Jump to content

Recommended Posts

Hello,

I'm having a problem with firefox and internet explorer, sometimes the browsers won't start when I double click on the program icons (the process will show up in the task manager, but a new window won't open), sometimes I get redirected to some random websites, and other times when I click on a google search result, it will take me to the wrong website. Please help! Here are my logs. Thanks in advance!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4849

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/18/2010 11:49:06 AM

mbam-log-2010-10-18 (11-49-06).txt

Scan type: Full scan (C:\|)

Objects scanned: 376744

Time elapsed: 1 hour(s), 1 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAQV2D91\fpss2[1].exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JAQV2D91\fpss2[1].exe (Trojan.Dropper.Gen) -> Quarantined and deleted successfully.

==================================================

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by glasseye at 15:23:45.95 on Mon 10/18/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1852 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\bgsvcgen.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe

C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\STacSV64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\PrintIsolationHost.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\glasseye\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = https://limeportal.ivans.com/Login.aspx?Asp...CookieSupport=1

uInternet Settings,ProxyOverride = *.local

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [AdobeBridge]

uRun: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe" -show

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\RealMedia\Update_OB\realsched.exe" -osboot

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe

mRun: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

StartupFolder: C:\Users\glasseye\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IVANSR~1.LNK - C:\Windows\Installer\{433657FC-710A-4A06-85FD-709C3F98D3DB}\NetGM1_89563E53ECF44E868145468A128BDC83.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: ivans.com\limeportal

Trusted Zone: line6.net

DPF: {037790A6-1576-11D6-903D-00105AABADD3} - hxxps://limeportal.ivans.com/controls/sglw2hcm.ocx

TCP: {4832873E-CF53-42B3-AA21-79FC427188DE} = 165.87.13.129,165.87.201.244

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\glasseye\AppData\Roaming\Mozilla\Firefox\Profiles\wj9ovns6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-9 55280]

R0 Si3531;SiI-3531 SATA Controller;C:\Windows\System32\drivers\Si3531.sys [2009-2-9 333864]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-18 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-18 267432]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-18 81072]

R2 NetClientSvc;AT&T Global Network Client Service;C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe [2009-5-5 336152]

R2 NetLogSvc;AT&T Global Network Client Logging Service;C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe [2009-5-5 68888]

R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-10-31 3197440]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-4 346144]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-6-10 304464]

S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-2-18 462632]

S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2010-5-3 24576]

S3 L6PODLV;PODxt Live Service;C:\Windows\System32\drivers\L6PODLV64.sys [2010-9-7 770816]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-6-10 24664]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2010-4-19 22528]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-18 19:00:03 -------- d-----w- C:\Users\glasseye\AppData\Roaming\Avira

2010-10-18 18:54:19 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2010-10-18 18:54:18 -------- d-----w- C:\Program Files (x86)\Avira

2010-10-18 18:54:18 -------- d-----w- C:\PROGRA~3\Avira

2010-10-17 05:00:59 -------- d-----w- C:\Program Files (x86)\ESET

2010-10-16 01:14:04 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign

2010-10-16 00:28:31 -------- d-----w- C:\PROGRA~3\Line 6

2010-10-16 00:20:15 -------- d-----w- C:\Users\glasseye\AppData\Roaming\Line 6

2010-10-16 00:20:04 -------- d-----w- C:\Program Files (x86)\Line6

2010-10-05 20:40:17 -------- d-----w- C:\Program Files\iTunes

2010-10-05 20:40:17 -------- d-----w- C:\Program Files\iPod

2010-10-05 20:40:17 -------- d-----w- C:\Program Files (x86)\iTunes

2010-09-29 23:06:23 644400 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2010-09-29 23:06:23 413760 ----a-w- C:\Windows\SysWow64\MPG4C32.dll

2010-09-29 23:06:23 239888 ----a-w- C:\Windows\SysWow64\mpg4ds32.ax

2010-09-29 23:06:23 1242552 ----a-w- C:\Windows\SysWow64\NMSDVDXU.dll

2010-09-29 23:06:23 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL

2010-09-29 23:06:12 -------- d-----w- C:\Program Files (x86)\CMS

2010-09-29 22:22:21 -------- d-----w- C:\Output Files

2010-09-29 22:18:46 -------- d-----w- C:\Program Files (x86)\office Convert Excel to Image Jpg Jpeg Free

==================== Find3M ====================

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-07 22:45:10 1267200 ----a-w- C:\Windows\System32\L6DriverControlPanel.cpl

2010-09-07 22:45:04 770816 ----a-w- C:\Windows\System32\drivers\L6PODLV64.sys

2010-09-07 22:45:02 218112 ----a-w- C:\Windows\System32\l6podlv_x64.dll

2010-09-07 22:45:02 180224 ----a-w- C:\Windows\SysWow64\l6podlv.dll

2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll

2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 15:24:57.80 ===============

Attach.zip

Link to post
Share on other sites

Hello ,

And :) My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)

Thanks and again sorry for the delay.

Link to post
Share on other sites

Hello Elise! The problems seem to be centered around my web browsers. Right now when I try to open up Internet Explorer, a window will open but then hangs and never opens a web page. On the top it says "Windows Internet Explorer (Not Responding)". Then when I use Firefox, sometimes when I double-click on the icon it will show that a firefox.exe process opens up in my task manager, but there is no Firefox window. I have to double-click several times and open up several firefox processes before I get a Firefox window that actually opens. If I do a google search within Firefox, when I click on one of the results, sometimes it will take me to a webpage other than the one I clicked on... if I click on the back button and click on the same link a second time, it normally takes me to the correct webpage. What also happens is if I click on a link (happens on even well known established websites) it will open another tab with some random webpage and tell me I need to click "OK" to get rid of my financial debt or something similar.

Here are the logs...

OTL logfile created on: 10/19/2010 7:26:33 AM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\glasseye\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195.21 Gb Total Space | 111.44 Gb Free Space | 57.09% Space Free | Partition Type: NTFS

Drive D: | 48.83 Gb Total Space | 24.55 Gb Free Space | 50.27% Space Free | Partition Type: NTFS

Drive E: | 221.62 Gb Total Space | 201.39 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 15.10 Gb Free Space | 3.24% Space Free | Partition Type: NTFS

Drive I: | 1.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 3.74 Gb Total Space | 3.43 Gb Free Space | 91.54% Space Free | Partition Type: FAT32

Computer Name: GLASSEYE-FX | User Name: glasseye | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/19 07:25:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\glasseye\Desktop\OTL.exe

PRC - [2010/09/17 17:08:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/05/03 19:38:22 | 000,550,232 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2010/05/03 19:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2010/04/29 12:19:20 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

PRC - [2009/05/05 11:57:16 | 000,068,888 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe

PRC - [2009/05/05 11:57:14 | 000,437,528 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe

PRC - [2009/05/05 11:57:10 | 000,336,152 | ---- | M] (AT&T) -- C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe

PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

PRC - [2007/11/16 19:20:26 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe

PRC - [2007/08/14 17:30:16 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2006/12/28 05:18:16 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\Windows\SysWOW64\bgsvcgen.exe

========== Modules (SafeList) ==========

MOD - [2010/10/19 07:25:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\glasseye\Desktop\OTL.exe

MOD - [2009/07/13 18:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll

MOD - [2009/07/13 18:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll

MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007/11/10 08:24:36 | 000,242,688 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\stacsv64.exe -- (STacSV)

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/20 15:43:00 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/05/03 19:00:18 | 001,156,440 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2010/04/29 12:19:20 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2009/12/15 00:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/05/05 11:57:16 | 000,068,888 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe -- (NetLogSvc)

SRV - [2009/05/05 11:57:14 | 000,437,528 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe -- (netcfgsvr)

SRV - [2009/05/05 11:57:10 | 000,336,152 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe -- (NetClientSvc)

SRV - [2006/12/28 05:18:16 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/07 15:45:04 | 000,770,816 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODLV64.sys -- (L6PODLV)

DRV:64bit: - [2010/05/03 18:54:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)

DRV:64bit: - [2010/04/29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/04/19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)

DRV:64bit: - [2010/04/10 11:39:35 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/03/04 13:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 11:42:46 | 000,331,264 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agnfilt.sys -- (agnfilt)

DRV:64bit: - [2009/05/05 11:42:46 | 000,014,848 | ---- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avpnnic.sys -- (avpnnic)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2009/02/09 17:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)

DRV:64bit: - [2009/02/09 17:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)

DRV:64bit: - [2009/02/09 17:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)

DRV:64bit: - [2007/11/10 08:25:58 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2007/10/31 13:44:38 | 003,197,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw4v64.sys -- (NETw4v64) Intel®

DRV:64bit: - [2007/07/16 11:20:20 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2007/07/16 11:20:20 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2007/07/16 11:20:18 | 000,088,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2007/02/15 23:50:16 | 000,297,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

DRV - [2007/11/03 00:12:32 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})

DRV - [2006/02/20 03:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://limeportal.ivans.com/Login.aspx?Asp...CookieSupport=1

IE - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 67 13 01 32 D8 CA 01 [binary data]

IE - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/05 12:44:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/05 13:38:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/05 13:38:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/10/05 13:38:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/05/17 08:51:45 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Mozilla\Extensions

[2010/05/17 08:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\glasseye\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010/10/17 21:56:45 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Mozilla\Firefox\Profiles\wj9ovns6.default\extensions

[2010/10/15 17:01:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\glasseye\AppData\Roaming\Mozilla\Firefox\Profiles\wj9ovns6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/04/09 15:25:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/01/06 00:27:44 | 000,060,928 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll

O1 HOSTS File: ([2010/05/05 09:16:25 | 000,001,429 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 ood.opsource.net

O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 OCSP.SPO1.VERISIGN.COM

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems Incorporated.)

O3 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.

O3 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\RealMedia\Update_OB\realsched.exe File not found

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000..\Run: [NetSP - restore settings on power failure] C:\Program Files (x86)\AT&T Global Network Client\NetSP.exe (AT&T)

O4 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - Startup: C:\Users\glasseye\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\..Trusted Domains: ivans.com ([limeportal] * in Trusted sites)

O15 - HKU\S-1-5-21-1930203363-3023794609-920765304-1000\..Trusted Domains: line6.net ([]* in Trusted sites)

O16 - DPF: {037790A6-1576-11D6-903D-00105AABADD3} https://limeportal.ivans.com/controls/sglw2hcm.ocx (BlueZone Web-to-Host Control Module v5)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/19 07:25:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\glasseye\Desktop\OTL.exe

[2010/10/18 12:00:03 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\Avira

[2010/10/18 11:54:19 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/10/18 11:54:19 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/10/18 11:54:19 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/10/18 11:54:19 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/10/18 11:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/10/18 11:54:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/10/16 22:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/10/16 21:50:45 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/10/15 18:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign

[2010/10/15 17:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6

[2010/10/15 17:20:15 | 000,000,000 | ---D | C] -- F:\My Documents\Line 6

[2010/10/15 17:20:15 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\Line 6

[2010/10/15 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Line6

[2010/10/07 11:06:41 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\vlc

[2010/10/05 13:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/10/05 13:40:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/10/05 13:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/10/05 13:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/10/05 13:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/09/29 16:06:23 | 001,242,552 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\SysWow64\NMSDVDXU.dll

[2010/09/29 16:06:23 | 000,413,760 | ---- | C] (Microcrap Corporation) -- C:\Windows\SysWow64\MPG4C32.dll

[2010/09/29 16:06:23 | 000,239,888 | ---- | C] (Microcrap Corporation) -- C:\Windows\SysWow64\mpg4ds32.ax

[2010/09/29 16:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CMS

[2010/09/29 15:22:21 | 000,000,000 | ---D | C] -- C:\Output Files

[2010/09/29 15:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\office Convert Excel to Image Jpg Jpeg Free

[2010/09/07 15:45:10 | 001,267,200 | ---- | C] (Line 6, Inc.) -- C:\Windows\SysNative\L6DriverControlPanel.cpl

[2010/09/07 15:45:04 | 000,770,816 | ---- | C] (Line 6) -- C:\Windows\SysNative\drivers\L6PODLV64.sys

[2010/09/07 15:45:02 | 000,218,112 | ---- | C] (Line 6) -- C:\Windows\SysNative\l6podlv_x64.dll

[2010/09/07 15:45:02 | 000,180,224 | ---- | C] (Line 6) -- C:\Windows\SysWow64\l6podlv.dll

[2010/09/06 20:40:16 | 000,000,000 | ---D | C] -- C:\Users\glasseye\Desktop\New folder

[2010/09/05 12:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2010/08/31 12:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AT&T Global Network Client

[2010/08/28 12:50:38 | 000,000,000 | ---D | C] -- C:\Users\glasseye\Desktop\glasseyes 3g backup

[2010/08/27 16:18:09 | 000,000,000 | ---D | C] -- F:\My Documents\BlueZone

[2010/08/27 16:18:08 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\BlueZone Web

[2010/08/27 16:18:08 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\BlueZone

[2010/08/25 14:37:54 | 000,000,000 | ---D | C] -- C:\Users\glasseye\Desktop\Twixtor5AEManual

[2010/08/24 16:37:05 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\com.adobe.bridge.PublishPanel

[2010/08/23 10:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Panasonic

[2010/08/23 10:46:40 | 000,122,512 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\bgsvcgen.exe

[2010/08/23 10:46:40 | 000,056,976 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\GenSvcInst.exe

[2010/08/23 10:46:40 | 000,049,152 | ---- | C] (BHA) -- C:\Windows\SysWow64\setupsvc.dll

[2010/08/23 10:46:40 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\drivers\cdrbsdrv.sys

[2010/08/23 10:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2010/08/23 10:44:22 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\InstallShield

[2010/08/21 06:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWave

[2010/08/21 06:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoldWave

[2010/08/20 00:05:35 | 000,000,000 | ---D | C] -- C:\Users\glasseye\Desktop\Desktop Bin

[2010/08/17 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\glasseye\AppData\Roaming\Amazon

[2010/08/17 23:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2010/08/13 06:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xiph.Org

[2010/08/12 10:34:15 | 000,000,000 | ---D | C] -- F:\My Documents\VirtualDJ

[2010/08/12 10:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirtualDJ

[2010/07/26 12:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netpromax

[2010/07/21 14:17:26 | 000,000,000 | ---D | C] -- C:\Users\glasseye\Desktop\DXL Battle Championship Graphics

[2010/04/10 11:39:35 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\glasseye\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 90 Days ==========

[2010/10/19 07:28:34 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/19 07:28:34 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/19 07:25:54 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\glasseye\Desktop\OTL.exe

[2010/10/19 07:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/19 07:23:06 | 2414,669,824 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/18 16:47:25 | 000,057,407 | ---- | M] () -- C:\Users\glasseye\Desktop\Edco Invoice 20101018.pdf

[2010/10/18 16:17:19 | 000,013,710 | ---- | M] () -- C:\Users\glasseye\Desktop\Attach.zip

[2010/10/18 15:51:15 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/18 15:51:15 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/18 15:51:15 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/18 15:26:40 | 000,294,912 | ---- | M] () -- C:\Users\glasseye\Desktop\2k3iulwo.exe

[2010/10/18 15:23:24 | 000,544,768 | ---- | M] () -- C:\Users\glasseye\Desktop\dds.scr

[2010/10/18 15:20:18 | 000,000,000 | ---- | M] () -- C:\Users\glasseye\defogger_reenable

[2010/10/18 15:20:03 | 000,050,477 | ---- | M] () -- C:\Users\glasseye\Desktop\Defogger.exe

[2010/10/18 11:54:28 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/10/17 22:07:49 | 235,678,189 | ---- | M] () -- C:\Users\glasseye\Desktop\iPod1,1_3.1.3_7E18_Restore.ipsw

[2010/10/16 08:32:21 | 000,089,542 | ---- | M] () -- C:\Users\glasseye\Desktop\37950_1654649172345_1420548722_31680773_2946405_n.jpg

[2010/10/16 08:30:15 | 000,074,500 | ---- | M] () -- C:\Users\glasseye\Desktop\72475_1654505208746_1420548722_31680295_2829028_n.jpg

[2010/10/16 08:02:55 | 000,355,157 | ---- | M] () -- C:\Users\glasseye\Desktop\gp_win_rc3.zip

[2010/10/15 18:14:04 | 000,000,032 | ---- | M] () -- C:\Windows\GearBox.ini

[2010/10/06 16:47:23 | 010,541,346 | ---- | M] () -- C:\Users\glasseye\Desktop\the edmonton yo-yo club.psd

[2010/10/06 12:30:00 | 000,055,693 | ---- | M] () -- C:\Users\glasseye\Desktop\the-edmonton-yo-yo-club.jpg

[2010/10/06 12:30:00 | 000,001,456 | ---- | M] () -- C:\Users\glasseye\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/10/05 13:30:58 | 000,002,515 | ---- | M] () -- C:\Users\glasseye\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/09/29 15:40:54 | 000,056,951 | ---- | M] () -- F:\My Documents\Edco 3510.pdf

[2010/09/29 15:32:03 | 000,056,423 | ---- | M] () -- F:\My Documents\Edco 3509.pdf

[2010/09/29 15:27:57 | 000,057,136 | ---- | M] () -- F:\My Documents\Edco 3508.pdf

[2010/09/29 15:22:33 | 000,062,976 | ---- | M] () -- F:\My Documents\Edco.xls

[2010/09/23 13:59:13 | 000,000,600 | ---- | M] () -- C:\Users\glasseye\AppData\Roaming\winscp.rnd

[2010/09/22 17:43:55 | 000,060,110 | ---- | M] () -- C:\Users\glasseye\Desktop\DuncanToysCounterweightPlayQA.pdf

[2010/09/07 15:45:10 | 001,267,200 | ---- | M] (Line 6, Inc.) -- C:\Windows\SysNative\L6DriverControlPanel.cpl

[2010/09/07 15:45:04 | 000,770,816 | ---- | M] (Line 6) -- C:\Windows\SysNative\drivers\L6PODLV64.sys

[2010/09/07 15:45:02 | 000,218,112 | ---- | M] (Line 6) -- C:\Windows\SysNative\l6podlv_x64.dll

[2010/09/07 15:45:02 | 000,180,224 | ---- | M] (Line 6) -- C:\Windows\SysWow64\l6podlv.dll

[2010/09/06 00:59:59 | 022,842,889 | ---- | M] () -- C:\Users\glasseye\Desktop\Thomas Tilt and Go (v1.01 arm6 arm7 os30)-most_uniQue.ipa

[2010/09/05 17:19:03 | 1705,609,960 | ---- | M] () -- C:\Users\glasseye\Desktop\Tomtom USCAMX v1.3.ipa

[2010/09/02 16:02:04 | 000,001,453 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.noapple

[2010/08/31 12:24:52 | 000,002,627 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IVANS Remote Access Monitor.lnk

[2010/08/30 13:30:42 | 000,081,453 | ---- | M] () -- C:\Users\glasseye\Desktop\6371824_Yo_yo_and_method_for_using_a_yo_.pdf

[2010/08/26 11:39:44 | 003,198,837 | ---- | M] () -- C:\Users\glasseye\Desktop\IVANS_LIME_Portal_User_Guide.pdf

[2010/08/18 13:26:09 | 000,038,099 | ---- | M] () -- F:\My Documents\Allied Invoive.xlsx

[2010/08/16 14:43:07 | 000,011,225 | ---- | M] () -- F:\My Documents\Sponsor List.docx

[2010/08/12 18:57:29 | 005,033,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/08/12 10:34:18 | 000,001,028 | ---- | M] () -- C:\Users\glasseye\Desktop\Virtual DJ.lnk

[2010/08/09 16:02:32 | 000,011,794 | ---- | M] () -- F:\My Documents\CHECKLIST FOR CLOSING THE OFFICE.docx

[2010/08/03 17:25:36 | 000,012,262 | ---- | M] () -- F:\My Documents\DXL BATTLE MAIN EVENT.docx

========== Files Created - No Company Name ==========

[2010/10/18 16:47:23 | 000,057,407 | ---- | C] () -- C:\Users\glasseye\Desktop\Edco Invoice 20101018.pdf

[2010/10/18 16:17:19 | 000,013,710 | ---- | C] () -- C:\Users\glasseye\Desktop\Attach.zip

[2010/10/18 15:26:40 | 000,294,912 | ---- | C] () -- C:\Users\glasseye\Desktop\2k3iulwo.exe

[2010/10/18 15:23:23 | 000,544,768 | ---- | C] () -- C:\Users\glasseye\Desktop\dds.scr

[2010/10/18 15:20:18 | 000,000,000 | ---- | C] () -- C:\Users\glasseye\defogger_reenable

[2010/10/18 15:20:02 | 000,050,477 | ---- | C] () -- C:\Users\glasseye\Desktop\Defogger.exe

[2010/10/18 11:54:28 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk

[2010/10/17 21:56:10 | 235,678,189 | ---- | C] () -- C:\Users\glasseye\Desktop\iPod1,1_3.1.3_7E18_Restore.ipsw

[2010/10/16 08:32:20 | 000,089,542 | ---- | C] () -- C:\Users\glasseye\Desktop\37950_1654649172345_1420548722_31680773_2946405_n.jpg

[2010/10/16 08:30:13 | 000,074,500 | ---- | C] () -- C:\Users\glasseye\Desktop\72475_1654505208746_1420548722_31680295_2829028_n.jpg

[2010/10/16 08:02:50 | 000,355,157 | ---- | C] () -- C:\Users\glasseye\Desktop\gp_win_rc3.zip

[2010/10/15 18:14:04 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini

[2010/10/06 12:13:23 | 000,055,693 | ---- | C] () -- C:\Users\glasseye\Desktop\the-edmonton-yo-yo-club.jpg

[2010/10/04 16:03:47 | 010,541,346 | ---- | C] () -- C:\Users\glasseye\Desktop\the edmonton yo-yo club.psd

[2010/09/29 16:06:23 | 000,002,203 | ---- | C] () -- C:\Windows\SysWow64\MPG4Inst.inf

[2010/09/29 15:40:54 | 000,056,951 | ---- | C] () -- F:\My Documents\Edco 3510.pdf

[2010/09/29 15:32:03 | 000,056,423 | ---- | C] () -- F:\My Documents\Edco 3509.pdf

[2010/09/29 15:27:56 | 000,057,136 | ---- | C] () -- F:\My Documents\Edco 3508.pdf

[2010/09/29 15:19:27 | 000,062,976 | ---- | C] () -- F:\My Documents\Edco.xls

[2010/09/22 17:43:53 | 000,060,110 | ---- | C] () -- C:\Users\glasseye\Desktop\DuncanToysCounterweightPlayQA.pdf

[2010/09/13 10:54:47 | 1705,609,960 | ---- | C] () -- C:\Users\glasseye\Desktop\Tomtom USCAMX v1.3.ipa

[2010/09/06 08:08:07 | 022,842,889 | ---- | C] () -- C:\Users\glasseye\Desktop\Thomas Tilt and Go (v1.01 arm6 arm7 os30)-most_uniQue.ipa

[2010/09/05 12:08:35 | 000,002,515 | ---- | C] () -- C:\Users\glasseye\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2010/08/31 12:24:52 | 000,002,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IVANS Remote Access Monitor.lnk

[2010/08/30 13:30:41 | 000,081,453 | ---- | C] () -- C:\Users\glasseye\Desktop\6371824_Yo_yo_and_method_for_using_a_yo_.pdf

[2010/08/26 11:39:25 | 003,198,837 | ---- | C] () -- C:\Users\glasseye\Desktop\IVANS_LIME_Portal_User_Guide.pdf

[2010/08/23 10:46:40 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\BHARegister.dll

[2010/08/18 13:22:52 | 000,038,099 | ---- | C] () -- F:\My Documents\Allied Invoive.xlsx

[2010/08/12 10:34:18 | 000,001,028 | ---- | C] () -- C:\Users\glasseye\Desktop\Virtual DJ.lnk

[2010/08/09 16:02:31 | 000,011,794 | ---- | C] () -- F:\My Documents\CHECKLIST FOR CLOSING THE OFFICE.docx

[2010/08/03 17:25:35 | 000,012,262 | ---- | C] () -- F:\My Documents\DXL BATTLE MAIN EVENT.docx

[2010/08/02 16:29:12 | 000,011,225 | ---- | C] () -- F:\My Documents\Sponsor List.docx

[2010/06/09 21:44:05 | 000,002,299 | ---- | C] () -- C:\Users\glasseye\AppData\Roaming\ASSDraw3.cfg

[2010/05/28 23:43:57 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll

[2010/05/28 23:36:19 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/05/28 20:20:37 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll

[2010/05/07 23:39:47 | 000,004,121 | ---- | C] () -- C:\Program Files (x86)\mbsuite21.log

[2010/05/05 16:49:14 | 000,001,456 | ---- | C] () -- C:\Users\glasseye\AppData\Local\Adobe Save for Web 12.0 Prefs

[2010/04/22 14:20:05 | 000,000,600 | ---- | C] () -- C:\Users\glasseye\AppData\Roaming\winscp.rnd

[2010/04/16 14:41:52 | 000,000,600 | ---- | C] () -- C:\Users\glasseye\AppData\Local\PUTTY.RND

[2010/04/12 11:49:05 | 000,001,375 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010/04/10 11:39:59 | 000,000,034 | ---- | C] () -- C:\Users\glasseye\AppData\Roaming\pcouffin.log

[2010/04/10 11:39:35 | 000,099,384 | ---- | C] () -- C:\Users\glasseye\AppData\Roaming\inst.exe

[2010/04/10 11:39:35 | 000,007,859 | ---- | C] () -- C:\Users\glasseye\AppData\Roaming\pcouffin.cat

[2010/04/10 11:39:35 | 000,001,167 | ---- | C] () -- C:\Users\glasseye\AppData\Roaming\pcouffin.inf

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/05/05 11:42:40 | 000,192,490 | ---- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== LOP Check ==========

[2010/05/01 09:04:02 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\.ABC

[2010/06/05 21:52:18 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Aegisub

[2010/08/17 23:27:05 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Amazon

[2010/10/13 15:21:23 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\BlueZone

[2010/08/27 16:19:02 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\BlueZone Web

[2010/05/05 15:24:33 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/08/24 16:37:05 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\com.adobe.bridge.PublishPanel

[2010/04/13 15:54:39 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\DVDFab

[2010/07/07 12:40:52 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\HandBrake

[2010/10/15 18:14:04 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Line 6

[2010/06/28 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\mkvtoolnix

[2010/04/09 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\MPEG Streamclip

[2010/05/04 16:42:24 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\PACE Anti-Piracy

[2010/05/04 16:43:30 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\StageManager

[2010/06/10 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Thinstall

[2010/05/17 08:51:45 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Thunderbird

[2010/05/12 08:53:30 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1

[2010/10/14 15:02:44 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\uTorrent

[2010/04/10 11:39:59 | 000,000,000 | ---D | M] -- C:\Users\glasseye\AppData\Roaming\Vso

[2010/10/18 15:45:08 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 1073 bytes -> C:\Users\glasseye\AppData\Local\GT2kHa6R:xZOpj3THDOgbZLP9o

< End of report >

OTL Extras logfile created on: 10/19/2010 7:26:33 AM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\glasseye\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195.21 Gb Total Space | 111.44 Gb Free Space | 57.09% Space Free | Partition Type: NTFS

Drive D: | 48.83 Gb Total Space | 24.55 Gb Free Space | 50.27% Space Free | Partition Type: NTFS

Drive E: | 221.62 Gb Total Space | 201.39 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 15.10 Gb Free Space | 3.24% Space Free | Partition Type: NTFS

Drive I: | 1.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 3.74 Gb Total Space | 3.43 Gb Free Space | 91.54% Space Free | Partition Type: FAT32

Computer Name: GLASSEYE-FX | User Name: glasseye | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1930203363-3023794609-920765304-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5400

"{056B9C5B-2E8D-4EBC-941C-06C78A30ABB3}" = Microsoft_VC80_ATL_x86_x64

"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64

"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes

"{138D2BE4-7981-4F34-BA23-81B6B99D0DE6}" = Microsoft_VC80_MFCLOC_x86_x64

"{14A6AE78-F4D9-4E9A-B27B-BC1E47C93185}" = Trapcode Lux

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{3D46855F-7B71-4CF7-A270-62E0E4F05037}" = Microsoft_VC80_CRT_x86_x64

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{47A70BC0-BB3E-468B-9E01-56CCD6F2A911}" = Microsoft_VC80_MFC_x86_x64

"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer

"{6D14F459-DA76-42A5-982F-CDE6BC7D64B2}" = Trapcode Form

"{71AC1C1B-CF68-4380-B040-AFBDF381C481}" = Trapcode Starglow

"{7D8E431B-109F-47F6-B645-4CB469A8D8F3}" = HP OfficeJet L7300/L7500/7600/7700

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{9B9162E8-4274-4323-A31B-444ECA641B8A}" = Adobe Photoshop Lightroom 2 64-bit

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{C503B73F-3DE3-419D-9807-0282C340CDE8}" = Trapcode 3D Stroke

"{D4C0D93D-7924-486F-9B30-27ABD4EA3BB3}" = Trapcode Shine

"{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular

"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04BCB992-A9E6-427D-BC66-E92BB76BE97A}" = WD Discovery Software

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1485CD45-F42D-46A6-9CFE-24537E481F53}" = L7000_Basic

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10

"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{2FADDA3D-9174-4485-AA71-85A050DE1EFA}" = FXClient

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10

"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player

"{3EC92206-C4A6-49CF-A272-92F75CB1D5F3}" = bpd_scan

"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1

"{433657FC-710A-4A06-85FD-709C3F98D3DB}" = IVANS Remote Access

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1

"{4B222C8E-8DEB-4DBC-B57A-78BEB72ABD3A}" = LeapFrog Connect

"{4BCD581A-404A-483A-869D-109853007C32}" = HD Writer 2.0E for SX/SD

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter

"{61FEAA90-615B-4243-B7DA-075D0898C018}" = BPDSoftware

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6D80B6D8-C7FC-C635-B3D2-1DFE9BEE890D}" = TiltShiftGenerator: artandmobile.com

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86

"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer

"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup

"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86

"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3

"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}" = Adobe Creative Suite 5 Master Collection

"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6BFA328-0A46-42EF-B414-8B67E87A2B1F}" = 7500_7600_7700_Help

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AAA0C1E1-8F39-4AB0-9283-78140537BB40}" = BPDSoftware_Ini

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4

"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack

"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C545F93C-90E2-4C47-9FBA-009CEE8242B2}" = HD Writer

"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com

"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content

"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2

"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{EFB786FD-D916-416B-A23A-1EBEAF4A9DDC}" = Adobe Flash Player 10 ActiveX

"{F330293A-DB6A-4495-BE34-8DC9453CBFE1}" = LeapFrog Tag Plugin

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"7-Zip" = 7-Zip 4.65

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content

"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter

"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content

"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

"AT&T Passport for Windows 95" = AT&T Passport for Windows 95

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"Bass Audio Decoder" = Bass Audio Decoder (remove only)

"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)

"CDex" = CDex - Open Source Digital Audio CD Extractor

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"DCoder Image Source" = DCoder Image Source (remove only)

"DirectVobSub" = DirectVobSub (remove only)

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"DVDFab 7_is1" = DVDFab 7.0.3.0 (26/03/2010)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"ffdshow_is1" = ffdshow [rev 3124] [2009-11-03]

"FFMPEG Core Files" = FFMPEG Core Files (remove only)

"Gabest MPEG Splitter" = Gabest MPEG Splitter (remove only)

"GoldWave v5.55" = GoldWave v5.55

"Guild Wars" = Guild Wars

"HaaliMkx" = Haali Media Splitter

"Handbrake" = Handbrake 0.9.4

"InstallShield_{14A6AE78-F4D9-4E9A-B27B-BC1E47C93185}" = Trapcode Lux

"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra

"InstallShield_{6D14F459-DA76-42A5-982F-CDE6BC7D64B2}" = Trapcode Form

"InstallShield_{71AC1C1B-CF68-4380-B040-AFBDF381C481}" = Trapcode Starglow

"InstallShield_{C503B73F-3DE3-419D-9807-0282C340CDE8}" = Trapcode 3D Stroke

"InstallShield_{D4C0D93D-7924-486F-9B30-27ABD4EA3BB3}" = Trapcode Shine

"InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular

"Line 6 Uninstaller" = Line 6 Uninstaller

"Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"MakeMKV" = MakeMKV v1.5.6_beta

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"mini-KMS Activator 1.0.5.1" = mini-KMS Activator 1.0.5.1

"MKVtoolnix" = MKVtoolnix 4.0.0

"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)

"Open Codecs" = Xiph.Org Open Codecs 0.84.17359

"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)

"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)

"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)

"PFPortChecker" = PFPortChecker 1.0.32

"RealMedia" = RealMedia (remove only)

"RealPlayer 12.0" = RealPlayer

"SHOUTcast Source" = SHOUTcast Source (remove only)

"Steam App 440" = Team Fortress 2

"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

"TiltShift.E66C440A17F1D70FFD66FDB4568328647297CFDC.1" = TiltShiftGenerator: artandmobile.com

"UPCShell" = LeapFrog Connect

"uTorrent" =

Link to post
Share on other sites

There are indeed some problems shown in the event viewer.

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"

/md5start
explorer.exe
wininit.exe
cdrbsdrv.SYS
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

[*]Click the NONE button and then Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

Here are the log files!

OTL logfile created on: 10/19/2010 11:02:37 AM - Run 4

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\glasseye\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 195.21 Gb Total Space | 111.13 Gb Free Space | 56.93% Space Free | Partition Type: NTFS

Drive D: | 48.83 Gb Total Space | 24.55 Gb Free Space | 50.27% Space Free | Partition Type: NTFS

Drive E: | 221.62 Gb Total Space | 201.39 Gb Free Space | 90.87% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 15.10 Gb Free Space | 3.24% Space Free | Partition Type: NTFS

Drive I: | 1.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive J: | 3.74 Gb Total Space | 3.43 Gb Free Space | 91.54% Space Free | Partition Type: FAT32

Computer Name: GLASSEYE-FX | User Name: glasseye | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: CDRBSDRV.SYS >

[2006/08/24 22:36:52 | 000,039,208 | ---- | M] (B.H.A Corporation) MD5=9EDD76D0800A022AE10B9243D0224E72 -- C:\Users\glasseye\AppData\Local\Temp\{398DC4A2-538D-4C40-A186-430A68A0A638}\{4BCD581A-404A-483A-869D-109853007C32}\drivers\X64\cdrbsdrv.sys

[2006/02/20 03:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) MD5=E0042BD5BEF17A6A3EF1DF576BDE24D1 -- C:\Users\glasseye\AppData\Local\Temp\{398DC4A2-538D-4C40-A186-430A68A0A638}\{4BCD581A-404A-483A-869D-109853007C32}\drivers\X32\cdrbsdrv.sys

[2006/02/20 03:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) MD5=E0042BD5BEF17A6A3EF1DF576BDE24D1 -- C:\Windows\SysWOW64\drivers\cdrbsdrv.sys

[2006/02/20 03:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) MD5=E0042BD5BEF17A6A3EF1DF576BDE24D1 -- C:\Windows\SysWOW64\drivers\cdrbsdrv.sys

< MD5 for: EXPLORER.EXE >

[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe

[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: WININIT.EXE >

[2009/07/13 18:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows 7 Ultimate Edition

Windows Information: (build 7600), 64-bit

Base Board Manufacturer: Gateway

BIOS Manufacturer: Phoenix Technologies LTD

System Manufacturer: Gateway

System Product Name: P-171X FX

Logical Drives Mask: 0x0000037c

Kernel Drivers (total 215):

0x02E56000 \SystemRoot\system32\ntoskrnl.exe

0x02E0D000 \SystemRoot\system32\hal.dll

0x00BA1000 \SystemRoot\system32\kdcom.dll

0x00C69000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00CAD000 \SystemRoot\system32\PSHED.dll

0x00CC1000 \SystemRoot\system32\CLFS.SYS

0x00D1F000 \SystemRoot\system32\CI.dll

0x00EB6000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F5A000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F69000 \SystemRoot\system32\DRIVERS\ACPI.sys

0x00FC0000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

0x00FC9000 \SystemRoot\system32\DRIVERS\msisadrv.sys

0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys

0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

0x00E40000 \SystemRoot\System32\drivers\partmgr.sys

0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys

0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E7F000 \SystemRoot\system32\DRIVERS\intelide.sys

0x00E87000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

0x00E97000 \SystemRoot\System32\drivers\mountmgr.sys

0x00FD3000 \SystemRoot\system32\DRIVERS\atapi.sys

0x010F8000 \SystemRoot\system32\DRIVERS\ataport.SYS

0x01122000 \SystemRoot\system32\DRIVERS\msahci.sys

0x0112D000 \SystemRoot\system32\DRIVERS\Si3531.sys

0x01180000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS

0x011AF000 \SystemRoot\system32\DRIVERS\amdxata.sys

0x01000000 \SystemRoot\system32\drivers\fltmgr.sys

0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys

0x01060000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys

0x0106A000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x0123B000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01076000 \SystemRoot\System32\Drivers\msrpc.sys

0x013DE000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01484000 \SystemRoot\System32\Drivers\cng.sys

0x014F7000 \SystemRoot\System32\drivers\pcw.sys

0x01508000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016AF000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01803000 \SystemRoot\System32\drivers\tcpip.sys

0x017A1000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x017EB000 \SystemRoot\system32\DRIVERS\vmstorfl.sys

0x01512000 \SystemRoot\system32\DRIVERS\volsnap.sys

0x0168B000 \SystemRoot\System32\Drivers\spldr.sys

0x0155E000 \SystemRoot\System32\drivers\rdyboost.sys

0x01693000 \SystemRoot\system32\DRIVERS\SiRemFil.sys

0x0169B000 \SystemRoot\System32\Drivers\mup.sys

0x01598000 \SystemRoot\System32\drivers\hwpolicy.sys

0x015A1000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x015DB000 \SystemRoot\system32\DRIVERS\disk.sys

0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x01200000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x01468000 \SystemRoot\System32\Drivers\Null.SYS

0x01471000 \SystemRoot\System32\Drivers\Beep.SYS

0x015F1000 \SystemRoot\System32\drivers\vga.sys

0x011BA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x0122A000 \SystemRoot\System32\drivers\watchdog.sys

0x01478000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x011DF000 \SystemRoot\system32\drivers\rdpencdd.sys

0x011E8000 \SystemRoot\system32\drivers\rdprefmp.sys

0x011F1000 \SystemRoot\System32\Drivers\Msfs.SYS

0x010D4000 \SystemRoot\System32\Drivers\Npfs.SYS

0x00FDC000 \SystemRoot\system32\DRIVERS\tdx.sys

0x010E5000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03A1E000 \SystemRoot\system32\drivers\afd.sys

0x03AA8000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03AED000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03AF6000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03B1C000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03B2B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03B46000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03B5A000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03BAB000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03BB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03BC2000 \SystemRoot\System32\drivers\discache.sys

0x03C05000 \SystemRoot\system32\drivers\csc.sys

0x03C88000 \SystemRoot\System32\Drivers\dfsc.sys

0x03CA6000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03CB7000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x03CD9000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03CFF000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03D15000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0F01B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FD4C000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x03ED6000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys

0x03E46000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x03E53000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x03EA9000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x03FCA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x04201000 \SystemRoot\system32\DRIVERS\NETw4v64.sys

0x04518000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x0456F000 \SystemRoot\system32\DRIVERS\1394ohci.sys

0x045AD000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x045B2000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0x045D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x0FD4E000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x045DF000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x045E1000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x045F0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x0FD9D000 \SystemRoot\system32\DRIVERS\agnfilt.sys

0x03FEE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x03EBA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x03D1E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x0FDF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x03D42000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0F000000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x03D71000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x03D92000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x03DAC000 \SystemRoot\System32\Drivers\pcouffin.sys

0x03DC1000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x0487F000 \SystemRoot\system32\DRIVERS\mcdbus.sys

0x048BC000 \SystemRoot\system32\DRIVERS\swenum.sys

0x048BE000 \SystemRoot\system32\DRIVERS\ks.sys

0x04901000 \SystemRoot\system32\DRIVERS\umbus.sys

0x04913000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0496D000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x04A75000 \SystemRoot\system32\DRIVERS\agrsm64.sys

0x04B97000 \SystemRoot\system32\drivers\modem.sys

0x04A00000 \SystemRoot\system32\DRIVERS\stwrt64.sys

0x04BA6000 \SystemRoot\system32\DRIVERS\portcls.sys

0x04982000 \SystemRoot\system32\DRIVERS\drmk.sys

0x04BE3000 \SystemRoot\system32\drivers\ksthunk.sys

0x000E0000 \SystemRoot\System32\win32k.sys

0x04BE9000 \SystemRoot\System32\drivers\Dxapi.sys

0x049A4000 \SystemRoot\system32\DRIVERS\cdfs.sys

0x049C1000 \SystemRoot\System32\Drivers\crashdmp.sys

0x049CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x04BF5000 \SystemRoot\System32\Drivers\dump_msahci.sys

0x049DB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x04800000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x0481D000 \SystemRoot\System32\Drivers\usbvideo.sys

0x0484B000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x04859000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x04A6C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x04872000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x03DCC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x049EE000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00560000 \SystemRoot\System32\TSDDD.dll

0x007A0000 \SystemRoot\System32\cdd.dll

0x00870000 \SystemRoot\System32\ATMFD.DLL

0x03BD1000 \SystemRoot\system32\drivers\luafv.sys

0x03A00000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x01430000 \SystemRoot\system32\drivers\WudfPf.sys

0x03DE7000 \SystemRoot\system32\DRIVERS\WinUSB.sys

0x05A0A000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x05A3B000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x05A50000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x05AA3000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x05AB6000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x05ACE000 \SystemRoot\System32\Drivers\fastfat.SYS

0x05B04000 \SystemRoot\system32\drivers\HTTP.sys

0x05BCC000 \SystemRoot\system32\DRIVERS\bowser.sys

0x00DDF000 \SystemRoot\System32\drivers\mpsdrv.sys

0x07855000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x07882000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x078D0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x078F3000 \SystemRoot\System32\Drivers\adfs.SYS

0x0790B000 \SystemRoot\system32\drivers\peauth.sys

0x079B1000 \SystemRoot\System32\Drivers\secdrv.SYS

0x079BC000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x07F2F000 \SystemRoot\System32\drivers\tcpipreg.sys

0x07F41000 \??\C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl

0x07F66000 \SystemRoot\System32\DRIVERS\srv2.sys

0x07E00000 \SystemRoot\System32\DRIVERS\srv.sys

0x07E98000 \SystemRoot\System32\Drivers\BTHUSB.sys

0x08E40000 \SystemRoot\System32\Drivers\bthport.sys

0x08ECC000 \SystemRoot\system32\DRIVERS\rfcomm.sys

0x08EF8000 \SystemRoot\system32\DRIVERS\BthEnum.sys

0x08F08000 \SystemRoot\system32\DRIVERS\bthpan.sys

0x08F28000 \SystemRoot\system32\DRIVERS\btwavdt.sys

0x08CF9000 \SystemRoot\system32\drivers\btwaudio.sys

0x08D78000 \SystemRoot\system32\DRIVERS\btwrchid.sys

0x08D7C000 \??\C:\Windows\system32\drivers\mbam.sys

0x76F00000 \Windows\System32\ntdll.dll

0x48470000 \Windows\System32\smss.exe

0xFF220000 \Windows\System32\apisetschema.dll

0xFF0E0000 \Windows\System32\wininet.dll

0xFF070000 \Windows\System32\gdi32.dll

0xFEFF0000 \Windows\System32\shlwapi.dll

0xFEF10000 \Windows\System32\oleaut32.dll

0xFEE30000 \Windows\System32\advapi32.dll

0xFED90000 \Windows\System32\clbcatq.dll

0xFEC60000 \Windows\System32\rpcrt4.dll

0xFEC10000 \Windows\System32\Wldap32.dll

0xFEA90000 \Windows\System32\urlmon.dll

0xFE8B0000 \Windows\System32\setupapi.dll

0xFE810000 \Windows\System32\msvcrt.dll

0xFE740000 \Windows\System32\usp10.dll

0x770D0000 \Windows\System32\normaliz.dll

0xFE530000 \Windows\System32\ole32.dll

0xFE510000 \Windows\System32\imagehlp.dll

0xFE490000 \Windows\System32\difxapi.dll

0xFE440000 \Windows\System32\ws2_32.dll

0x770C0000 \Windows\System32\psapi.dll

0x76DE0000 \Windows\System32\kernel32.dll

0xFE430000 \Windows\System32\lpk.dll

0xFE400000 \Windows\System32\imm32.dll

0xFD670000 \Windows\System32\shell32.dll

0x76CE0000 \Windows\System32\user32.dll

0xFD410000 \Windows\System32\iertutil.dll

0xFD400000 \Windows\System32\nsi.dll

0xFD3E0000 \Windows\System32\sechost.dll

0xFD2D0000 \Windows\System32\msctf.dll

0xFD230000 \Windows\System32\comdlg32.dll

0xFD1C0000 \Windows\System32\KernelBase.dll

0xFD120000 \Windows\System32\comctl32.dll

0xFD0E0000 \Windows\System32\cfgmgr32.dll

0xFCF70000 \Windows\System32\crypt32.dll

0xFCF30000 \Windows\System32\wintrust.dll

0xFCF10000 \Windows\System32\devobj.dll

0xFCF00000 \Windows\System32\msasn1.dll

0x74CB0000 \Windows\SysWOW64\normaliz.dll

Processes (total 76):

0 System Idle Process

4 System

264 C:\Windows\System32\smss.exe

372 csrss.exe

436 C:\Windows\System32\wininit.exe

444 csrss.exe

496 C:\Windows\System32\services.exe

508 C:\Windows\System32\lsass.exe

516 C:\Windows\System32\lsm.exe

636 C:\Windows\System32\svchost.exe

724 C:\Windows\System32\nvvsvc.exe

776 C:\Windows\System32\svchost.exe

840 C:\Windows\System32\svchost.exe

880 C:\Windows\System32\svchost.exe

916 C:\Windows\System32\svchost.exe

948 C:\Windows\System32\winlogon.exe

848 C:\Windows\System32\svchost.exe

1060 C:\Windows\System32\nvvsvc.exe

1088 WUDFHost.exe

1180 C:\Windows\System32\svchost.exe

1432 C:\Windows\System32\dwm.exe

1460 C:\Windows\System32\spoolsv.exe

1496 C:\Windows\explorer.exe

1584 C:\Windows\System32\taskhost.exe

1724 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

1952 C:\Windows\System32\svchost.exe

1220 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

1488 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1612 C:\Windows\SysWOW64\bgsvcgen.exe

1152 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

1932 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1792 C:\Windows\System32\conhost.exe

1344 C:\Windows\System32\svchost.exe

784 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

1596 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2056 C:\Windows\System32\svchost.exe

2088 C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe

2140 C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe

2168 C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe

2220 C:\Windows\System32\svchost.exe

2268 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2344 C:\Windows\System32\stacsv64.exe

2424 C:\Windows\System32\svchost.exe

2968 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

2316 C:\Windows\System32\SearchIndexer.exe

2820 WUDFHost.exe

2932 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

2936 C:\Program Files\IDT\WDM\sttray64.exe

3080 C:\Windows\System32\StikyNot.exe

3120 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

3200 C:\Program Files (x86)\MagicDisc\MagicDisc.exe

3464 C:\Program Files (x86)\CyberLink\Shared files\brs.exe

3472 C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

3556 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

3564 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3580 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3608 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

3788 C:\Windows\System32\svchost.exe

3832 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

2896 C:\Program Files\iPod\bin\iPodService.exe

3736 C:\Program Files\Windows Media Player\wmpnetwk.exe

3368 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

3492 WmiPrvSE.exe

4980 C:\Windows\System32\svchost.exe

5116 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

4232 C:\Program Files (x86)\Nero\Update\NASvc.exe

4356 C:\Windows\System32\svchost.exe

3260 C:\Windows\System32\svchost.exe

4624 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

4460 C:\Windows\System32\SearchProtocolHost.exe

2568 C:\Windows\System32\notepad.exe

856 C:\Windows\System32\SearchFilterHost.exe

4744 C:\Windows\System32\audiodg.exe

1700 C:\Users\glasseye\Desktop\MBRCheck.exe

4360 C:\Windows\System32\conhost.exe

4788 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d4000000 (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000003d`09100000 (NTFS)

\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9500420AS, Rev: 0002SDM1

PhysicalDrive1 Model Number: ST9500325AS, Rev: 0001SDM1

Size Device Name MBR Status

--------------------------------------------

465 GB \\.\PhysicalDrive0 MBR Code Faked!

SHA1: 0C0E7F154151469D03B17DE3B60CAFCFD0398D69

465 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected

SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.

Enter your choice:

Done!

Link to post
Share on other sites

Looks like we may have a rootkit on board.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Here is the log:

2010/10/19 14:22:29.0501 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/19 14:22:29.0501 ================================================================================

2010/10/19 14:22:29.0501 SystemInfo:

2010/10/19 14:22:29.0501

2010/10/19 14:22:29.0501 OS Version: 6.1.7600 ServicePack: 0.0

2010/10/19 14:22:29.0501 Product type: Workstation

2010/10/19 14:22:29.0501 ComputerName: GLASSEYE-FX

2010/10/19 14:22:29.0517 UserName: glasseye

2010/10/19 14:22:29.0517 Windows directory: C:\Windows

2010/10/19 14:22:29.0517 System windows directory: C:\Windows

2010/10/19 14:22:29.0517 Running under WOW64

2010/10/19 14:22:29.0517 Processor architecture: Intel x64

2010/10/19 14:22:29.0517 Number of processors: 2

2010/10/19 14:22:29.0517 Page size: 0x1000

2010/10/19 14:22:29.0517 Boot type: Normal boot

2010/10/19 14:22:29.0517 ================================================================================

2010/10/19 14:22:29.0517 Utility is running under WOW64

2010/10/19 14:22:32.0606 Initialize success

2010/10/19 14:22:50.0343 ================================================================================

2010/10/19 14:22:50.0343 Scan started

2010/10/19 14:22:50.0343 Mode: Manual;

2010/10/19 14:22:50.0343 ================================================================================

2010/10/19 14:22:51.0669 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/10/19 14:22:51.0731 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/10/19 14:22:51.0778 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/10/19 14:22:51.0856 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

2010/10/19 14:22:51.0903 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/10/19 14:22:51.0950 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/10/19 14:22:51.0997 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/10/19 14:22:52.0059 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/10/19 14:22:52.0153 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

2010/10/19 14:22:52.0293 agnfilt (dbd5e77237a1780af4b18a2411a12fcd) C:\Windows\system32\DRIVERS\agnfilt.sys

2010/10/19 14:22:52.0355 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/10/19 14:22:52.0418 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/10/19 14:22:52.0449 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/10/19 14:22:52.0496 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/10/19 14:22:52.0543 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/10/19 14:22:52.0605 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/10/19 14:22:52.0636 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/10/19 14:22:52.0667 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/10/19 14:22:52.0745 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/10/19 14:22:52.0808 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/10/19 14:22:52.0839 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/10/19 14:22:52.0886 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/10/19 14:22:52.0917 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/10/19 14:22:52.0995 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/10/19 14:22:53.0073 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2010/10/19 14:22:53.0151 avpnnic (9ac8e84eb4b3b56ea705968a9c2b4c3f) C:\Windows\system32\DRIVERS\avpnnic.sys

2010/10/19 14:22:53.0245 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/10/19 14:22:53.0338 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/10/19 14:22:53.0401 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/10/19 14:22:53.0525 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/10/19 14:22:53.0572 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/10/19 14:22:53.0603 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/10/19 14:22:53.0635 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/10/19 14:22:53.0681 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/10/19 14:22:53.0697 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/10/19 14:22:53.0728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/10/19 14:22:53.0744 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/10/19 14:22:53.0791 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

2010/10/19 14:22:53.0853 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/10/19 14:22:53.0900 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

2010/10/19 14:22:53.0962 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys

2010/10/19 14:22:54.0040 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys

2010/10/19 14:22:54.0103 btwaudio (32c0db90e550cff54895aae39f30c223) C:\Windows\system32\drivers\btwaudio.sys

2010/10/19 14:22:54.0181 btwavdt (73b4341807e3398dac73102e4709ecb0) C:\Windows\system32\DRIVERS\btwavdt.sys

2010/10/19 14:22:54.0243 btwrchid (da0386aed062087147a4a9e09a23f6f1) C:\Windows\system32\DRIVERS\btwrchid.sys

2010/10/19 14:22:54.0274 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/10/19 14:22:54.0399 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/10/19 14:22:54.0477 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/10/19 14:22:54.0524 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/10/19 14:22:54.0571 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/10/19 14:22:54.0602 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/10/19 14:22:54.0633 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/10/19 14:22:54.0680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/10/19 14:22:54.0711 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/10/19 14:22:54.0742 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/10/19 14:22:54.0789 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/10/19 14:22:54.0867 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/10/19 14:22:54.0898 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/10/19 14:22:54.0945 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/10/19 14:22:54.0992 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

2010/10/19 14:22:55.0039 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2010/10/19 14:22:55.0054 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

2010/10/19 14:22:55.0101 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/10/19 14:22:55.0148 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/10/19 14:22:55.0273 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/10/19 14:22:55.0382 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/10/19 14:22:55.0413 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/10/19 14:22:55.0444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/10/19 14:22:55.0475 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/10/19 14:22:55.0507 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/10/19 14:22:55.0538 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/10/19 14:22:55.0553 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/10/19 14:22:55.0569 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/10/19 14:22:55.0616 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/10/19 14:22:55.0678 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys

2010/10/19 14:22:55.0725 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/10/19 14:22:55.0741 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/10/19 14:22:55.0787 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

2010/10/19 14:22:55.0819 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/10/19 14:22:55.0850 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/10/19 14:22:55.0881 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/10/19 14:22:55.0928 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/10/19 14:22:55.0959 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/10/19 14:22:55.0975 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/10/19 14:22:56.0006 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/10/19 14:22:56.0037 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/10/19 14:22:56.0084 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/10/19 14:22:56.0115 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/10/19 14:22:56.0209 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/10/19 14:22:56.0287 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/10/19 14:22:56.0333 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/10/19 14:22:56.0365 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/10/19 14:22:56.0411 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/10/19 14:22:56.0443 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/10/19 14:22:56.0474 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/10/19 14:22:56.0505 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/10/19 14:22:56.0536 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/10/19 14:22:56.0552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/10/19 14:22:56.0599 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/10/19 14:22:56.0630 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/10/19 14:22:56.0645 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/10/19 14:22:56.0692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/10/19 14:22:56.0708 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/10/19 14:22:56.0739 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/10/19 14:22:56.0770 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/10/19 14:22:56.0801 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/10/19 14:22:56.0879 L6PODLV (938d1cc2ff0b93bb9651c3e6b0d6fbf4) C:\Windows\system32\Drivers\L6PODLV64.sys

2010/10/19 14:22:57.0020 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/10/19 14:22:57.0067 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/10/19 14:22:57.0082 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/10/19 14:22:57.0113 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/10/19 14:22:57.0160 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/10/19 14:22:57.0207 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/10/19 14:22:57.0269 MBAMProtector (a1dde89dd3af82cf5cb0e07f22bff9bc) C:\Windows\system32\drivers\mbam.sys

2010/10/19 14:22:57.0332 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys

2010/10/19 14:22:57.0379 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/10/19 14:22:57.0425 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/10/19 14:22:57.0472 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/10/19 14:22:57.0535 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/10/19 14:22:57.0566 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/10/19 14:22:57.0628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/10/19 14:22:57.0675 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/10/19 14:22:57.0722 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/10/19 14:22:57.0769 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/10/19 14:22:57.0815 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/10/19 14:22:57.0862 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/10/19 14:22:57.0909 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/10/19 14:22:57.0971 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/10/19 14:22:58.0018 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/10/19 14:22:58.0049 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/10/19 14:22:58.0096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/10/19 14:22:58.0127 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/10/19 14:22:58.0174 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/10/19 14:22:58.0237 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/10/19 14:22:58.0283 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/10/19 14:22:58.0330 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/10/19 14:22:58.0377 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/10/19 14:22:58.0424 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/10/19 14:22:58.0455 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/10/19 14:22:58.0486 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/10/19 14:22:58.0533 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/10/19 14:22:58.0611 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/10/19 14:22:58.0689 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/10/19 14:22:58.0767 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/10/19 14:22:58.0814 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/10/19 14:22:58.0861 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/10/19 14:22:58.0907 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/10/19 14:22:58.0939 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/10/19 14:22:59.0017 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys

2010/10/19 14:22:59.0063 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/10/19 14:22:59.0095 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/10/19 14:22:59.0313 NETw4v64 (520d367b45b12a75022b0070fff2b937) C:\Windows\system32\DRIVERS\NETw4v64.sys

2010/10/19 14:22:59.0563 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2010/10/19 14:22:59.0765 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/10/19 14:22:59.0828 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/10/19 14:22:59.0875 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/10/19 14:22:59.0968 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/10/19 14:23:00.0031 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/10/19 14:23:00.0358 nvlddmkm (26d6abd49079a07bec0f652c6ebea17c) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/10/19 14:23:00.0764 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/10/19 14:23:00.0811 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/10/19 14:23:00.0873 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/10/19 14:23:00.0920 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/10/19 14:23:00.0967 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/10/19 14:23:00.0998 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/10/19 14:23:01.0060 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/10/19 14:23:01.0107 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/10/19 14:23:01.0138 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/10/19 14:23:01.0201 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

2010/10/19 14:23:01.0247 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/10/19 14:23:01.0294 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/10/19 14:23:01.0481 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/10/19 14:23:01.0544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/10/19 14:23:01.0606 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/10/19 14:23:01.0653 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

2010/10/19 14:23:01.0715 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/10/19 14:23:01.0793 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/10/19 14:23:01.0809 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/10/19 14:23:01.0871 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/10/19 14:23:01.0965 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/10/19 14:23:02.0027 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/10/19 14:23:02.0074 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/10/19 14:23:02.0137 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/10/19 14:23:02.0183 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/10/19 14:23:02.0230 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/10/19 14:23:02.0261 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/10/19 14:23:02.0308 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/10/19 14:23:02.0339 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/10/19 14:23:02.0417 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/10/19 14:23:02.0449 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/10/19 14:23:02.0511 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/10/19 14:23:02.0573 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

2010/10/19 14:23:02.0667 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/10/19 14:23:02.0729 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

2010/10/19 14:23:02.0792 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/10/19 14:23:02.0839 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/10/19 14:23:02.0885 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/10/19 14:23:02.0932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/10/19 14:23:02.0995 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/10/19 14:23:03.0041 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/10/19 14:23:03.0073 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/10/19 14:23:03.0135 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/10/19 14:23:03.0182 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2010/10/19 14:23:03.0213 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/10/19 14:23:03.0244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/10/19 14:23:03.0307 Si3531 (1b731ae02fc0c1ccdc4b7d32fcc95660) C:\Windows\system32\DRIVERS\Si3531.sys

2010/10/19 14:23:03.0353 SiFilter (8574809375c8147cc9b6a62822018fd6) C:\Windows\system32\DRIVERS\SiWinAcc.sys

2010/10/19 14:23:03.0400 SiRemFil (e7b586131c8c417691e303c511c3563b) C:\Windows\system32\DRIVERS\SiRemFil.sys

2010/10/19 14:23:03.0447 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/10/19 14:23:03.0478 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/10/19 14:23:03.0541 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/10/19 14:23:03.0587 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/10/19 14:23:03.0681 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys

2010/10/19 14:23:03.0759 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys

2010/10/19 14:23:03.0821 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys

2010/10/19 14:23:03.0915 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/10/19 14:23:03.0977 STHDA (d3ed333e89e1fdfa6de170a12bb87e11) C:\Windows\system32\DRIVERS\stwrt64.sys

2010/10/19 14:23:04.0040 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/10/19 14:23:04.0071 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/10/19 14:23:04.0118 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/10/19 14:23:04.0227 SynTP (f3c61cb5f8f078cd129949584b5428a5) C:\Windows\system32\DRIVERS\SynTP.sys

2010/10/19 14:23:04.0336 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys

2010/10/19 14:23:04.0430 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys

2010/10/19 14:23:04.0477 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/10/19 14:23:04.0523 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/10/19 14:23:04.0555 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/10/19 14:23:04.0601 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/10/19 14:23:04.0633 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/10/19 14:23:04.0711 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/10/19 14:23:04.0773 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/10/19 14:23:04.0820 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/10/19 14:23:04.0867 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/10/19 14:23:04.0913 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/10/19 14:23:04.0960 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/10/19 14:23:05.0007 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/10/19 14:23:05.0101 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/10/19 14:23:05.0147 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

2010/10/19 14:23:05.0179 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/10/19 14:23:05.0241 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/10/19 14:23:05.0288 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2010/10/19 14:23:05.0335 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2010/10/19 14:23:05.0381 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/10/19 14:23:05.0428 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/10/19 14:23:05.0506 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

2010/10/19 14:23:05.0553 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/10/19 14:23:05.0584 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/10/19 14:23:05.0647 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys

2010/10/19 14:23:05.0725 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/10/19 14:23:05.0756 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/10/19 14:23:05.0803 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/10/19 14:23:05.0865 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/10/19 14:23:05.0912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/10/19 14:23:05.0959 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/10/19 14:23:05.0990 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/10/19 14:23:06.0037 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/10/19 14:23:06.0083 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/10/19 14:23:06.0146 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/10/19 14:23:06.0177 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/10/19 14:23:06.0224 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/10/19 14:23:06.0271 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/10/19 14:23:06.0317 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/19 14:23:06.0349 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/10/19 14:23:06.0411 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/10/19 14:23:06.0458 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/10/19 14:23:06.0551 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/10/19 14:23:06.0583 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/10/19 14:23:06.0692 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys

2010/10/19 14:23:06.0770 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/10/19 14:23:06.0832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/10/19 14:23:06.0879 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/10/19 14:23:06.0926 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/10/19 14:23:07.0035 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl

2010/10/19 14:23:07.0097 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/19 14:23:07.0113 ================================================================================

2010/10/19 14:23:07.0113 Scan finished

2010/10/19 14:23:07.0113 ================================================================================

2010/10/19 14:23:07.0113 Detected object count: 1

2010/10/19 14:23:30.0731 \HardDisk1\MBR - will be cured after reboot

2010/10/19 14:23:30.0731 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure

2010/10/19 14:23:32.0713 Deinitialize success

Link to post
Share on other sites

Until now rootkits were not successful on 64 bit machines, but unfortunately things have changed. This was a nasty rootkit.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Please post me a new MBRcheck log and let me know how things are running now.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.