Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Blue screens of death and certain programs won't run.

  1. #1
    Member
    Join Date
    Oct 2009
    Posts
    65

    Default Blue screens of death and certain programs won't run.

    Ok, something is going down. I've gotten the blue screen of death twice.

    AVG detected three infected files the other day. Two appear to be identical (c:\Windows\System32\rcpnetp.exe), one was "moved to virus vault," the other "inaccessible." The third file is c:\Windows\SysWOW64\rcpnetp.dll, which was also "moved to virus vault."

    The only file actually listed in the virus vault is C:\Windows.old\Windows\system32\autochk.exe:BAK, listed as a "corrupted executable."

    Firefox will not run at all. (Click on icon, nothing happens). I deleted the default user, uninstalled, reinstalled, and still have the same problem.

    Dragon Naturally Speaking will load but not run. It either reports an "unexpected" error, or says that the program has become unstable.

    Windows gave a message that some file had become corrupt and recommended running chkdsk.exe. Chkdsk.exe runs, but aborts itself. It says, "Canot lock current drive. Chkdsk cannot run because the volume is in use by another process." It then asks if I want to schedule a scan upon reboot. After choosing yes, the computer reboots as normal without running said scan.

    ------------------------------------------


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by TheEarl at 18:49:19.49 on Fri 12/17/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4091.1768 [GMT -6:00]

    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    ============== Running Processes ===============

    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Mozy\mozystat.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\conhost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Mozy\mozybackup.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Mozy\mozybackup.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe
    C:\Program Files (x86)\Nuance\NaturallySpeaking10\Program\natspeak.exe
    C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr.exe
    C:\Program Files (x86)\Common Files\Nuance\NaturallySpeaking10\dgnuiasvr_x64.exe
    C:\Users\TheEarl\AppData\Local\RockMelt\Application\rockmelt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\TheEarl\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = https://share.law.northwestern.edu/jclc/default.aspx
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\TheEarl\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [RockMelt Update] "C:\Users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
    uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    mRun: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\Mozy\mozystat.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
    R0 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2010-1-16 17776]
    R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2010-1-16 124112]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-16 55856]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
    R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2010-1-16 41072]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
    R2 DLABMFSE;DLABMFSE;C:\Windows\System32\drivers\DLABMFSE.SYS [2010-1-16 46448]
    R2 DLABOIOE;DLABOIOE;C:\Windows\System32\drivers\DLABOIOE.SYS [2010-1-16 42352]
    R2 DLADResE;DLADResE;C:\Windows\System32\drivers\DLADResE.SYS [2010-1-16 9968]
    R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\drivers\DLAIFS_E.SYS [2010-1-16 146672]
    R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\drivers\DLAOPIOE.SYS [2010-1-16 35056]
    R2 DLAPoolE;DLAPoolE;C:\Windows\System32\drivers\DLAPoolE.SYS [2010-1-16 19824]
    R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\drivers\DLAUDF_E.SYS [2010-1-16 144112]
    R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\drivers\DLAUDFAE.SYS [2010-1-16 135152]
    R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2010-1-16 63984]
    R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;C:\Windows\System32\drivers\OEM13Vfx.sys [2007-3-5 12288]
    R3 OEM13Vid;Creative Camera OEM013 Driver;C:\Windows\System32\drivers\OEM13Vid.sys [2008-5-28 267296]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
    S3 B-Service;B-Service;C:\Users\TheEarl\AppData\Roaming\Mikogo\B-Service.exe [2010-10-7 185640]
    S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2010-6-19 67072]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2010-6-19 32768]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]

    =============== Created Last 30 ================

    2010-12-17 19:11:37 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F8F7623A-55E0-4C97-9166-F94AB5BD7DA3}\mpengine.dll
    2010-12-09 16:39:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
    2010-12-09 16:39:23 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
    2010-12-09 16:39:23 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    2010-12-06 18:25:19 66552 ----a-w- C:\Windows\System32\drivers\mozy.sys
    2010-12-06 18:19:41 11336456 ----a-w- C:\PROGRA~3\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
    2010-11-29 23:17:59 403304 ----a-w- C:\Windows\System32\xactengine2_7.dll
    2010-11-29 22:23:07 458840 ----a-w- C:\Windows\System32\drivers\~GLH0023.TMP
    2010-11-29 22:13:18 -------- d-----w- C:\Windows\Internet Logs
    2010-11-29 00:18:47 -------- d-----w- C:\Users\TheEarl\AppData\Roaming\AVG10
    2010-11-29 00:01:15 -------- d--h--w- C:\PROGRA~3\Common Files
    2010-11-28 23:59:49 -------- d-----w- C:\PROGRA~3\AVG10
    2010-11-28 19:19:52 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2010-11-28 19:19:50 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2010-11-28 19:19:49 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
    2010-11-28 19:19:15 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-11-28 19:19:09 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-11-28 17:18:11 -------- d-----w- C:\PROGRA~3\MFAData
    2010-11-26 05:03:43 -------- d-----w- C:\Users\TheEarl\AppData\Local\RockMelt
    2010-11-25 20:00:08 -------- d-----w- C:\Windows\SysWow64\AGEIA
    2010-11-25 19:59:49 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2010-11-25 08:07:51 -------- d-----w- C:\Program Files\iTunes
    2010-11-25 08:07:51 -------- d-----w- C:\Program Files\iPod
    2010-11-25 08:07:51 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-11-25 08:06:23 -------- d-----w- C:\Program Files\Bonjour
    2010-11-25 08:06:23 -------- d-----w- C:\Program Files (x86)\Bonjour

    ==================== Find3M ====================

    2010-12-17 05:51:47 60 ----a-w- C:\Windows\wpd99.drv
    2010-12-16 22:45:31 57752 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2010-11-16 23:45:54 1238528 ----a-w- C:\Windows\SysWow64\zpeng25.dll
    2010-11-14 02:39:14 340 ----a-w- C:\Windows\wininit.tmp
    2010-11-10 04:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
    2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
    2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2010-10-14 07:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
    2010-10-14 07:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
    2010-10-07 18:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2010-10-07 18:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2010-10-07 18:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2010-10-07 18:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2010-10-05 15:40:44 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe
    2010-10-05 15:40:41 57752 ------w- C:\Windows\SysWow64\rpcnet.exe
    2010-09-28 21:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 21:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

    ============= FINISH: 18:50:02.64 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Sorry for the delay but we get a bit overwhelmed at times.

    Lets look a bit deeper into your system


    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please





    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.



    Post the Malwarebytes log and the OTL log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Oct 2009
    Posts
    65

    Default

    Thanks. Here are the outputs. While OTL was running, windows gave me a notification that said OTL.exe had become corrupt (although it displayed a path unrelated to OTL) and recommended I run chkdsk. I tried to take a screenshot, but was unsuccessful. Not sure if there's a place to find what it said.

    ----------------------------------


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5428

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    12/31/2010 9:43:15 AM
    mbam-log-2010-12-31 (09-43-15).txt

    Scan type: Quick scan
    Objects scanned: 166589
    Time elapsed: 5 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ------------------------------------------------


    OTL logfile created on: 12/31/2010 9:46:33 AM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\TheEarl\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.85 Gb Total Space | 71.41 Gb Free Space | 30.67% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 691.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: THEMOTHERSHIP | User Name: TheEarl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\TheEarl\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
    PRC - C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\TheEarl\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found
    SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (B-Service) -- C:\Users\TheEarl\AppData\Roaming\Mikogo\B-Service.exe ()
    SRV - (rpcnet) Remote Procedure Call (RPC) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (mozybackup) -- C:\Program Files (x86)\Mozy\mozybackup.exe (Mozy, Inc.)
    SRV - (postgresql-8.4) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (mozyFilter) -- C:\Windows\SysNative\drivers\mozy.sys (Mozy, Inc.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
    DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
    DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
    DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
    DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
    DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
    DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
    DRV:64bit: - (OEM13Vid) -- C:\Windows\SysNative\drivers\OEM13Vid.sys (Creative Technology Ltd.)
    DRV:64bit: - (VSBC) Virtual Serial Bus Enumerator (Eltima Software) -- C:\Windows\SysNative\drivers\evsbc.sys (ELTIMA Software)
    DRV:64bit: - (evserial) Virtual Serial Ports Driver (Eltima Softwate) -- C:\Windows\SysNative\drivers\evserial.sys (ELTIMA Software)
    DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\drivers\DLADResE.SYS (Roxio)
    DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS (Roxio)
    DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\drivers\DLABMFSE.SYS (Roxio)
    DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS (Roxio)
    DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS (Roxio)
    DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\drivers\DLABOIOE.SYS (Roxio)
    DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\drivers\DLAPoolE.SYS (Roxio)
    DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS (Roxio)
    DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
    DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
    DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
    DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
    DRV:64bit: - (OEM13Vfx) -- C:\Windows\SysNative\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
    DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://share.law.northwestern.edu/jclc/default.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC F3 D4 F1 AA 90 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/28 18:00:18 | 000,000,000 | ---D | M]

    [2010/12/17 14:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheEarl\AppData\Roaming\Mozilla\Extensions
    [2010/01/12 00:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TheEarl\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
    [2010/12/17 14:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/05/01 00:39:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/09/07 18:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/17 18:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [RockMelt Update] C:\Users\TheEarl\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (RockMelt Inc.)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 15:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [1999/09/23 16:38:49 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [1996/12/26 19:21:40 | 004,429,073 | R--- | M] (Blizzard Entertainment) - F:\AUTORUN.EXE -- [ CDFS ]
    O32 - AutoRun File - [1996/11/20 11:25:44 | 000,000,050 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O32 - AutoRun File - [2003/10/13 17:18:23 | 000,001,990 | R--- | M] () - G:\automenu.apm -- [ CDFS ]
    O32 - AutoRun File - [2003/04/01 04:00:40 | 001,101,824 | R--- | M] (Indigo Rose Corporation) - G:\automenu.exe -- [ CDFS ]
    O32 - AutoRun File - [2000/06/27 07:26:52 | 000,000,766 | R--- | M] () - G:\automenu.ico -- [ CDFS ]
    O32 - AutoRun File - [2001/03/06 00:25:30 | 000,475,136 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2003/10/13 17:18:27 | 000,000,050 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{e37c70d6-ed1a-11df-8db8-002556a09b0e}\Shell - "" = AutoRun
    O33 - MountPoints2\{e37c70d6-ed1a-11df-8db8-002556a09b0e}\Shell\AutoRun\command - "" = G:\automenu.exe -- [2003/04/01 04:00:40 | 001,101,824 | R--- | M] (Indigo Rose Corporation)
    O33 - MountPoints2\{fea2806d-0325-11df-ba96-00265edc96e5}\Shell - "" = AutoRun
    O33 - MountPoints2\{fea2806d-0325-11df-ba96-00265edc96e5}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [1999/09/23 16:58:15 | 000,025,600 | R--- | M] ()
    O34 - HKLM BootExecute: (autocheck autochk /p \??\C - File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/31 09:36:45 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\AppData\Local\Adobe
    [2010/12/31 09:28:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/12/31 09:25:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\TheEarl\Desktop\OTL.exe
    [2010/12/31 09:24:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\TheEarl\Desktop\mbam-setup-1.50.1.1100.exe
    [2010/12/31 09:23:47 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\TheEarl\Desktop\ATF-Cleaner.exe
    [2010/12/27 15:45:44 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\AppData\Local\PunkBuster
    [2010/12/27 15:45:41 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\Documents\BFBC2
    [2010/12/27 15:44:46 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
    [2010/12/27 15:44:46 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
    [2010/12/27 15:44:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
    [2010/12/27 15:44:46 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
    [2010/12/27 15:44:45 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
    [2010/12/27 15:44:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
    [2010/12/27 15:44:45 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
    [2010/12/27 15:44:45 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
    [2010/12/27 15:44:44 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
    [2010/12/27 15:44:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
    [2010/12/27 15:44:44 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
    [2010/12/27 15:44:44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
    [2010/12/27 15:44:41 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
    [2010/12/27 15:44:41 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
    [2010/12/27 15:44:37 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
    [2010/12/27 15:44:37 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
    [2010/12/27 15:44:37 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
    [2010/12/27 15:44:37 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
    [2010/12/27 15:44:37 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
    [2010/12/27 15:44:37 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
    [2010/12/27 15:44:37 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
    [2010/12/27 15:44:37 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
    [2010/12/27 15:44:36 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
    [2010/12/27 15:44:36 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
    [2010/12/27 15:44:36 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
    [2010/12/27 15:44:36 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
    [2010/12/27 15:44:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
    [2010/12/27 15:44:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
    [2010/12/24 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\TheEarl\AppData\Local\Windows Live
    [2010/12/24 21:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2010/12/24 21:06:47 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2010/12/24 21:06:47 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2010/12/24 21:06:47 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
    [2010/12/24 21:06:47 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
    [2010/12/24 21:06:47 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
    [2010/12/24 21:06:46 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
    [2010/12/24 21:06:46 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
    [2010/12/24 21:05:53 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
    [2010/12/24 21:05:52 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
    [2010/12/24 21:05:52 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
    [2010/12/24 21:05:52 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
    [2010/12/24 21:05:52 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
    [2010/12/24 21:05:52 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
    [2010/12/24 21:05:52 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
    [2010/12/24 21:05:52 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
    [2010/12/24 21:05:52 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
    [2010/12/24 21:05:52 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
    [2010/12/24 21:05:52 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
    [2010/12/24 21:05:52 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
    [2010/12/24 21:05:52 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
    [2010/12/24 21:05:52 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
    [2010/12/24 21:05:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
    [2010/12/24 21:05:52 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
    [2010/12/16 16:40:31 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
    [2010/12/16 16:40:22 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
    [2010/12/16 16:40:22 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
    [2010/12/16 16:40:18 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
    [2010/12/16 16:40:15 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
    [2010/12/16 16:40:15 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
    [2010/12/16 16:40:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
    [2010/12/16 16:40:14 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
    [2010/12/16 16:40:14 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
    [2010/12/16 16:40:14 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
    [2010/12/16 16:40:10 | 000,458,840 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
    [2010/12/16 16:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
    [2010/12/16 16:39:34 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
    [2010/12/16 16:39:34 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
    [2010/12/14 13:47:55 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2010/12/14 13:47:55 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2010/12/14 13:47:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2010/12/14 13:47:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2010/12/14 13:47:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
    [2010/12/14 13:47:41 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
    [2010/12/14 13:47:41 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
    [2010/12/14 13:47:41 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
    [2010/12/14 13:47:40 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
    [2010/12/14 13:47:40 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
    [2010/12/14 13:47:40 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
    [2010/12/14 13:47:40 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
    [2010/12/14 13:47:37 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
    [2010/12/14 13:47:37 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
    [2010/12/14 13:47:28 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2010/12/14 13:47:27 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
    [2010/12/14 13:47:27 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
    [2010/12/14 13:47:27 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
    [2010/12/14 13:47:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
    [2010/12/14 13:47:27 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2010/12/14 13:47:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
    [2010/12/14 13:47:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2010/12/14 13:47:27 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2010/12/14 13:47:27 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2010/12/14 13:47:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
    [2010/12/14 13:47:27 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
    [2010/12/14 13:47:27 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
    [2010/12/14 13:47:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
    [2010/12/14 13:47:24 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
    [2010/12/06 12:25:19 | 000,066,552 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\mozy.sys
    [2010/12/06 12:19:41 | 011,336,456 | ---- | C] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
    [3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/31 09:29:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/31 09:28:58 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/31 09:28:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/31 09:26:28 | 000,258,247 | ---- | M] () -- C:\Users\TheEarl\Desktop\Blue screens of death and certain programs won't run.pdf
    [2010/12/31 09:26:27 | 000,000,060 | ---- | M] () -- C:\Windows\wpd99.drv
    [2010/12/31 09:26:08 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
    [2010/12/31 09:25:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\TheEarl\Desktop\OTL.exe
    [2010/12/31 09:25:02 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\TheEarl\Desktop\mbam-setup-1.50.1.1100.exe
    [2010/12/31 09:23:52 | 103,081,825 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
    [2010/12/31 09:23:37 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\TheEarl\Desktop\ATF-Cleaner.exe
    [2010/12/31 09:22:52 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
    [2010/12/31 09:21:52 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Language Model Optimization.job
    [2010/12/31 09:18:22 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
    [2010/12/31 09:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
    [2010/12/31 09:18:15 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2010/12/31 09:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/27 15:45:49 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2010/12/27 15:45:49 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/12/27 15:44:51 | 002,434,856 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/12/27 15:44:51 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/12/27 07:23:08 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/27 07:23:08 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/27 02:41:15 | 000,004,228 | ---- | M] () -- C:\Windows\mozy.blk
    [2010/12/27 02:41:15 | 000,000,550 | ---- | M] () -- C:\Windows\mozy.flt
    [2010/12/25 16:03:28 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\NatSpeak Periodic Acoustic Optimization.job
    [2010/12/24 22:20:48 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2010/12/24 22:20:48 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2010/12/24 22:20:37 | 3217,199,104 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/24 22:20:33 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/12/19 17:47:22 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/12/19 17:47:22 | 000,628,674 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/12/19 17:47:22 | 000,107,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/12/19 02:13:42 | 000,001,622 | ---- | M] () -- C:\Users\TheEarl\Desktop\to do.rtf
    [2010/12/17 18:50:39 | 000,002,962 | ---- | M] () -- C:\Users\TheEarl\Desktop\Attach.zip
    [2010/12/17 18:48:53 | 000,624,128 | ---- | M] () -- C:\Users\TheEarl\Desktop\dds.scr
    [2010/12/17 18:48:05 | 000,000,907 | ---- | M] () -- C:\Users\TheEarl\Desktop\ERUNT.lnk
    [2010/12/16 16:40:47 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2010/12/15 21:07:34 | 000,026,951 | ---- | M] () -- C:\Users\TheEarl\Desktop\147.docx
    [2010/12/14 13:58:11 | 000,462,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/12/06 23:07:37 | 000,007,603 | ---- | M] () -- C:\Users\TheEarl\AppData\Local\Resmon.ResmonCfg
    [2010/12/06 12:25:21 | 000,000,925 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk
    [2010/12/06 12:19:54 | 011,336,456 | ---- | M] (Mozy, Inc.) -- C:\ProgramData\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
    [2010/12/06 12:10:45 | 491,238,013 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/12/05 13:57:26 | 000,001,675 | ---- | M] () -- C:\Users\TheEarl\AppData\Roaming\SAS7_000.DAT
    [2010/12/02 08:18:39 | 000,011,285 | ---- | M] () -- C:\Users\TheEarl\Documents\1.docx
    [2010/12/02 08:10:55 | 000,013,800 | ---- | M] () -- C:\Users\TheEarl\Documents\closing.docx
    [3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/31 09:28:33 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/12/31 09:26:26 | 000,258,247 | ---- | C] () -- C:\Users\TheEarl\Desktop\Blue screens of death and certain programs won't run.pdf
    [2010/12/27 15:45:49 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
    [2010/12/27 15:44:52 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2010/12/27 15:44:51 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2010/12/27 15:44:51 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/12/17 18:50:39 | 000,002,962 | ---- | C] () -- C:\Users\TheEarl\Desktop\Attach.zip
    [2010/12/17 18:48:53 | 000,624,128 | ---- | C] () -- C:\Users\TheEarl\Desktop\dds.scr
    [2010/12/17 18:48:05 | 000,000,907 | ---- | C] () -- C:\Users\TheEarl\Desktop\ERUNT.lnk
    [2010/12/16 16:40:14 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
    [2010/12/15 18:49:23 | 000,026,951 | ---- | C] () -- C:\Users\TheEarl\Desktop\147.docx
    [2010/12/09 10:39:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2010/12/09 10:39:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysNative\rpcnetp.exe
    [2010/12/09 10:39:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2010/12/06 23:07:37 | 000,007,603 | ---- | C] () -- C:\Users\TheEarl\AppData\Local\Resmon.ResmonCfg
    [2010/12/02 08:18:38 | 000,011,285 | ---- | C] () -- C:\Users\TheEarl\Documents\1.docx
    [2010/12/01 14:22:49 | 000,013,800 | ---- | C] () -- C:\Users\TheEarl\Documents\closing.docx
    [2010/11/12 22:17:02 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/08/29 18:39:43 | 000,068,473 | ---- | C] () -- C:\Program Files (x86)\hminstalllog.txt
    [2010/08/17 21:58:15 | 000,004,200 | ---- | C] () -- C:\Users\TheEarl\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    [2010/04/29 20:12:55 | 000,733,320 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/04/22 16:10:19 | 000,038,433 | ---- | C] () -- C:\Users\TheEarl\AppData\Roaming\Comma Separated Values (Windows).ADR
    [2010/02/17 19:12:37 | 000,012,800 | ---- | C] () -- C:\Users\TheEarl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/16 23:47:27 | 000,066,936 | -HS- | C] () -- C:\Windows\dlinfo_0.drv
    [2010/01/16 22:32:28 | 000,000,393 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/01/15 18:10:17 | 000,001,675 | ---- | C] () -- C:\Users\TheEarl\AppData\Roaming\SAS7_000.DAT
    [2010/01/14 01:47:41 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
    [2010/01/14 01:47:40 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

    ========== LOP Check ==========

    [2010/11/28 18:18:47 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\AVG10
    [2010/10/25 21:29:59 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\BitTorrent
    [2010/01/12 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Greyfirst
    [2010/11/02 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\HandBrake
    [2010/08/29 18:41:04 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\HEM Data
    [2010/07/24 19:19:38 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\HW group
    [2010/08/14 20:25:51 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Leawo
    [2010/08/23 12:50:52 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\ManyCam
    [2010/10/07 16:31:23 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Mikogo
    [2010/01/15 17:35:14 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Nuance
    [2010/01/10 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\OpenOffice.org
    [2010/01/14 01:51:52 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\pdf995
    [2010/07/24 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\TheEarl\AppData\Roaming\Tunngle
    [2010/12/25 16:03:28 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
    [2010/12/31 09:21:52 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\NatSpeak Periodic Language Model Optimization.job
    [2010/12/31 09:18:16 | 000,000,884 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001Core.job
    [2010/12/31 09:18:22 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-4210094983-2902076926-636801332-1001UA.job
    [2010/10/13 14:45:27 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 222 bytes -> C:\ProgramData\TEMP:F35A93AD
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:DDE29E40

    < End of report >

  4. #4
    Member
    Join Date
    Oct 2009
    Posts
    65

    Default

    OTL Extras logfile created on: 12/31/2010 9:46:34 AM - Run 1
    OTL by OldTimer - Version 3.2.18.2 Folder = C:\Users\TheEarl\Desktop
    64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.85 Gb Total Space | 71.41 Gb Free Space | 30.67% Space Free | Partition Type: NTFS
    Unable to calculate disk information.
    Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 571.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive G: | 691.95 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: THEMOTHERSHIP | User Name: TheEarl | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64)
    "{5DDF6B75-2369-4D52-9867-10EFD8878185}" = AVG 2011
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
    "{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
    "{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome
    "{E4C703FE-7F5C-475D-9458-8E2FD7110790}" = AVG 2011
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2011
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
    "{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
    "AudibleDownloadManager" = Audible Download Manager
    "Battle.net" = Battle.net
    "BitTorrent" = BitTorrent
    "Celtx (2.7)" = Celtx (2.7)
    "Diablo" = Diablo
    "DivX Setup.divx.com" = DivX Setup
    "ERUNT_is1" = ERUNT 1.1j
    "Handbrake" = Handbrake 0.9.4
    "HoldemManager" = Holdem Manager
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mikogo" = Mikogo
    "Pdf995" = Pdf995
    "PokerStars" = PokerStars
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "PunkBusterSvc" = PunkBuster Services
    "Quick Screen Capture 2.2_is1" = Quick Screen Capture 2.2
    "Steam App 12130" = Manhunt
    "Steam App 12140" = Max Payne
    "Steam App 12150" = Max Payne 2: The Fall of Max Payne
    "Steam App 12200" = Bully: Scholarship Edition
    "Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
    "Steam App 24960" = Battlefield: Bad Company 2
    "Steam App 410" = Portal: The First Slice
    "Steam App 6000" = Star Wars Republic Commando
    "Steam App 8980" = Borderlands
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "VLC media player" = VLC media player 1.0.3
    "War2Combat_is1" = War2Combat 3.05
    "Warcraft II BNE" = Warcraft II BNE
    "ZoneAlarm" = ZoneAlarm

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "RockMelt" = RockMelt

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/25/2010 4:10:13 AM | Computer Name = TheMothership | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 19391

    Error - 12/25/2010 4:10:13 AM | Computer Name = TheMothership | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 19391

    Error - 12/25/2010 7:08:26 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 8:08:26 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
    Description =

    Error - 12/25/2010 9:08:26 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
    Description =

    Error - 12/26/2010 1:45:38 PM | Computer Name = TheMothership | Source = Google Update | ID = 20
    Description =

    Error - 12/26/2010 4:30:11 PM | Computer Name = TheMothership | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4c525184 Faulting module name: vstdlib.dll, version: 0.0.0.0, time stamp: 0x4c6ca968
    Exception
    code: 0xc0000005 Fault offset: 0x0000204e Faulting process id: 0x10d0 Faulting application
    start time: 0x01cba53b7c1b96f8 Faulting application path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\hl2.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\bin\vstdlib.dll
    Report
    Id: ef64e672-112e-11e0-9442-00265edc96e5

    Error - 12/27/2010 3:53:54 AM | Computer Name = TheMothership | Source = Application Error | ID = 1000
    Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
    0x4c525184 Faulting module name: vstdlib.dll, version: 0.0.0.0, time stamp: 0x4c6ca968
    Exception
    code: 0xc0000005 Fault offset: 0x0000204e Faulting process id: 0x11e4 Faulting application
    start time: 0x01cba59ad9737f8f Faulting application path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\hl2.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\thaedonxhanphiq\portal\bin\vstdlib.dll
    Report
    Id: 73410c0d-118e-11e0-9442-00265edc96e5

    Error - 12/27/2010 1:14:21 PM | Computer Name = TheMothership | Source = MsiInstaller | ID = 10005
    Description =

    Error - 12/31/2010 11:18:20 AM | Computer Name = TheMothership | Source = Google Update | ID = 20
    Description =

    [ OSession Events ]
    Error - 2/12/2010 10:26:13 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 67
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 2/12/2010 10:33:19 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 144
    seconds with 120 seconds of active time. This session ended with a crash.

    Error - 3/11/2010 4:55:37 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 394
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 5/1/2010 12:26:41 AM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 29620
    seconds with 8580 seconds of active time. This session ended with a crash.

    Error - 5/4/2010 11:30:09 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 208453
    seconds with 34560 seconds of active time. This session ended with a crash.

    Error - 11/19/2010 4:51:30 PM | Computer Name = TheMothership | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 70303
    seconds with 4920 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/19/2010 10:01:16 PM | Computer Name = TheMothership | Source = Microsoft-Windows-Kernel-General | ID = 5
    Description =

    Error - 11/20/2010 1:21:34 AM | Computer Name = TheMothership | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 11/21/2010 7:20:07 PM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/21/2010 7:20:32 PM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/21/2010 7:21:32 PM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Apple Mobile Device service,
    but this action failed with the following error: %%1056

    Error - 11/25/2010 2:05:58 AM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
    Client Service service to connect.

    Error - 11/25/2010 2:05:58 AM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7000
    Description = The Steam Client Service service failed to start due to the following
    error: %%1053

    Error - 11/25/2010 3:29:30 AM | Computer Name = TheMothership | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom2.

    Error - 11/25/2010 4:06:29 AM | Computer Name = TheMothership | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 11/26/2010 1:03:26 AM | Computer Name = TheMothership | Source = cdrom | ID = 262155
    Description = The driver detected a controller error on \Device\CdRom2.


    < End of report >

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Your logs are clean, but what I am seeing could possibly be a bad hard disk.


    These two files are from Absolute Software Corp, they where flagged as bad by Malwarebytes and where checked and determined to be false positives, Malwarebytes has since corrected this and these files are not removed any longer
    rcpnetp.exe
    rcpnetp.dll



    autochk.exe <--This file is related to chkdisk and appears to be corrupted.

    There also appears to be corruption in a few other areas, also with what your saying about blue screens and chkdisk running.


    Also, its possible that a virus has corrupted those files, I would like you to run this tool by Symantec and see what it turns up. If this Virus is not present than I can link you to a windows forum for help as we just do malware removal on this one. I also would suggest at this point to back up any pictures and documents that you dont want to lose.

    Virut Removal Tool
    http://www.symantec.com/security_res...022016-4444-99
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Member
    Join Date
    Oct 2009
    Posts
    65

    Default

    Thanks for your help. Virut was not found.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    One last scan before I link you to a windows forum.

    Please do a scan with Kaspersky Online Scanner or from Here.
    • Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run. (At times it may appear to stall)
    • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
      • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
      • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    • Once the scan is complete, click on View scan report To obtain the report:
    • Click on: Save Report As
    • Next, in the Save as prompt, Save in area, select: Desktop
    • In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select: Text file [*.txt]
    • Then, click: Save
    • Please post the Kaspersky Online Scanner Report in your reply.


    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Member
    Join Date
    Oct 2009
    Posts
    65

    Default

    Got the following error message:

    Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

    Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Kaspersky has been a bit finicky lately, lets try ESET


    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Member
    Join Date
    Oct 2009
    Posts
    65

    Default

    One threat found:

    C:\Program Files (x86)\Steam\steamapps\common\max payne\testapp.exe probably a variant of Win32/PSW.LdPinch.HGDDABK trojan cleaned by deleting - quarantined


    The log file contained the following:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •