,470 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/23 15:47:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1004Core.job
[2011/04/23 15:27:06 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
[2011/04/22 22:45:05 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Faxion.lnk
[2011/04/22 17:03:02 | 000,007,605 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2011/04/22 15:28:49 | 000,002,227 | ---- | M] () -- C:\Users\Kevin\Desktop\RockMelt.lnk
[2011/04/21 19:24:00 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/21 16:20:00 | 001,033,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/21 16:20:00 | 000,255,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/21 16:20:00 | 000,006,604 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:19:54 | 000,006,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/21 08:30:26 | 000,001,358 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/17 00:49:28 | 000,441,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/13 10:27:08 | 000,000,162 | -H-- | M] () -- C:\Users\Public\Documents\~$sume AAA.rtf
[2011/04/12 11:50:29 | 000,052,146 | ---- | M] () -- C:\Users\Public\Documents\Kailynn Ingalls.rtf
[2011/04/12 11:50:29 | 000,000,162 | -H-- | M] () -- C:\Users\Public\Documents\~$ilynn Ingalls.rtf
[2011/04/12 11:45:58 | 000,052,116 | ---- | M] () -- C:\Users\Public\Documents\Resume AAA.rtf
[2011/04/11 11:53:13 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/04/11 11:53:13 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/06 16:16:57 | 000,000,450 | ---- | M] () -- C:\Users\Kevin\Desktop\CD Drive - Shortcut.lnk
[2011/04/05 11:47:10 | 000,013,181 | ---- | M] () -- C:\Users\Kevin\Documents\Bills.ods
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 09:12:49 | 000,006,614 | ---- | C] () -- C:\Windows\SysNative\nvnrm.nvu
[2011/04/27 23:13:19 | 001,593,054 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Cat.DB
[2011/04/27 23:09:35 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\iron.cat
[2011/04/27 23:09:35 | 000,007,462 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtspx64.cat
[2011/04/27 23:09:35 | 000,007,460 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymEFA64.cat
[2011/04/27 23:09:35 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\symnet64.cat
[2011/04/27 23:09:35 | 000,007,458 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtsp64.cat
[2011/04/27 23:09:35 | 000,007,454 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymDS64.cat
[2011/04/27 23:09:35 | 000,003,374 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymEFA.inf
[2011/04/27 23:09:35 | 000,002,792 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymDS.inf
[2011/04/27 23:09:35 | 000,001,446 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\SymNet.inf
[2011/04/27 23:09:35 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtsp64.inf
[2011/04/27 23:09:35 | 000,001,422 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\srtspx64.inf
[2011/04/27 23:09:35 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\Iron.inf
[2011/04/27 23:09:35 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0500020.001\isolate.ini
[2011/04/27 21:05:21 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/04/27 21:05:21 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/04/27 21:05:00 | 000,002,553 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/25 20:22:26 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/04/25 20:22:21 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/04/25 20:22:08 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2011/04/22 22:45:05 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Faxion.lnk
[2011/04/22 17:03:02 | 000,007,605 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2011/04/22 15:28:49 | 000,002,227 | ---- | C] () -- C:\Users\Kevin\Desktop\RockMelt.lnk
[2011/04/21 08:30:26 | 000,001,358 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/13 10:27:08 | 000,000,162 | -H-- | C] () -- C:\Users\Public\Documents\~$sume AAA.rtf
[2011/04/12 11:50:29 | 000,000,162 | -H-- | C] () -- C:\Users\Public\Documents\~$ilynn Ingalls.rtf
[2011/04/12 11:50:28 | 000,052,146 | ---- | C] () -- C:\Users\Public\Documents\Kailynn Ingalls.rtf
[2011/04/12 10:50:26 | 000,052,116 | ---- | C] () -- C:\Users\Public\Documents\Resume AAA.rtf
[2011/04/06 16:16:57 | 000,000,450 | ---- | C] () -- C:\Users\Kevin\Desktop\CD Drive - Shortcut.lnk
[2011/03/22 10:50:32 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/17 13:18:17 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/17 13:17:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/22 10:06:12 | 000,000,566 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/01 12:18:22 | 000,020,480 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 11:04:58 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\ustor.dll
[2010/07/20 11:04:58 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\DMAPI.dll
[2010/07/08 19:48:57 | 000,001,456 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/01 19:33:21 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2010/06/21 17:53:00 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/05/14 10:15:08 | 000,000,576 | ---- | C] () -- C:\Users\Kevin\AppData\Local\rx_image.Cache
[2010/05/14 10:15:05 | 000,016,864 | ---- | C] () -- C:\Users\Kevin\AppData\Local\rx_audio.Cache
[2010/04/28 16:03:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/27 09:50:18 | 000,006,604 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/17 19:57:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/16 18:25:34 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/05 14:59:14 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll

========== LOP Check ==========

[2010/09/11 11:56:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Astroburn Lite
[2010/06/08 15:18:19 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Audacity
[2010/12/04 12:26:37 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Catalina Marketing Corp
[2010/04/26 21:42:40 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools Lite
[2011/04/28 11:59:01 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Dropbox
[2010/08/24 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Expression Media 2
[2010/06/02 22:30:57 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Facebook
[2011/04/21 10:28:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Flock
[2010/05/01 23:31:49 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\GrabPro
[2010/12/18 00:18:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\HandBrake
[2010/05/04 15:10:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\IObit
[2010/11/15 21:08:55 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Leadertech
[2011/01/17 13:12:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NETGEAR Live Parental Controls
[2010/09/26 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\OpenOffice.org
[2011/04/28 11:09:39 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Orbit
[2010/12/29 16:48:13 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ProgSense
[2010/10/01 12:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Research In Motion
[2011/04/23 11:28:08 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\RIFT
[2011/04/28 09:41:28 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab
[2011/01/14 10:00:24 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Tific
[2010/05/02 08:50:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\TrueCrypt
[2010/07/01 19:35:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Turbine
[2011/04/28 12:08:36 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent
[2010/11/09 00:50:09 | 000,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Windows Live Writer
[2011/04/23 15:27:06 | 000,000,876 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
[2011/04/28 11:27:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
[2011/01/15 00:00:28 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(86).TXT
[2011/03/15 21:39:56 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/04/28 11:58:47 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Salagubang
Posted 03 May 2011 - 10:36 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi keenan,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Please post extras.txt when you ran OTL.

Also,

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#3
keegen
Posted 03 May 2011 - 11:59 PM

keegen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Thank you for your help. Below are the two reports you asked for. Also, I am now getting a notice from windows saying my windows 7 is not a genuine copy. I assume that may be related to my current issue.

OTL Extras logfile created on: 4/28/2011 12:03:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 150.65 Gb Free Space | 32.35% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 24
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SOSHOME309)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3891E1C9-8E9E-43E2-B009-6D008BCD7669}" = Microsoft Expression Blend 2
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58BBFEB0-C44B-46C2-9DA5-67AF231E3B5A}" = PowerArchiver 2010
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833995C-2FFD-4084-981A-001FF469146A}" = Microsoft Expression Encoder 2
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75139A83-2BC0-4531-B584-E4C123C0BC8C}" = MapCreate U.S.A Hunting w/ Topo 6.3
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}" = Microsoft Small Basic v0.9
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842CC0ED-FDC0-4FBF-8C09-2428BFE4FEE1}" = Microsoft Expression Media 2 SP2
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{88B743CB-F3E0-4456-AD08-40EE991EC28E}" = Microsoft Expression Studio 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAC10E1-97B4-433C-A12B-BEC2BB22D146}_is1" = FILERECOVERY Professional 2009
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_XWeb_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_XWeb_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_XWeb_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_XWeb_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2
"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_XWeb_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA5E022C-F4DB-46F4-9379-0F4397A90C23}" = Switched-On Schoolhouse 2009 - Home Edition Database
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 3.0.0.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2F3FB19-D848-479C-818E-130ABC9366DB}" = BlackBerry Device Software Updater
"{B80941B0-42C5-40D0-B190-EBD23323ED57}" = Switched-On Schoolhouse 2009 - Home Edition
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{bee1866a-fae0-4f5a-805c-d060a42d18ab}" = Nero 9 Lite
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3498122-091E-4999-9EBE-7513FE904F6A}" = Microsoft Expression Design 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDA75ACB-7090-4FB1-9709-B3ADB43E6D68}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3870ACA-B46E-43B7-AE31-D18659FD85F0}" = SlimDrivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ARGO" = ARGO Online
"Astroburn Lite" = Astroburn Lite
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"Blend_2.0.1523.0" = Microsoft Expression Blend 2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Design_5.0.1379.0" = Microsoft Expression Design 2
"Download Manager" = Download Manager 2.3.10
"EA Download Manager" = EA Download Manager
"Encoder_2.0.1406.0" = Microsoft Expression Encoder 2
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"FaxionBeta" = Faxion
"Guild Wars" = Guild Wars
"Handbrake" = Handbrake 0.9.4
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math 7 Teaching Textbook" = Math 7 Teaching Textbook
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Muvizu" = Muvizu
"N360" = Norton 360 Premier Edition
"NETGEAR Live Parental Controls Management Utility" = NETGEAR Live Parental Controls Management Utility 2.1.3
"NETGEAR Live Parental Controls User Utility" = NETGEAR Live Parental Controls User Utility 1.0b40
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Orbit_is1" = Orbit Downloader
"PatchBeam_is1" = PatchBeam v1.10
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Smart Defrag_is1" = Smart Defrag
"TrueCrypt" = TrueCrypt
"TurboTax 2010" = TurboTax 2010
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"WinLiveSuite" = Windows Live Essentials
"Wishpot Button for Internet Explorer_is1" = Wishpot Button for Internet Explorer
"XWeb" = Microsoft Expression Web 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"RockMelt" = RockMelt

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2011 8:55:47 PM | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: fbc Start Time:
01cbb5d82590e704 Termination Time: 13 Application Path: C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe

Report
Id: 7f45b845-21d4-11e0-a3a7-00044b033dfa

Error - 1/17/2011 4:12:03 PM | Computer Name = Kevin-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/18/2011 12:43:58 AM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d2acb28 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00038c19 Faulting process id:
0x3b4 Faulting application start time: 0x01cbb6b1477a2066 Faulting application path:
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 8fd7f98a-22bd-11e0-97cd-00044b033dfa

Error - 1/18/2011 6:50:57 PM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00038c19 Faulting process id:
0x1378 Faulting application start time: 0x01cbb75fbe55ce96 Faulting application path:
C:\Users\Debbie\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: 696bb911-2355-11e0-bbc6-00044b033dfa

Error - 1/19/2011 1:42:11 PM | Computer Name = Kevin-PC | Source = ESENT | ID = 467
Description = Windows (2040) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb:
Index System_Search_GatherTime0 of table SystemIndex_0A is corrupted (0).

Error - 1/19/2011 1:42:11 PM | Computer Name = Kevin-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 1/19/2011 1:42:11 PM | Computer Name = Kevin-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 1/20/2011 9:14:44 PM | Computer Name = Kevin-PC | Source = EventSystem | ID = 4621
Description =

Error - 1/21/2011 4:49:48 PM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d2fb91e Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00038c19 Faulting process id:
0x878 Faulting application start time: 0x01cbb9aa158b3d9c Faulting application path:
C:\Users\Kevin\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module
path: C:\Windows\SysWOW64\ntdll.dll Report Id: fc062708-259f-11e0-b8c4-00044b033dfa

Error - 1/23/2011 2:59:07 AM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: flock.exe, version: 1.9.0.3831, time stamp:
0x4c29072b Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp:
0x4ba9b29c Exception code: 0xc0000005 Fault offset: 0x00038c19 Faulting process id:
0x1130 Faulting application start time: 0x01cbbacae70a3b01 Faulting application path:
C:\Program Files (x86)\Flock\flock.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 44f4fa1d-26be-11e0-ba1b-00044b033dfa

[ Media Center Events ]
Error - 5/2/2010 5:41:11 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 2:40:35 PM - Error connecting to the internet. 2:40:35 PM - Unable
to contact server..

Error - 5/2/2010 6:44:22 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 3:44:17 PM - Error connecting to the internet. 3:44:17 PM - Unable
to contact server..

Error - 5/2/2010 7:46:32 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 4:46:23 PM - Error connecting to the internet. 4:46:23 PM - Unable
to contact server..

Error - 5/6/2010 5:47:37 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 2:46:58 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/17/2010 5:36:28 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 2:36:23 PM - Error connecting to the internet. 2:36:23 PM - Unable
to contact server..

Error - 5/21/2010 8:49:47 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 5:49:47 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 6/7/2010 5:26:09 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 2:26:04 PM - Failed to retrieve SportsSchedule (Error: Invalid security
token.)

Error - 6/30/2010 12:56:29 PM | Computer Name = Kevin-PC | Source = MCUpdate | ID = 0
Description = 9:56:29 AM - Error connecting to the internet. 9:56:29 AM - Unable
to contact server..

[ System Events ]
Error - 4/28/2011 2:59:32 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 4/28/2011 2:59:32 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053

Error - 4/28/2011 2:59:43 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 4/28/2011 2:59:43 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053

Error - 4/28/2011 2:59:57 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 4/28/2011 2:59:57 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053

Error - 4/28/2011 3:00:12 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 4/28/2011 3:00:12 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053

Error - 4/28/2011 3:00:30 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 4/28/2011 3:00:30 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053


< End of report >


GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-05-03 22:51:46
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0xB2 0xF5 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBF 0x55 0x01 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0xE4 0x8D 0x69 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB4 0x67 0x09 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBF 0x55 0x01 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0xE4 0x8D 0x69 ...

---- Files - GMER 1.0.15 ----

File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110428.002 0 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#4
Salagubang
Posted 04 May 2011 - 12:04 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
keegen
Posted 04 May 2011 - 10:33 AM

keegen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
I downloaded and ran ComboFix. It kept telling me that my Norton 360 was still running but I have it turned off. It does not look like ComboFix has finished but has been running for over an hour and a half and has been stuck at "completed stage-48". What should I do, just let it keep running?
  • 0

#6
keegen
Posted 04 May 2011 - 11:52 AM

keegen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Okay, it did finish after about 3 hours. Here is the log.

ComboFix 11-05-03.07 - Kevin 05/04/2011 8:22.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.871 [GMT -7:00]
Running from: c:\users\Kevin\Downloads\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{E3870ACA-B46E-43B7-AE31-D18659FD85F0}\setup.msi
c:\windows\Downloaded Program Files\tgctlsr.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 15:14 . 2011-05-04 15:15 -------- d-----w- C:\32788R22FWJFW
2011-05-04 05:18 . 2011-05-04 05:18 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-05-04 05:10 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-05-04 05:10 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-05-02 19:57 . 2011-05-02 19:57 -------- d-----w- c:\users\Kevin\AppData\Local\{F52EBAAC-14C3-44E6-832C-1CE0468400FC}
2011-04-29 20:40 . 2011-04-29 20:40 -------- d-----w- c:\users\Kevin\AppData\Local\{62F748DF-C19C-455C-A877-EA986F9A2795}
2011-04-28 16:41 . 2011-04-28 16:41 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-04-28 16:41 . 2011-04-28 16:41 -------- d-----w- c:\users\Kevin\AppData\Roaming\SystemRequirementsLab
2011-04-28 16:12 . 2000-01-01 00:00 924672 ----a-w- c:\windows\system32\fdco2.dll
2011-04-28 16:12 . 2000-01-01 00:00 348264 ----a-w- c:\windows\system32\drivers\nvmf6264.sys
2011-04-28 16:12 . 2000-01-01 00:00 199272 ----a-w- c:\windows\system32\nvconrm.dll
2011-04-28 16:12 . 2000-01-01 00:00 845736 ----a-w- c:\windows\system32\DPInst.exe
2011-04-28 15:26 . 2011-04-28 15:26 -------- d-----w- c:\users\UpdatusUser
2011-04-28 15:05 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 15:05 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 15:05 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 15:05 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 15:05 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 15:05 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-04-28 15:05 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 15:05 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-04-28 15:05 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 15:05 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 15:05 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-04-28 15:04 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 15:04 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 15:04 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-28 15:04 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 15:04 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 15:04 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-28 06:09 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-04-28 04:05 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-04-28 04:05 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-04-28 04:05 . 2011-05-02 22:22 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-04-28 04:05 . 2011-05-02 22:22 -------- d-----w- c:\program files\Symantec
2011-04-28 04:05 . 2011-04-28 04:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-04-28 04:04 . 2011-05-03 14:58 -------- d-----w- c:\windows\system32\drivers\N360x64
2011-04-28 04:04 . 2011-04-28 04:04 -------- d-----w- c:\program files (x86)\Norton 360 Premier Edition
2011-04-27 04:11 . 2011-04-18 16:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC72E102-D856-4D4D-B87D-A33C34A7F5AD}\mpengine.dll
2011-04-27 03:53 . 2011-04-27 03:53 -------- d-----w- C:\found.008
2011-04-26 03:48 . 2011-04-26 03:48 -------- d-----w- c:\program files (x86)\Realtek
2011-04-26 03:46 . 2011-04-26 03:51 -------- d--h--w- c:\program files (x86)\Temp
2011-04-26 03:27 . 2011-04-26 03:27 -------- d-----w- c:\program files (x86)\Fast Duplicate File Finder
2011-04-26 03:22 . 2011-05-04 14:58 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-04-26 03:22 . 2011-04-26 03:22 -------- d-----w- c:\users\Kevin\AppData\Local\SlimWare Utilities Inc
2011-04-26 03:22 . 2011-04-26 03:22 -------- d-----w- c:\program files (x86)\SlimDrivers
2011-04-25 18:51 . 2011-04-25 18:51 -------- d-----w- c:\users\Debbie\AppData\Local\AskToolbar
2011-04-24 11:59 . 2011-04-24 11:59 -------- d-----w- C:\found.007
2011-04-23 19:08 . 2011-04-23 19:08 -------- d-----w- c:\users\Kevin\AppData\Local\player_client.exe
2011-04-23 19:06 . 2011-04-23 19:06 -------- d-----w- c:\users\Kevin\AppData\Local\HeroEngine
2011-04-22 20:41 . 2011-04-22 20:41 -------- d-----w- C:\found.006
2011-04-21 15:12 . 2011-04-21 15:12 -------- d-----w- C:\found.005
2011-04-18 16:31 . 2011-04-18 16:31 -------- d-----w- C:\found.004
2011-04-18 05:30 . 2011-04-18 05:30 -------- d-----w- C:\found.003
2011-04-17 20:08 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-17 20:08 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-17 00:26 . 2011-02-23 04:56 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-17 00:26 . 2011-02-23 04:56 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-17 00:26 . 2011-02-23 04:55 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-17 00:26 . 2011-03-03 03:52 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-04-17 00:24 . 2011-03-08 06:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-17 00:24 . 2011-03-08 05:28 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-12 22:17 . 2011-04-13 04:42 -------- d-----w- c:\users\Debbie\AppData\Roaming\Orbit
2011-04-12 22:17 . 2011-04-12 22:17 -------- d-----w- c:\users\Debbie\AppData\Roaming\ProgSense
2011-04-12 17:09 . 2011-04-12 17:09 -------- d-----w- C:\found.002
2011-04-09 06:00 . 2011-04-09 06:00 465920 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-08 06:19 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 06:19 . 2011-04-08 06:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-08 06:19 . 2011-04-08 06:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 06:19 . 2011-04-08 06:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 06:19 . 2011-04-08 06:19 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-27 04:35 . 2009-07-13 23:36 50176 ----a-w- c:\windows\system32\srclient.dll
2011-04-27 04:31 . 2009-07-13 23:40 50688 ----a-w- c:\windows\system32\wermgr.exe
2011-04-11 18:53 . 2011-03-17 20:42 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-11 18:53 . 2011-03-17 20:18 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-18 02:40 . 2011-03-18 02:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-18 02:40 . 2011-03-18 02:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-18 02:40 . 2011-03-18 02:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-18 02:40 . 2011-03-18 02:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-18 02:40 . 2011-03-18 02:40 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-18 02:40 . 2011-03-18 02:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-18 02:40 . 2011-03-18 02:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-18 02:40 . 2011-03-18 02:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-18 02:40 . 2011-03-18 02:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-18 02:40 . 2011-03-18 02:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-18 02:40 . 2011-03-18 02:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-18 02:40 . 2011-03-18 02:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-18 02:40 . 2011-03-18 02:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-18 02:40 . 2011-03-18 02:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-18 02:40 . 2011-03-18 02:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-18 02:40 . 2011-03-18 02:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-18 02:40 . 2011-03-18 02:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-18 02:40 . 2011-03-18 02:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-18 02:40 . 2011-03-18 02:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-18 02:40 . 2011-03-18 02:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-18 02:40 . 2011-03-18 02:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-18 02:40 . 2011-03-18 02:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-18 02:40 . 2011-03-18 02:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-18 02:40 . 2011-03-18 02:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-18 02:40 . 2011-03-18 02:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-18 02:40 . 2011-03-18 02:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-18 02:40 . 2011-03-18 02:40 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-18 02:40 . 2011-03-18 02:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-18 02:40 . 2011-03-18 02:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-18 02:40 . 2011-03-18 02:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-18 02:40 . 2011-03-18 02:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-18 02:40 . 2011-03-18 02:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-18 02:40 . 2011-03-18 02:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-18 02:40 . 2011-03-18 02:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-18 02:40 . 2011-03-18 02:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-18 02:40 . 2011-03-18 02:40 448512 ----a-w- c:\windows\system32\html.iec
2011-03-18 02:40 . 2011-03-18 02:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-18 02:40 . 2011-03-18 02:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-18 02:40 . 2011-03-18 02:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-18 02:40 . 2011-03-18 02:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-18 02:40 . 2011-03-18 02:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-18 02:40 . 2011-03-18 02:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-17 20:17 . 2011-03-17 20:17 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-17 17:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-17 17:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-08 19:11 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 15:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 15:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-17 16:08 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-17 16:08 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-17 16:08 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-17 16:08 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-17 16:08 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 02:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-18 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"RockMelt Update"="c:\users\Kevin\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-04-22 136336]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-02-25 321328]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-19 293950]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-3-6 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110502.001\IDSvia64.sys [2011-03-14 476792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 136176]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-17 136176]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-04-15 1127032]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
S2 N360;Norton 360;c:\program files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2000-01-01 2218600]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-04-27 132656]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 01:37]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 01:37]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-17 01:37]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-17 01:37]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1003Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 02:41]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1003UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-19 02:41]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1004Core.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 22:06]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1004UA.job
- c:\users\Debbie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-24 22:06]
.
2011-05-03 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
- c:\users\Kevin\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-12-23 22:22]
.
2011-05-04 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
- c:\users\Kevin\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2010-12-23 22:22]
.
2011-05-04 c:\windows\Tasks\SlimDrivers Startup.job
- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-04-13 21:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
Trusted Zone: intuit.com\ttlc
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ISUSPM - c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-RTHDCPL - RTHDCPL.EXE
HKLM-Run-SkyTel - SkyTel.EXE
HKLM-Run-SoundMan - SOUNDMAN.EXE
HKLM-Run-Alcmtr - ALCMTR.EXE
AddRemove-Astroburn Lite - c:\program files (x86)\Astroburn Lite\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3519206298-1893559416-1398785597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3519206298-1893559416-1398785597-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-04 10:36:38
ComboFix-quarantined-files.txt 2011-05-04 17:36
.
Pre-Run: 161,667,313,664 bytes free
Post-Run: 161,543,942,144 bytes free
.
- - End Of File - - A7D5DFFD35888C41063AE9F87D659233
  • 0

#7
Salagubang
Posted 04 May 2011 - 07:21 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Step One

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step Two

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0

#8
keegen
Posted 05 May 2011 - 02:16 AM

keegen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
Malwarebytes found nothing and Eset said it cleaned two items.\


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6509

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

5/4/2011 9:08:39 PM
mbam-log-2011-05-04 (21-08-39).txt

Scan type: Quick scan
Objects scanned: 202572
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

====

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
======
This is what Eset said it cleaned:
C:\Program Files (x86)\Wishpot\~ietb.dll probably a variant of Win32/Adware.BHO.NHL application cleaned by deleting - quarantined
C:\Users\Kevin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\32dcefee-48f9b937 probably a variant of Win32/Agent.RPSVWU trojan cleaned by deleting - quarantined
  • 0

#9
Salagubang
Posted 05 May 2011 - 03:05 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
How is the computer running?

Open OTL and choose Run Scan. Post the log for review.
  • 0

#10
Salagubang
Posted 05 May 2011 - 03:06 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
How is the computer running?

Open OTL and choose Run Scan. Post the log for review.
  • 0

#11
keegen
Posted 05 May 2011 - 10:59 AM

keegen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 58 posts
The computer seems to be running much better now but I am still unable to use System Restore. When I try to run System Restore, I get an error message that says:

"System Restore does not appear to be functioning correctly on this system. A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. (0x80042302)"

Do you think this is an unrelated issue? If so, I will end this thread and begin looking for answers. Thank you for your help.


OTL logfile created on: 5/5/2011 9:41:57 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 150.28 Gb Free Space | 32.27% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 12:03:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
PRC - [2011/04/25 20:54:42 | 000,403,240 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2011/04/20 12:18:49 | 001,339,720 | ---- | M] (RockMelt, Inc.) -- C:\Users\Kevin\AppData\Local\RockMelt\Application\rockmelt.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/04/13 14:09:48 | 025,331,552 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2011/03/17 13:17:58 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/25 13:26:15 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/12/14 17:12:12 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2010/11/17 21:41:55 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/04/01 02:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/25 22:10:20 | 021,979,992 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/07/20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [1999/12/31 17:00:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe


========== Modules (SafeList) ==========

MOD - [2011/04/28 12:03:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Downloads\OTL.exe
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/05/03 14:52:41 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/04/25 20:54:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2011/03/17 13:17:58 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/13 08:37:06 | 000,164,352 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [1999/12/31 17:00:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/05 08:24:48 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011/05/02 15:22:13 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/21 17:39:49 | 000,382,584 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/15 17:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/20 20:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/04/26 21:16:33 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/21 02:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 02:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 02:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/08/25 13:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 17:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 17:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 17:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/17 09:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 09:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 09:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [1999/12/31 17:00:00 | 000,348,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV - [2011/04/27 01:00:00 | 001,828,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110505.003\EX64.SYS -- (NAVEX15)
DRV - [2011/04/27 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/04/27 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/04/27 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20110505.003\ENG64.SYS -- (NAVENG)
DRV - [2011/04/15 13:29:04 | 001,127,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110430.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/03/14 11:58:28 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110504.001\IDSviA64.sys -- (IDSVia64)
DRV - [2006/10/13 08:18:26 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5E 7D E2 8E DD FA CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2011/05/03 07:58:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn\ [2011/05/02 15:21:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Components: C:\Program Files (x86)\Flock\components [2011/04/21 10:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.5.6\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2011/04/21 19:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files (x86)\Flock\components [2011/04/21 10:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files (x86)\Flock\plugins [2011/04/21 19:23:57 | 000,000,000 | ---D | M]

[2011/01/17 12:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2010/04/28 16:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/17 12:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/05/04 10:32:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Wishpot Button) - {9E40F4A8-6896-4b67-91F5-F6F287ECB5D9} - C:\Program Files (x86)\Wishpot\ietb.dll (VONeS.NET)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Wishpot Button) - {7DAAFFD0-5A88-447d-96C6-E6CA06AF0758} - C:\Program Files (x86)\Wishpot\ietb.dll (VONeS.NET)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDCPL] File not found
O4:64bit: - HKLM..\Run: [SkyTel] File not found
O4:64bit: - HKLM..\Run: [SoundMan] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [RockMelt Update] C:\Users\Kevin\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Web 2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 21:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/05/04 18:34:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{5F082D10-FD92-465E-9CC6-F9528954C2DB}
[2011/05/04 12:34:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/04 12:32:09 | 000,000,000 | -HSD | C] -- C:\found.009
[2011/05/04 10:36:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/04 08:15:15 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/04 08:15:15 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/04 08:15:15 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/04 08:14:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/04 08:14:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/04 08:13:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/04 08:09:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/03 22:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/05/03 22:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/05/03 22:10:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/05/03 22:10:50 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/05/02 15:22:12 | 000,382,584 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnets.sys
[2011/05/02 15:22:11 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.sys
[2011/05/02 15:22:11 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.sys
[2011/05/02 15:22:11 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.sys
[2011/05/02 15:22:11 | 000,171,128 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\ironx64.sys
[2011/05/02 15:22:11 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.sys
[2011/05/02 15:21:54 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\0501000.01D
[2011/05/02 12:57:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{F52EBAAC-14C3-44E6-832C-1CE0468400FC}
[2011/04/29 13:48:27 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\New folder (3)
[2011/04/29 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\{62F748DF-C19C-455C-A877-EA986F9A2795}
[2011/04/29 11:37:06 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\gallery
[2011/04/28 09:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/04/28 09:41:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SystemRequirementsLab
[2011/04/28 09:12:56 | 000,924,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\fdco2.dll
[2011/04/28 09:12:56 | 000,348,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvmf6264.sys
[2011/04/28 09:12:56 | 000,199,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvconrm.dll
[2011/04/28 09:12:54 | 000,845,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DPInst.exe
[2011/04/28 08:24:17 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/04/28 08:24:17 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/04/28 08:24:16 | 020,700,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011/04/28 08:24:16 | 006,299,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011/04/28 08:24:15 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011/04/28 08:24:14 | 001,619,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420140.dll
[2011/04/28 08:24:14 | 001,404,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642060.dll
[2011/04/28 08:24:13 | 012,934,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011/04/28 08:24:13 | 010,071,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011/04/28 08:24:13 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011/04/28 08:24:13 | 002,765,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011/04/28 08:24:12 | 006,974,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011/04/28 08:24:12 | 005,183,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011/04/28 08:24:12 | 002,204,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/04/28 08:24:12 | 002,074,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011/04/28 08:24:11 | 013,007,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011/04/28 08:24:10 | 018,578,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011/04/28 08:24:10 | 002,034,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011/04/28 08:24:10 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011/04/28 08:05:05 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/28 08:05:05 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/28 08:05:05 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/28 08:05:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/28 08:05:05 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/28 08:05:04 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/28 08:05:03 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/28 08:04:30 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/28 08:04:30 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/28 08:04:26 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/28 08:04:26 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/28 08:04:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/28 08:04:25 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/27 23:09:58 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/04/27 21:05:23 | 000,125,872 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/04/27 21:05:23 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/04/27 21:05:21 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/04/27 21:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/04/27 21:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/04/27 21:04:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2011/04/27 21:04:07 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 Premier Edition
[2011/04/27 21:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360 Premier Edition
[2011/04/26 20:53:04 | 000,000,000 | ---D | C] -- C:\found.008
[2011/04/25 20:48:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/04/25 20:46:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/04/25 20:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
[2011/04/25 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Duplicate File Finder
[2011/04/25 20:22:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\SlimWare Utilities Inc
[2011/04/25 20:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[2011/04/25 20:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlimDrivers
[2011/04/24 04:59:47 | 000,000,000 | ---D | C] -- C:\found.007
[2011/04/23 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Documents\FaxionOnline
[2011/04/23 12:08:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\player_client.exe
[2011/04/23 12:06:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\HeroEngine
[2011/04/22 22:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueGames
[2011/04/22 15:26:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RockMelt
[2011/04/22 13:41:19 | 000,000,000 | ---D | C] -- C:\found.006
[2011/04/21 08:12:12 | 000,000,000 | ---D | C] -- C:\found.005
[2011/04/18 09:31:04 | 000,000,000 | ---D | C] -- C:\found.004
[2011/04/17 22:30:59 | 000,000,000 | ---D | C] -- C:\found.003
[2011/04/17 13:08:56 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/17 13:08:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/16 17:25:52 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/16 17:25:52 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/16 17:25:51 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/16 17:25:51 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/16 17:25:51 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/16 17:25:51 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/16 17:25:51 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/16 17:25:49 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/16 17:25:49 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/16 17:25:49 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/16 17:25:48 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/16 17:25:47 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/16 17:25:36 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/16 17:25:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/16 17:25:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/16 17:25:34 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/16 17:25:34 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/16 17:25:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/16 17:25:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/12 10:09:51 | 000,000,000 | ---D | C] -- C:\found.002
[2011/04/08 23:00:34 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\itpcoin815.dll
[2011/04/07 23:19:38 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/04/07 23:19:36 | 000,797,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011/04/07 23:19:26 | 006,338,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/04/07 23:19:08 | 003,041,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 09:27:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
[2011/05/05 09:16:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 09:16:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1003UA.job
[2011/05/05 08:59:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000UA.job
[2011/05/05 08:52:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1004UA.job
[2011/05/05 08:31:30 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 08:31:30 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/05 08:25:09 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/05/05 08:24:48 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/05/05 08:24:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 08:23:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/05 08:23:47 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 21:02:05 | 000,001,137 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/04 21:02:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 19:16:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1003Core.job
[2011/05/04 15:27:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
[2011/05/04 10:52:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1004Core.job
[2011/05/04 10:32:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/04 07:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3519206298-1893559416-1398785597-1000Core.job
[2011/05/04 07:58:13 | 000,441,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/03 22:18:58 | 001,596,788 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/05/03 07:58:13 | 000,002,564 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/05/02 15:22:13 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/05/02 15:22:13 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/05/02 15:22:13 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/04/29 14:10:44 | 000,000,952 | ---- | M] () -- C:\Users\Kevin\frprowin2009act.lic
[2011/04/29 10:14:37 | 000,001,456 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/04/28 21:22:33 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/04/27 23:14:23 | 000,001,305 | ---- | M] () -- C:\Users\Kevin\Desktop\Norton Installation Files.lnk
[2011/04/26 21:35:03 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2011/04/26 21:31:35 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wermgr.exe
[2011/04/25 20:22:08 | 000,002,467 | ---- | M] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2011/04/23 16:59:58 | 387,340,470 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/22 22:45:05 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Faxion.lnk
[2011/04/22 17:03:02 | 000,007,605 | ---- | M] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2011/04/22 15:28:49 | 000,002,227 | ---- | M] () -- C:\Users\Kevin\Desktop\RockMelt.lnk
[2011/04/21 19:24:00 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/04/21 16:20:00 | 001,033,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/21 16:20:00 | 000,255,182 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/21 16:20:00 | 000,006,604 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:19:54 | 000,006,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/21 08:30:26 | 000,001,358 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/13 10:27:08 | 000,000,162 | -H-- | M] () -- C:\Users\Public\Documents\~$sume AAA.rtf
[2011/04/12 11:50:29 | 000,052,146 | ---- | M] () -- C:\Users\Public\Documents\Kailynn Ingalls.rtf
[2011/04/12 11:50:29 | 000,000,162 | -H-- | M] () -- C:\Users\Public\Documents\~$ilynn Ingalls.rtf
[2011/04/12 11:45:58 | 000,052,116 | ---- | M] () -- C:\Users\Public\Documents\Resume AAA.rtf
[2011/04/11 11:53:13 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/04/11 11:53:13 | 000,234,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/04/08 23:00:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\itpcoin815.dll
[2011/04/07 23:19:38 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011/04/07 23:19:36 | 000,797,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
[2011/04/07 23:19:26 | 006,338,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011/04/07 23:19:08 | 003,041,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011/04/06 16:16:57 | 000,000,450 | ---- | M] () -- C:\Users\Kevin\Desktop\CD Drive - Shortcut.lnk
[2011/04/05 11:47:10 | 000,013,181 | ---- | M] () -- C:\Users\Kevin\Documents\Bills.ods
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 21:02:05 | 000,001,137 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/05/04 08:15:15 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/04 08:15:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/04 08:15:15 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/04 08:15:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/04 08:15:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/03 07:57:40 | 001,596,788 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\Cat.DB
[2011/05/02 15:22:12 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet64.cat
[2011/05/02 15:22:12 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symnet.inf
[2011/05/02 15:22:11 | 000,007,492 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.cat
[2011/05/02 15:22:11 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.cat
[2011/05/02 15:22:11 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa64.cat
[2011/05/02 15:22:11 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.cat
[2011/05/02 15:22:11 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symefa.inf
[2011/05/02 15:22:11 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds.inf
[2011/05/02 15:22:11 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtsp64.inf
[2011/05/02 15:22:11 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\srtspx64.inf
[2011/05/02 15:22:11 | 000,000,772 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\iron.inf
[2011/05/02 15:21:55 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\symds64.cat
[2011/05/02 15:21:54 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\0501000.01D\isolate.ini
[2011/04/28 09:12:49 | 000,006,614 | ---- | C] () -- C:\Windows\SysNative\nvnrm.nvu
[2011/04/27 21:05:21 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/04/27 21:05:21 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/04/27 21:05:00 | 000,002,564 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2011/04/25 20:22:26 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/04/25 20:22:21 | 000,013,920 | ---- | C] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2011/04/25 20:22:08 | 000,002,467 | ---- | C] () -- C:\Users\Public\Desktop\SlimDrivers.lnk
[2011/04/22 22:45:05 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Faxion.lnk
[2011/04/22 17:03:02 | 000,007,605 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg
[2011/04/22 15:28:49 | 000,002,227 | ---- | C] () -- C:\Users\Kevin\Desktop\RockMelt.lnk
[2011/04/21 08:30:26 | 000,001,358 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/04/13 10:27:08 | 000,000,162 | -H-- | C] () -- C:\Users\Public\Documents\~$sume AAA.rtf
[2011/04/12 11:50:29 | 000,000,162 | -H-- | C] () -- C:\Users\Public\Documents\~$ilynn Ingalls.rtf
[2011/04/12 11:50:28 | 000,052,146 | ---- | C] () -- C:\Users\Public\Documents\Kailynn Ingalls.rtf
[2011/04/12 10:50:26 | 000,052,116 | ---- | C] () -- C:\Users\Public\Documents\Resume AAA.rtf
[2011/04/06 16:16:57 | 000,000,450 | ---- | C] () -- C:\Users\Kevin\Desktop\CD Drive - Shortcut.lnk
[2011/03/22 10:50:32 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/17 13:18:17 | 000,234,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/17 13:17:58 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/22 10:06:12 | 000,000,566 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/01 12:18:22 | 000,020,480 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 11:04:58 | 000,110,592 | R--- | C] () -- C:\Windows\SysWow64\ustor.dll
[2010/07/20 11:04:58 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\DMAPI.dll
[2010/07/08 19:48:57 | 000,001,456 | ---- | C] () -- C:\Users\Kevin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/07/01 19:33:21 | 000,000,093 | ---- | C] () -- C:\Users\Kevin\AppData\Local\fusioncache.dat
[2010/06/21 17:53:00 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/05/14 10:15:08 | 000,000,576 | ---- | C] () -- C:\Users\Kevin\AppData\Local\rx_image.Cache
[2010/05/14 10:15:05 | 000,016,864 | ---- | C] () -- C:\Users\Kevin\AppData\Local\rx_audio.Cache
[2010/04/28 16:03:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/27 09:50:18 | 000,006,604 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/04/17 19:57:58 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/04/16 18:25:34 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/09/05 14:59:14 | 000,273,408 | ---- | C] () -- C:\Windows\NVGfxOgl.dll

< End of report >
  • 0

#12
Salagubang
Posted 05 May 2011 - 05:51 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi keegen,

That’s all you need to do. Your PC is clean.

I now suggest you head to the Windows 7 regarding the problem with volume shadow copy not responding – they will be able to provide better advice than I can. In the meantime, here are my suggestions for staying safe and clean – I know you already have some, but there are a few that you don’t have – and should! Also take the time to read some of the articles on PC safety and security.

Lets wrap up.

We need to remove all the tools that you have used.
This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Remove ComboFix
  • Click the Start button
  • Click Run...
  • Type Combofix /Uninstall in the run dialog box and click OK
Posted Image


Remove Other Tools
  • Download OTC to your desktop and run it
  • Click CleanUp! to begin the cleanup process and remove our tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

You may manually delete any remaining clutter from your desktop.

Lets Re-hide system files and folders.
Opening Windows Explorer (to get there right-click your Start button and go to "Explore"), please do the following:
  • Go to Tools (drop-down menu at the top of the window)
  • Go down and click Folder Options
  • Click on the View tab
  • Find the Hidden Files and Folders section of the box and check "Do not show hidden files and folders"
  • Again under Hidden Files and Folders, find "Hide protected operating system files (Recommended)" and check it (if it's already checked)
  • Click Apply, and then Ok at the bottom.
  • Close the window

++++++++++++++++++++++++++++++++++++

Maintaning your computer

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete CLEAN
THEN
  • Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT

Defrag the harddrive

++++++++++++++++++++++++++++++++++

Other things to keep in mind

Windows, Java, and Adobe products should all be kept up-to-date on a regular basis so the latest security fixes are in place on your computer. Please refer to the following links on how to manage these products.

Here are a few other applications you might consider. Keeping your temporary file area clean, your Windows registry backed up, and backing up your important data are all good techniques.
  • Flush Flash - by Bobbi Flekman - cleans Flash Player cookies
  • ERUNT (Emergency Recovery Utility NT) - a registry backup utility
  • Cobian Backup - a very good backup utility - read the tutorial here
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for Chrome and Opera.
Please remember that just having these programs is not enough. You must use them. Running a full spyware scan weekly, a full virus scan monthly, and checking for updates and cleaning your temporary files periodically is very important in keeping your computer in tip-top shape.

Finally, please take the time to read the following articles. Applying this information will help prevent future infections:

How to prevent malware by miekiemoes
Preventing Malware and Safe Computing by Rorschach112

This article will help you understand how you may have gotten infected:
How did I get infected in the first place?

Remember, you have to be smarter than the bad guys! Be safe out there! Posted Image
  • 0

#13
Salagubang
Posted 08 May 2011 - 10:17 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP