Jump to content

Vista Home Premium, 64-Bit, mbam.exe prevented from installing


Recommended Posts

The infection initially disabled RegEdit, TaskManager, and FolderOptions for all users. I was able to get that sorted by following instructions here:

http://www.winhelponline.com/articles/156/...l#postedcomment

But there's still a rootkit or malware here, because internet explorer refuses to browse to any websites at all... and occasionally links from google redirect briefly to pleasehelpsearch.com or something, and then on to the real link.

Help would be well appreciated.

Thanks again

Chad

Link to post
Share on other sites

A little more work on this...

When running the MBAM installer, I made note of when the files were extracted, quickly hit CTRL + A to select them all, and then DEL to send them to the recycling bin. This way... they were preserved :)

So then I re-installed, the malware removed mbam.exe as expected, but then I pasted in the copy from the recycle bin (renamed to google.exe).

Then ran a scan:

========================================================

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

4/30/2010 4:13:07 PM

mbam-log-2010-04-30 (16-13-07).txt

Scan type: Quick scan

Objects scanned: 132427

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 21

Registry Values Infected: 3

Registry Data Items Infected: 1

Folders Infected: 4

Files Infected: 17

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Fci (Rootkit.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpCmdRun.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccagent.exe (Rogue.PClean) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vahizagoha (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Users\Chad\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:

C:\Windows\System32\gogihuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\judetivo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\kafiseri.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\wevaluzo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\yaturite.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Roaming\ACommander\ccagent.exe (Rogue.PClean) -> Quarantined and deleted successfully.

C:\Windows\System32\keyipole.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Users\Chad\AppData\Local\Temp\00000349 (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Windows\Temp\soft.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.

C:\Users\chadderack\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files (x86)\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.

C:\Users\Chad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Users\chadderack\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

C:\Windows\System32\fci.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.

C:\Users\Chad\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

=========================================================================

Also just re-ran DDS in case something has happened in the last few hours (and this time allowed it to finish with attach.zip)

:

-------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSX64

Run by chadderack at 20:55:03.75 on Fri 04/30/2010

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16

Microsoft

Attach.zip

Link to post
Share on other sites

My topic was posted an hour before this one: http://forums.malwarebytes.org/index.php?showtopic=48943

and yet he's getting help already? :(

Well I've gone ahead and downloaded and ran OTL. Here are those logs.

=====================================================

OTL logfile created on: 5/1/2010 2:47:03 PM - Run 1

OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\chadderack\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.37 Gb Total Space | 66.87 Gb Free Space | 23.35% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GATEWAY-2-AWESM

Current User Name: chadderack

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\chadderack\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360.exe (IObit)

PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe (IObit)

PRC - C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)

PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

PRC - C:\Program Files (x86)\Last.fm\LastFMHelper.exe (Last.fm)

========== Modules (SafeList) ==========

MOD - C:\Users\chadderack\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\cewmdm.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV:64bit: - (ETService) -- C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()

SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe ()

SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (IS360service) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe (IObit)

SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (NMSAccessU) -- C:\Program Files (x86)\BurnAware Free\nmsaccessu.exe ()

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (o2flash) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe (O2Micro International)

SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 07:34:14 | 000,000,000 | ---D | M]

SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()

SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys ()

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys ()

DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys ()

DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys ()

DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys ()

DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys ()

DRV:64bit: - (eamon) -- C:\Windows\SysNative\DRIVERS\eamon.sys ()

DRV:64bit: - (swmsflt) -- C:\Windows\SysNative\drivers\swmsflt.sys ()

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys ()

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys ()

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys ()

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys ()

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys ()

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()

DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()

DRV:64bit: - (UVCFTR) -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS ()

DRV:64bit: - (O2SDRDR) -- C:\Windows\SysNative\DRIVERS\o2sdx64.sys ()

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys ()

DRV:64bit: - (O2MDRDR) -- C:\Windows\SysNative\DRIVERS\o2mdx64.sys ()

DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()

DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()

DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()

DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()

DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()

DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys ()

DRV:64bit: - (usbvideo) -- C:\Windows\SysNative\Drivers\usbvideo.sys ()

DRV:64bit: - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys ()

DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()

DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\DRIVERS\CmBatt.sys ()

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()

DRV:64bit: - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\Windows\SysNative\DRIVERS\swumx80.sys ()

DRV:64bit: - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\Windows\SysNative\DRIVERS\swnc8u80.sys ()

DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()

DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys ()

DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\Drivers\SSPORT.sys ()

DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\Drivers\DgiVecp.sys ()

DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\DRIVERS\emDevice64.sys ()

DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\DRIVERS\emFilter64.sys ()

DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\DRIVERS\emScan64.sys ()

DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()

DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\DRIVERS\MarvinBus64.sys ()

DRV - (Wd) -- C:\watcom-1.3\binnt\wd.exe ()

DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)

DRV - (VSPerfDrv90) -- C:\Program Files (x86)\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\x64\VSPerfDrv90.sys (Microsoft Corporation)

DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()

DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...-7805u&c=BB

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...-7805u&c=BB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...-7805u&c=BB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...-7805u&c=BB

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACG...-7805u&c=BB

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "about:blank"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {68BA4AB2-8821-4C20-866E-501D4813E1B7}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{C3B530B2-E259-439F-80B2-22D268949933}: C:\Users\chadderack\AppData\Local\{C3B530B2-E259-439F-80B2-22D268949933}

FF - HKLM\software\mozilla\Firefox\Extensions\\{68BA4AB2-8821-4C20-866E-501D4813E1B7}: C:\Users\Chad\AppData\Local\{68BA4AB2-8821-4C20-866E-501D4813E1B7} [2010/04/29 20:23:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/04/29 20:49:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/30 16:13:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/29 20:18:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/30 11:53:20 | 000,000,000 | ---D | M]

[2009/03/10 00:15:30 | 000,000,000 | ---D | M] -- C:\Users\chadderack\AppData\Roaming\Mozilla\Extensions

[2009/03/10 00:15:30 | 000,000,000 | ---D | M] -- C:\Users\chadderack\AppData\Roaming\Mozilla\Firefox\Profiles\rw9hxexc.default\extensions

[2010/04/30 16:53:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll File not found

O2 - BHO: (no name) - {ff3193e7-f265-4d8e-bd97-129a1eed8450} - File not found

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O3:64bit: - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll File not found

O3 - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()

O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [iObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)

O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [vahizagoha] File not found

O4 - HKU\.DEFAULT..\Run: [ccagent.exe] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ACommander\ccagent.exe File not found

O4 - HKU\S-1-5-18..\Run: [ccagent.exe] C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ACommander\ccagent.exe File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files (x86)\Last.fm\LastFMHelper.exe (Last.fm)

O4 - Startup: C:\Users\chadderack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk = C:\Program Files (x86)\Last.fm\LastFMHelper.exe (Last.fm)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1681174169-2105093525-2007768027-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150

O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()

O20 - AppInit_DLLs: (mamizudi.dll) - File not found

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\mamizudi.dll) - C:\Windows\SysWOW64\mamizudi.dll File not found

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\judetivo.dll) - C:\Windows\SysWOW64\judetivo.dll File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ACommander\ccmain.exe) - C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ACommander\ccmain.exe File not found

O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ACommander\ccmain.exe) - C:\Windows\SysWow64\config\systemprofile\AppData\Roaming\ACommander\ccmain.exe File not found

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{07560633-2ee0-11de-bb82-ad132cc00964}\Shell - "" = AutoRun

O33 - MountPoints2\{07560633-2ee0-11de-bb82-ad132cc00964}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{4f518acd-18d1-11de-8128-001d72f1281f}\Shell - "" = AutoRun

O33 - MountPoints2\{4f518acd-18d1-11de-8128-001d72f1281f}\Shell\AutoRun\command - "" = F:\WIN\setup.exe -- File not found

O33 - MountPoints2\{93802550-0da8-11de-a7ac-001d72f1281f}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found

O33 - MountPoints2\{93802553-0da8-11de-a7ac-001d72f1281f}\Shell - "" = AutoRun

O33 - MountPoints2\{93802553-0da8-11de-a7ac-001d72f1281f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{9380257f-0da8-11de-a7ac-001d72f1281f}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found

O33 - MountPoints2\{93802595-0da8-11de-a7ac-001d72f1281f}\Shell - "" = AutoRun

O33 - MountPoints2\{93802595-0da8-11de-a7ac-001d72f1281f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 180 Days ==========

[2010/05/01 14:44:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\chadderack\Desktop\OTL.exe

[2010/05/01 13:28:24 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Desktop\gmer

[2010/05/01 13:15:40 | 000,000,000 | ---D | C] -- C:\rsit

[2010/04/30 17:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE

[2010/04/30 17:05:21 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Desktop\OpenOffice.org 3.1 (en-US) Installation Files

[2010/04/30 16:51:40 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\Malwarebytes

[2010/04/30 15:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MB

[2010/04/30 12:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI

[2010/04/30 11:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2010/04/30 11:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/04/30 11:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/04/30 11:22:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/30 11:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware3

[2010/04/30 11:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/04/30 11:19:36 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe

[2010/04/30 11:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/04/30 03:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit

[2010/04/30 03:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit

[2010/04/30 03:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

[2010/04/29 23:56:05 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2010/04/29 20:52:26 | 000,000,000 | -H-D | C] -- C:\$AVG

[2010/04/29 20:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg

[2010/04/29 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2010/04/29 20:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9

[2010/04/21 21:15:50 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\Microsoft FxCop

[2010/04/17 18:48:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need4 DVD Burner 6

[2010/04/17 15:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Need4Video

[2010/04/17 02:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need4 Software Launcher

[2010/04/17 02:54:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Need4 Video Converter 7

[2010/04/17 02:00:16 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll

[2010/04/17 02:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ApecSoft

[2010/04/17 01:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPL MPEG Decoder

[2010/04/17 01:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter

[2010/04/17 01:41:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quick Video Converter

[2010/04/17 01:12:05 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\MPEG Streamclip

[2010/04/17 01:00:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool

[2010/04/17 00:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared

[2010/04/17 00:11:31 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Local\CyberLink

[2010/04/17 00:11:30 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Local\PowerCinema

[2010/04/16 22:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup

[2010/04/16 22:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink

[2010/04/16 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Installers\Documents\CyberLink

[2010/04/16 22:19:11 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\CyberLink

[2010/04/10 23:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync

[2010/03/29 00:36:03 | 000,000,000 | ---D | C] -- C:\Windows\PrimoPDF4

[2010/03/29 00:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\activePDF

[2010/03/29 00:32:00 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/03/15 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\Ashampoo

[2010/03/15 14:37:14 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Local\ashampoo

[2010/03/15 14:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo

[2010/03/15 14:36:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo

[2010/03/13 19:16:31 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\Scooter Software

[2010/03/13 19:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Beyond Compare 3

[2010/02/10 13:08:34 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Installers\Documents\TurboTax

[2010/01/24 23:31:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\custom matrices

[2010/01/24 23:31:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime

[2010/01/24 23:31:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\C2MP

[2010/01/24 23:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Player

[2010/01/20 22:36:40 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Shared

[2010/01/20 22:36:40 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Incomplete

[2010/01/20 22:33:11 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\ZiggyTV

[2010/01/19 11:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave

[2010/01/02 19:16:56 | 000,000,000 | ---D | C] -- C:\Users\chadderack\AppData\Roaming\Move Networks

[2009/12/29 22:40:18 | 000,000,000 | ---D | C] -- C:\Windows\Applian FLV Player

[2009/12/29 22:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player

[2009/12/26 20:14:52 | 000,000,000 | ---D | C] -- C:\Users\chadderack\Installers\Documents\SavedGames

========== Files - Modified Within 180 Days ==========

[2010/05/01 15:32:02 | 000,000,282 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[2010/05/01 15:27:59 | 004,194,304 | ---- | M] () -- C:\Users\chadderack\NTUSER.DAT

[2010/05/01 15:02:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/05/01 14:44:25 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\chadderack\Desktop\OTL.exe

[2010/05/01 14:31:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/01 14:31:29 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/01 13:49:07 | 000,642,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/05/01 13:49:07 | 000,118,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/05/01 13:49:06 | 000,756,768 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/05/01 13:39:11 | 000,000,520 | ---- | M] () -- C:\Users\chadderack\Desktop\gmer.exe - Shortcut.lnk

[2010/05/01 13:28:19 | 000,111,386 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010/05/01 13:16:05 | 000,284,915 | ---- | M] () -- C:\Users\chadderack\Desktop\gmer.zip

[2010/05/01 13:12:05 | 000,781,909 | ---- | M] () -- C:\Users\chadderack\Desktop\RSIT.exe

[2010/05/01 12:32:25 | 000,111,386 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010/05/01 12:32:11 | 000,127,968 | ---- | M] () -- C:\Users\chadderack\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/05/01 12:31:58 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn

[2010/05/01 12:31:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/05/01 12:31:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/01 12:31:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/01 12:31:21 | 4289,601,536 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/01 12:30:31 | 000,524,288 | -HS- | M] () -- C:\Users\chadderack\NTUSER.DAT{3e8e146b-53ff-11df-a8a2-001d72f1281f}.TMContainer00000000000000000001.regtrans-ms

[2010/05/01 12:30:31 | 000,065,536 | -HS- | M] () -- C:\Users\chadderack\NTUSER.DAT{3e8e146b-53ff-11df-a8a2-001d72f1281f}.TM.blf

[2010/05/01 12:30:20 | 002,971,678 | -H-- | M] () -- C:\Users\chadderack\AppData\Local\IconCache.db

[2010/05/01 12:17:05 | 002,362,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/05/01 08:27:01 | 059,471,543 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/04/30 21:01:11 | 000,002,747 | ---- | M] () -- C:\Users\chadderack\Desktop\Attach.zip

[2010/04/30 20:54:17 | 000,525,824 | ---- | M] () -- C:\Users\chadderack\Desktop\dds.scr

[2010/04/30 12:02:35 | 000,047,032 | ---- | M] () -- C:\Windows\SysNative\drivers\pxrts.sys

[2010/04/30 12:02:10 | 000,000,049 | ---- | M] () -- C:\Windows\wininit.ini

[2010/04/30 11:37:56 | 000,472,064 | ---- | M] ( ) -- C:\RootRepeal.exe

[2010/04/30 11:28:13 | 000,001,930 | ---- | M] () -- C:\Users\chadderack\Desktop\HijackThis.lnk

[2010/04/30 11:22:11 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/30 11:14:46 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup-1.46.exe

[2010/04/30 03:45:44 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/04/30 03:28:36 | 000,011,658 | ---- | M] () -- C:\vir_bookmarks.html

[2010/04/30 02:53:22 | 000,001,166 | ---- | M] () -- C:\Users\chadderack\Desktop\reg_enable.vbs

[2010/04/30 00:29:53 | 000,000,950 | ---- | M] () -- C:\Users\chadderack\Desktop\procexp - Shortcut.lnk

[2010/04/29 23:45:22 | 000,000,732 | ---- | M] () -- C:\Users\chadderack\AppData\Local\d3d9caps64.dat

[2010/04/29 22:47:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml

[2010/04/29 20:54:07 | 000,524,288 | -HS- | M] () -- C:\Users\chadderack\NTUSER.DAT{3e8e146b-53ff-11df-a8a2-001d72f1281f}.TMContainer00000000000000000002.regtrans-ms

[2010/04/29 20:50:46 | 000,524,288 | -HS- | M] () -- C:\Users\chadderack\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010/04/29 20:50:46 | 000,065,536 | -HS- | M] () -- C:\Users\chadderack\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010/04/29 20:50:42 | 000,012,976 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll

[2010/04/29 20:50:42 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/04/29 20:50:41 | 000,317,520 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/04/29 20:50:37 | 000,269,320 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/04/29 20:50:36 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/04/29 20:50:36 | 000,035,464 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/04/29 20:18:29 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/29 15:39:28 | 000,024,664 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/25 17:05:06 | 000,200,192 | ---- | M] () -- C:\Users\chadderack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/25 16:45:40 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2010/04/22 23:31:44 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

[2010/04/19 11:17:09 | 000,006,396 | ---- | M] () -- C:\Users\chadderack\AppData\Roaming\PrimoPDFSet.xml

[2010/04/17 18:38:52 | 000,000,081 | ---- | M] () -- C:\Windows\need4videoconverter.INI

[2010/04/17 02:55:16 | 000,004,914 | ---- | M] () -- C:\ProgramData\xqkcebzs.dik

[2010/04/13 23:26:31 | 004,993,024 | ---- | M] () -- C:\Users\chadderack\Installers\Documents\corot_analysis.doc

[2010/04/10 23:54:14 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/03/29 00:36:05 | 000,000,310 | ---- | M] () -- C:\Windows\primopdf.ini

[2010/03/22 16:13:36 | 000,000,252 | ---- | M] () -- C:\Users\chadderack\AppData\Roaming\burnaware.ini

[2010/03/09 21:51:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/02/15 21:17:30 | 000,000,833 | ---- | M] () -- C:\Users\chadderack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk

[2010/01/30 08:24:17 | 000,086,722 | -HS- | M] () -- C:\Windows\SysWow64\nomukipo.exe

[2010/01/19 11:57:32 | 000,000,583 | ---- | M] () -- C:\Users\chadderack\Desktop\GoldWave.lnk

[2010/01/12 14:18:24 | 003,645,952 | ---- | M] () -- C:\Windows\SysWow64\ffdshow.ax

[2010/01/12 14:18:20 | 001,409,890 | ---- | M] () -- C:\Windows\SysWow64\ffmpegmt.dll

[2010/01/12 14:18:18 | 000,882,688 | ---- | M] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/01/12 14:18:18 | 000,556,491 | ---- | M] () -- C:\Windows\SysWow64\libmplayer.dll

[2010/01/12 14:18:16 | 004,507,983 | ---- | M] () -- C:\Windows\SysWow64\libavcodec.dll

[2010/01/12 14:18:10 | 000,877,385 | ---- | M] () -- C:\Windows\SysWow64\ff_x264.dll

[2010/01/12 14:18:10 | 000,336,384 | ---- | M] () -- C:\Windows\SysWow64\ff_libfaad2.dll

[2010/01/12 14:18:10 | 000,216,576 | ---- | M] () -- C:\Windows\SysWow64\ff_libdts.dll

[2010/01/12 14:18:10 | 000,151,552 | ---- | M] () -- C:\Windows\SysWow64\ff_libmad.dll

[2010/01/12 14:18:10 | 000,145,408 | ---- | M] () -- C:\Windows\SysWow64\libmpeg2_ff.dll

[2010/01/12 14:18:10 | 000,121,856 | ---- | M] () -- C:\Windows\SysWow64\ff_liba52.dll

[2010/01/12 14:18:08 | 000,169,984 | ---- | M] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2010/01/12 14:18:08 | 000,116,736 | ---- | M] () -- C:\Windows\SysWow64\ff_tremor.dll

[2010/01/12 14:18:08 | 000,100,864 | ---- | M] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2010/01/12 14:18:08 | 000,097,792 | ---- | M] () -- C:\Windows\SysWow64\ff_unrar.dll

[2010/01/12 14:12:36 | 000,085,504 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/12/31 18:00:00 | 000,324,096 | ---- | M] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2009/12/31 18:00:00 | 000,248,320 | ---- | M] () -- C:\Windows\SysWow64\ff_kernelDeint.dll

[2009/12/27 16:24:24 | 000,000,680 | ---- | M] () -- C:\Users\chadderack\AppData\Local\d3d9caps.dat

[2009/12/13 14:25:47 | 000,000,600 | ---- | M] () -- C:\Users\chadderack\PUTTY.RND

[2009/12/12 02:50:21 | 000,000,600 | ---- | M] () -- C:\Users\chadderack\AppData\Local\PUTTY.RND

[2009/12/01 01:28:08 | 000,187,883 | ---- | M] () -- C:\Users\chadderack\L4D2_Box.jpg

[2009/11/14 12:37:08 | 000,154,112 | ---- | M] () -- C:\Windows\SysWow64\ts.dll

[2009/11/14 12:33:40 | 000,357,888 | ---- | M] () -- C:\Windows\SysWow64\gdsmux.exe

[2009/11/14 12:33:38 | 000,249,856 | ---- | M] () -- C:\Windows\SysWow64\dxr.dll

[2009/11/14 12:12:02 | 000,550,400 | ---- | M] () -- C:\Windows\SysWow64\splitter.ax

[2009/11/14 12:11:50 | 000,093,184 | ---- | M] () -- C:\Windows\SysWow64\avss.dll

[2009/11/14 12:11:42 | 000,150,016 | ---- | M] () -- C:\Windows\SysWow64\mkx.dll

[2009/11/14 12:11:42 | 000,141,824 | ---- | M] () -- C:\Windows\SysWow64\mp4.dll

[2009/11/14 12:11:40 | 000,123,392 | ---- | M] () -- C:\Windows\SysWow64\ogm.dll

[2009/11/14 12:11:40 | 000,109,568 | ---- | M] () -- C:\Windows\SysWow64\avi.dll

[2009/11/14 12:11:38 | 000,097,792 | ---- | M] () -- C:\Windows\SysWow64\avs.dll

[2009/11/14 12:11:36 | 000,136,704 | ---- | M] () -- C:\Windows\SysWow64\mkv2vfr.exe

[2009/11/14 12:11:36 | 000,113,152 | ---- | M] () -- C:\Windows\SysWow64\dsmux.exe

[2009/11/14 12:11:32 | 000,080,384 | ---- | M] () -- C:\Windows\SysWow64\mkzlib.dll

[2009/11/14 12:11:32 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\mkunicode.dll

========== Files Created - No Company Name ==========

[2010/05/01 13:39:11 | 000,000,520 | ---- | C] () -- C:\Users\chadderack\Desktop\gmer.exe - Shortcut.lnk

[2010/05/01 13:17:15 | 000,284,915 | ---- | C] () -- C:\Users\chadderack\Desktop\gmer.zip

[2010/05/01 13:14:46 | 000,781,909 | ---- | C] () -- C:\Users\chadderack\Desktop\RSIT.exe

[2010/04/30 21:01:11 | 000,002,747 | ---- | C] () -- C:\Users\chadderack\Desktop\Attach.zip

[2010/04/30 20:54:29 | 000,525,824 | ---- | C] () -- C:\Users\chadderack\Desktop\dds.scr

[2010/04/30 12:02:35 | 000,047,032 | ---- | C] () -- C:\Windows\SysNative\drivers\pxrts.sys

[2010/04/30 12:01:45 | 000,000,049 | ---- | C] () -- C:\Windows\wininit.ini

[2010/04/30 11:28:13 | 000,001,930 | ---- | C] () -- C:\Users\chadderack\Desktop\HijackThis.lnk

[2010/04/30 11:22:11 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/04/30 11:15:41 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/30 03:56:21 | 000,001,166 | ---- | C] () -- C:\Users\chadderack\Desktop\reg_enable.vbs

[2010/04/30 03:45:44 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk

[2010/04/30 03:28:35 | 000,011,658 | ---- | C] () -- C:\vir_bookmarks.html

[2010/04/30 01:51:20 | 4289,601,536 | -HS- | C] () -- C:\hiberfil.sys

[2010/04/30 00:29:53 | 000,000,950 | ---- | C] () -- C:\Users\chadderack\Desktop\procexp - Shortcut.lnk

[2010/04/30 00:06:54 | 000,192,512 | ---- | C] () -- C:\Windows\SysNative\taskmgr2.exe

[2010/04/29 23:45:22 | 000,000,732 | ---- | C] () -- C:\Users\chadderack\AppData\Local\d3d9caps64.dat

[2010/04/29 22:57:44 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/04/29 22:57:44 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/04/29 20:54:04 | 000,524,288 | -HS- | C] () -- C:\Users\chadderack\NTUSER.DAT{3e8e146b-53ff-11df-a8a2-001d72f1281f}.TMContainer00000000000000000002.regtrans-ms

[2010/04/29 20:54:04 | 000,524,288 | -HS- | C] () -- C:\Users\chadderack\NTUSER.DAT{3e8e146b-53ff-11df-a8a2-001d72f1281f}.TMContainer00000000000000000001.regtrans-ms

[2010/04/29 20:54:04 | 000,065,536 | -HS- | C] () -- C:\Users\chadderack\NTUSER.DAT{3e8e146b-53ff-11df-a8a2-001d72f1281f}.TM.blf

[2010/04/29 20:50:42 | 000,012,976 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll

[2010/04/29 20:50:42 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk

[2010/04/29 20:50:40 | 000,317,520 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/04/29 20:50:37 | 000,269,320 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys

[2010/04/29 20:50:36 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm

[2010/04/29 20:50:36 | 000,035,464 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys

[2010/04/29 20:50:35 | 059,471,543 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm

[2010/04/29 20:03:12 | 000,000,282 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[2010/04/17 17:48:53 | 000,000,081 | ---- | C] () -- C:\Windows\need4videoconverter.INI

[2010/04/17 02:55:16 | 000,004,914 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

[2010/04/13 23:26:30 | 004,993,024 | ---- | C] () -- C:\Users\chadderack\Installers\Documents\corot_analysis.doc

[2010/04/10 23:54:14 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/03/29 00:39:44 | 000,006,396 | ---- | C] () -- C:\Users\chadderack\AppData\Roaming\PrimoPDFSet.xml

[2010/03/29 00:36:05 | 000,090,624 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll

[2010/03/09 21:51:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010/02/10 11:40:30 | 003,068,610 | ---- | C] () -- C:\Users\chadderack\AppData\Local\dd_NET_Framework35_x64_MSI7416.txt

[2010/02/10 11:35:59 | 000,049,160 | ---- | C] () -- C:\Windows\SysNative\infocardcpl.cpl

[2010/02/10 11:35:57 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\icardres.dll

[2010/02/10 11:35:56 | 001,383,936 | ---- | C] () -- C:\Windows\SysNative\icardagt.exe

[2010/02/10 11:35:56 | 001,168,928 | ---- | C] () -- C:\Windows\SysNative\PresentationNative_v0300.dll

[2010/02/10 11:35:56 | 000,167,432 | ---- | C] () -- C:\Windows\SysNative\infocardapi.dll

[2010/02/10 11:35:56 | 000,052,760 | ---- | C] () -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/02/10 11:35:51 | 000,126,520 | ---- | C] () -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll

[2010/02/10 11:35:45 | 000,357,904 | ---- | C] () -- C:\Windows\SysNative\PresentationHost.exe

[2010/02/10 11:25:57 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\netfxperf.dll

[2010/02/10 11:25:35 | 000,112,120 | ---- | C] () -- C:\Windows\SysNative\dfshim.dll

[2010/02/10 11:25:11 | 000,406,528 | ---- | C] () -- C:\Windows\SysNative\mscoree.dll

[2010/02/10 11:24:55 | 000,158,208 | ---- | C] () -- C:\Windows\SysNative\mscorier.dll

[2010/02/10 11:24:48 | 000,076,288 | ---- | C] () -- C:\Windows\SysNative\mscories.dll

[2010/01/30 08:24:17 | 000,086,722 | -HS- | C] () -- C:\Windows\SysWow64\nomukipo.exe

[2010/01/19 11:57:32 | 000,000,583 | ---- | C] () -- C:\Users\chadderack\Desktop\GoldWave.lnk

[2010/01/12 14:18:24 | 003,645,952 | ---- | C] () -- C:\Windows\SysWow64\ffdshow.ax

[2010/01/12 14:18:20 | 001,409,890 | ---- | C] () -- C:\Windows\SysWow64\ffmpegmt.dll

[2010/01/12 14:18:18 | 000,882,688 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/01/12 14:18:18 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll

[2010/01/12 14:18:16 | 004,507,983 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll

[2010/01/12 14:18:10 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll

[2010/01/12 14:18:10 | 000,336,384 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll

[2010/01/12 14:18:10 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll

[2010/01/12 14:18:10 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll

[2010/01/12 14:18:10 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll

[2010/01/12 14:18:10 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll

[2010/01/12 14:18:08 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll

[2010/01/12 14:18:08 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\ff_tremor.dll

[2010/01/12 14:18:08 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll

[2010/01/12 14:18:08 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll

[2010/01/12 14:12:36 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2009/12/31 18:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll

[2009/12/31 18:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll

[2009/12/01 01:28:05 | 000,187,883 | ---- | C] () -- C:\Users\chadderack\L4D2_Box.jpg

[2009/11/14 12:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll

[2009/11/14 12:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe

[2009/11/14 12:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll

[2009/11/14 12:12:02 | 000,550,400 | ---- | C] () -- C:\Windows\SysWow64\splitter.ax

[2009/11/14 12:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll

[2009/11/14 12:11:42 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll

[2009/11/14 12:11:42 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll

[2009/11/14 12:11:40 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll

[2009/11/14 12:11:40 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll

[2009/11/14 12:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll

[2009/11/14 12:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe

[2009/11/14 12:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe

[2009/11/14 12:11:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll

[2009/11/14 12:11:32 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll

[2009/10/22 21:51:53 | 000,000,307 | ---- | C] () -- C:\Windows\ulead32.ini

[2009/07/17 23:43:40 | 000,700,416 | ---- | C] () -- C:\Windows\SysWow64\mcs_cor1.dll

[2009/07/17 23:43:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\mcs_cor2.dll

[2009/07/17 23:43:40 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\mcs_vfw.dll

[2009/06/14 11:53:19 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll

[2009/06/14 11:53:19 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll

[2009/06/14 11:53:19 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll

[2009/05/07 13:04:37 | 000,010,856 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys

[2009/03/24 17:55:25 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2009/03/09 22:11:06 | 000,709,336 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/01/10 16:15:44 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini

[2008/12/03 16:11:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest

[2008/10/07 11:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 11:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/06/05 10:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008/04/28 10:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2008/01/20 20:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2007/10/13 03:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

[2006/11/06 15:30:38 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll

[2004/10/26 16:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\SysWow64\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FFE0B1EF

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A2947BEA

< End of report >

==========================================================

EXTRAS:

OTL Extras logfile created on: 5/1/2010 2:47:04 PM - Run 1

OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\chadderack\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.37 Gb Total Space | 66.87 Gb Free Space | 23.35% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: GATEWAY-2-AWESM

Current User Name: chadderack

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1681174169-2105093525-2007768027-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1681174169-2105093525-2007768027-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found

"C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files (x86)\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E3F4EDC-3AA1-48FE-A6FE-58ACED2BC5C5}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1252D8AD-CD5E-4D8D-8EC0-7CED0F4E61D7}" = lport=137 | protocol=17 | dir=in | app=system |

"{2215DEFF-06ED-4207-AC20-F4D042F92C76}" = lport=138 | protocol=17 | dir=in | app=system |

"{3900214A-6EE0-4AA1-9A9A-5566D4A8D6B1}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |

"{4AF4F78C-B603-404E-80D8-1015A8064D11}" = rport=137 | protocol=17 | dir=out | app=system |

"{50D9E8A7-2AC0-409B-932A-EEB87662504C}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |

"{525C336C-52BD-42DA-AC91-ED36D10B4B26}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5A963EA9-F1D1-4275-95D4-AC0F9C0092FD}" = lport=15918 | protocol=6 | dir=in | name=utor1 |

"{5E5DBF99-6846-4AD7-9311-AD4234B9630B}" = lport=445 | protocol=6 | dir=in | app=system |

"{96B527F9-A19F-4BB3-A8BC-D730D4E1C675}" = rport=445 | protocol=6 | dir=out | app=system |

"{A5166A0F-4D60-4EDD-BCDA-A8FA3C086082}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{D8DF7668-5B03-46D0-A1CF-700C3A4D608B}" = lport=139 | protocol=6 | dir=in | app=system |

"{ECE0FD5B-6F00-4FE9-AFE6-A3C7A1973908}" = rport=138 | protocol=17 | dir=out | app=system |

"{EF7D4E2C-1333-494A-BEDB-170D95CEDBEE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{F5F462EC-1C6B-4FBC-9AFC-4712278713FC}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{007F2360-884D-4663-B2D3-0B45D48AFD05}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |

"{01540CA7-213D-43D8-ABF5-F83C83203C6D}" = protocol=6 | dir=in | app=c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe |

"{0654E5C3-2436-4A5A-BF7A-55CEF9CD98A7}" = protocol=17 | dir=in | app=c:\program files (x86)\google\update\googleupdate.exe |

"{0B589BF3-9ED7-42FD-9403-E0AE63696AE1}" = protocol=6 | dir=in | app=c:\users\chadderack\appdata\roaming\bdb0581f58b7a2376f6293a3c0a74405\gotnewupdate000.exe |

"{142D8F69-37D6-40D9-AEA3-82F71B405C7C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |

"{1CA700E1-2359-480D-98A7-55048B552A90}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{1FAE5E2C-784B-4AE6-BD29-B1D69E6C46EA}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"{2B611920-91D1-44B3-B30C-1D126658E0A2}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd\pdvdserv.exe |

"{2C1A673D-6A0B-45C4-8169-FF9A278F10CC}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{2F0F6A7C-040C-4844-B87D-0E1CB481FFEB}" = protocol=17 | dir=in | app=c:\users\chadderack\local apps\utorrent.exe |

"{3128AEEC-323D-456D-93F6-752279F44C66}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd\pdvdserv.exe |

"{31340184-9E99-430C-918E-A63FAD5E3F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |

"{36DC7C6E-1205-43AD-A154-9BF200BDD4FB}" = protocol=17 | dir=in | app=c:\windows\syswow64\net.net |

"{44DB6658-550F-4601-9371-3FD1DC865CEB}" = protocol=6 | dir=in | app=c:\users\chadderack\appdata\roaming\bdb0581f58b7a2376f6293a3c0a74405\gotnewupdate000.exe |

"{480ED446-6C64-47E2-A373-8D26145700B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg9\avgtray.exe |

"{4CA2FFE2-5BF0-4DBD-99E2-20ADD840CE64}" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost.exe |

"{50DCB6FD-FA9D-4F17-ACDC-ACD9D300ED27}" = protocol=17 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd\pdvdserv.exe |

"{518FA00E-2A69-4FCC-A99C-095E4EC52CBA}" = protocol=17 | dir=in | app=c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe |

"{52D0EABE-A6C7-4C67-A378-720EA5CDB148}" = protocol=6 | dir=in | app=c:\users\chadderack\local apps\utorrent.exe |

"{58B0EE02-C370-49E1-B46C-56BACA9AE9FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{605FE9A3-D2FB-49D6-B32F-E0FAC724A912}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{622699A9-09FF-4C84-86A1-64E505A1C802}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{6E61C85D-F88B-4BBF-BF21-90AEF7DB8879}" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe |

"{700FF772-51FE-4F84-BB12-A816E8A4639D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd\powerdvd.exe |

"{726E30C4-9D91-4FF9-904F-C87DAA2D42C8}" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe |

"{7EC9AF4A-0BCD-437A-8829-187A8B5B13C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{807DFB85-2B17-4DB7-8DDC-B322FC113BD3}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{8CC39054-56E3-4853-94D8-39BCAE3C8736}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{8CE267D1-7319-4752-9079-67CD7D6164C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{8EE77EE0-2E19-4894-9C58-1BFA406BE905}" = protocol=17 | dir=in | app=c:\program files (x86)\ipod\bin\ipodservice.exe |

"{90CBC37D-47CE-40B1-9B72-726B211469C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{98BC63D1-AEAD-4E46-871E-7EF3B47AAB8E}" = protocol=6 | dir=in | app=c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe |

"{98FFAD96-DF29-411F-948C-30DEACF234ED}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{9D89A3FC-BA9E-44A5-8E3B-447B8A88B4BA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{A0F6B97C-3965-454F-87B2-640991615AB9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A109ADC9-3BC1-4DB7-A234-3F9C4611CB93}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg9\avgtray.exe |

"{A1F07857-4591-4F2D-841C-5D27656D62CD}" = protocol=17 | dir=in | app=c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe |

"{A27D09D1-6C1A-4D2E-B136-A31D088CADEE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg9\avgtray.exe |

"{A31F1330-DE9A-4ADF-ABC2-2877DA3BAD2F}" = protocol=6 | dir=in | app=c:\program files (x86)\ipod\bin\ipodservice.exe |

"{A8092D71-010E-43E5-9C72-A0C0B3D5237E}" = dir=in | app=c:\program files (x86)\microsoft xna\xna game studio\v3.0\bin\xnaliveproxy.exe |

"{AE7691FF-44C6-4AFF-876A-A0675C919B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\cyberlink\powerdvd\pdvdserv.exe |

"{B49529C6-88BC-4292-919D-A7C641203464}" = protocol=6 | dir=in | app=c:\program files (x86)\ipod\bin\ipodservice.exe |

"{BEF34EEC-CB0A-4760-9B63-7181BEDF0606}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\rm.exe |

"{C1221B54-891D-4B5E-B33D-132F2355E2EE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{C38281F5-2950-47A1-83A6-4DFFCDAC4C92}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\umi.exe |

"{D1B8B7D1-346E-4AD6-88AA-0D78C1150336}" = protocol=17 | dir=in | app=c:\users\chadderack\appdata\roaming\bdb0581f58b7a2376f6293a3c0a74405\gotnewupdate000.exe |

"{D295B9CE-FC47-43E8-9F5F-229BDCAA9EAC}" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\microsoft\windows\start menu\programs\startup\svchost.exe |

"{D8872087-F059-4FB4-9BB3-4552AAD0F52F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |

"{D8E84C74-9651-4027-A083-CD71E86AF00D}" = protocol=6 | dir=in | app=c:\windows\syswow64\net.net |

"{DC8112A7-CB44-4866-BB00-D249F3D05742}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

"{DE3BF8B9-C274-4C76-BC74-525562E4B8D6}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"{E0E1A260-F66B-4C0D-8E9A-71E6D7C735C2}" = protocol=17 | dir=in | app=c:\program files (x86)\ipod\bin\ipodservice.exe |

"{E4512ED0-D9F7-449C-8656-3876D0BDBD4E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{E4E44B2E-E9B9-4143-814A-2DF3F036B244}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{EA4299DC-6C51-4A77-8EAD-224BF98FEF17}" = protocol=17 | dir=in | app=c:\users\chadderack\appdata\roaming\bdb0581f58b7a2376f6293a3c0a74405\gotnewupdate000.exe |

"{EBB0C67B-FD96-408D-8419-D790F371D63C}" = protocol=6 | dir=in | app=c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe |

"{F0D611C6-5ACA-4E63-92EC-410CE93F1B96}" = protocol=17 | dir=in | app=c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe |

"{F3B05B03-1F2E-4E00-9FF2-100421C571FF}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"{F477090C-9CCB-4430-A2C0-AC3D981EE975}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"{FBFBBDBF-2D90-4EC0-8358-D99F0AF5C31D}" = dir=in | app=c:\program files (x86)\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |

"{FC068221-6420-48C7-9CE8-3038DB102B41}" = protocol=6 | dir=in | app=c:\program files (x86)\google\update\googleupdate.exe |

"{FCD02C54-FC89-4819-88C1-F8F23753B7A6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg9\avgtray.exe |

"TCP Query User{023AC80D-E285-4A9A-A3A9-3624D2F5CAD4}C:\program files (x86)\pinnacle\studio 12\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"TCP Query User{7986FD71-42C3-4E2D-88BA-0E04D743CF9A}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"TCP Query User{8C97D0AA-58CF-4F34-A64E-347EE771A675}C:\program files (x86)\autodesk\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\maya2009\bin\maya.exe |

"TCP Query User{AE6DFD5F-801C-4385-B3D8-BBC34668BA68}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{C05D3729-B51F-45F1-A78E-6FB82035D06E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"TCP Query User{D04D6C24-7D03-4697-88C2-64DDD8C52534}C:\users\chadderack\local apps\utorrent.exe" = protocol=6 | dir=in | app=c:\users\chadderack\local apps\utorrent.exe |

"TCP Query User{E207DE43-EFAD-4968-878A-5AB49928D6CA}C:\program files (x86)\autodesk\maya2009\bin\maya.exe" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\maya2009\bin\maya.exe |

"TCP Query User{E978DA7E-4D93-482F-97A3-728F9FBE2681}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |

"UDP Query User{03830C6C-FE82-4101-9E48-1C772D87C07B}C:\users\chadderack\local apps\utorrent.exe" = protocol=17 | dir=in | app=c:\users\chadderack\local apps\utorrent.exe |

"UDP Query User{0B76F532-03DD-4991-81ED-6BAA2174A35B}C:\program files (x86)\autodesk\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\maya2009\bin\maya.exe |

"UDP Query User{4A98521C-25E0-402C-B406-DB3256599B61}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"UDP Query User{4BD1CC8B-D6D2-4CCE-9B59-EB4A96739AC6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{5F3EC363-E120-4721-8A28-9DE99519E0AB}C:\program files (x86)\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pfportchecker\pfportchecker.exe |

"UDP Query User{70B423B9-4CDD-41C1-9ED1-B75EA9860ABA}C:\program files (x86)\pinnacle\studio 12\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 12\programs\studio.exe |

"UDP Query User{BA19D280-E62B-44EB-9A17-1ED7E3540AD0}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"UDP Query User{BBF33C98-B05B-4695-8BF5-64DB56CC472E}C:\program files (x86)\autodesk\maya2009\bin\maya.exe" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\maya2009\bin\maya.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}" = Motorola Driver Installation

"{1B918A92-A0BC-4B34-B2EF-AD427332732D}" = Microsoft SQL Server Management Studio Express

"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

"{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus

"{4322C618-94E5-3EB0-8BA5-4675C4803C34}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU

"{4C00EC96-D644-41AD-91D3-A9CE4382C80E}" = Driver Installer

"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer

"{5254156F-AA77-499A-B7C1-D5581D44E788}" = Marvell Miniport Driver

"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pinnacle Video Driver

"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools

"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Driver

"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.