Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Think I'm infected, not sure.

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Posts
    16

    Default Think I'm infected, not sure.

    Been a while since I posted here, so forgive me if this is in the wrong place.

    Here's the scoop: I believe I'm infected, but I honestly have no idea. My laptop, a stock Asus G73Jw, has suddenly stopped connecting to the wireless (and wired) here at home. Here's what I know:

    a) The wireless still functions (I'm using an old laptop on it right now to type this)
    b) Both the router and the wireless router and the laptop in question have been power cycled multiple times
    c) The laptop in question can *detect* the wireless networks, but cannot *connect* to them, and the device manager says the wireless and wired hardware is functioning properly
    d) Avast version 111118-1 (I tried to update using a flash drive and this laptop) has been run twice now, and nothing has turned up. Spybot SD (version 1.6.2.46) has also been run twice and nothing has turned up.
    e) there are no other discernible symptoms, which only adds to my confusion.

    At this point I've run out of tricks, I've never seen anything like this before, and have no idea what to do. As I said above, there's no sluggishness, no random popups, the computer is totally normal, aside from the fact that it won't connect to the internet at all.

    I'll check this thread occasionally, as I have this laptop sitting right next to the one in question. Until then, Skyrim!

  2. #2
    Junior Member
    Join Date
    Jan 2009
    Posts
    16

    Default

    It occurred to me shortly after I hit "post" that I should also add my DDS.txt. Here it is:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
    Run by Colin Ahern at 7:35:32 on 2011-11-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8116.6431 [GMT -8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\SysWOW64\PnkBstrB.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://asus.msn.com
    uDefault_Page_URL = hxxp://asus.msn.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
    mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 172.16.42.1
    TCP: Interfaces\{22C60620-3693-4DB7-B6D7-FD16290C125A} : DhcpNameServer = 172.16.42.1
    TCP: Interfaces\{22C60620-3693-4DB7-B6D7-FD16290C125A}\5676C65637961613939303 : DhcpNameServer = 10.0.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    BHO-X64: Search Helper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    BHO-X64: Google Dictionary Compression sdch - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [ASUS VIBE] C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe /S
    mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Colin Ahern\AppData\Roaming\Mozilla\Firefox\Profiles\b3yqkken.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - prefs.js: browser.startup.homepage - hotmail.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npbyond.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Colin Ahern\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2011-11-15 30080]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-23 40384]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-4 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-29 2314240]
    R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-23 40384]
    R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-11-23 40384]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-9-29 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-9-29 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-16 04:57:37 -------- d-----w- C:\Program Files (x86)\HWiNFO32
    2011-11-13 06:32:51 -------- d-----w- C:\Program Files (x86)\E9F4B
    2011-11-13 06:32:40 -------- d-----w- C:\Users\Colin Ahern\AppData\Roaming\2C6E9
    2011-11-13 06:32:39 -------- d-----w- C:\Program Files (x86)\LP
    2011-11-13 06:32:32 -------- d-----w- C:\Users\Colin Ahern\AppData\Roaming\l333pmmG5aQJdW8
    2011-11-13 06:32:26 -------- d-----w- C:\Users\Colin Ahern\AppData\Roaming\QqqhhYXwwkV
    2011-11-13 06:32:25 -------- d-----w- C:\Users\Colin Ahern\AppData\Roaming\KnnnGG4amH6sJ7E
    2011-11-13 06:32:18 -------- d-----w- C:\Users\Colin Ahern\AppData\Roaming\lzzOONyyxA0vSib
    2011-11-13 06:32:17 -------- d-----w- C:\Users\Colin Ahern\AppData\Roaming\dEEKK8gRRZhY
    2011-11-13 04:28:45 -------- d-----w- C:\Users\Colin Ahern\AppData\Local\Skyrim
    2011-11-12 17:38:54 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF25BB9A-35F7-4239-AE38-A340A7BE6C18}\offreg.dll
    2011-11-11 12:05:51 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DF25BB9A-35F7-4239-AE38-A340A7BE6C18}\mpengine.dll
    2011-11-09 02:59:46 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-09 01:34:10 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 01:34:10 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 01:34:09 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-10-28 04:10:25 -------- d-----w- C:\Users\Colin Ahern\AppData\Local\Electronic Arts
    2011-10-26 14:25:56 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2011-10-26 14:25:56 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    .
    ==================== Find3M ====================
    .
    2011-11-19 15:07:27 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-09 15:10:10 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-22 02:43:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-08-22 02:43:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    .
    ============= FINISH: 7:36:10.15 ===============
    Last edited by tashi; 2011-11-26 at 17:00. Reason: Copy pasted log into topic- as per forum sticky ;-)

  3. #3
    Junior Member
    Join Date
    Jan 2009
    Posts
    16

    Default

    Been about a week, gonna bump this in hopes that someone can at least tell me whether its a hardware or software problem. Thanks!

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello saltedfish,
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count.
    FYI
    Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days

    Best regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  5. #5
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Sorry for the delay but we get a bit overwhelmed at times and sometimes a thread or two fall through the cracks.

    Why dont you post here and see if they can get you up and running, then post back and we will look deeper into your system to be sure there is no malware present, it would be kind of hard to do this with no internet

    http://forums.whatthetech.com/index.php?showforum=128


    I will wait for your reply

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #6
    Junior Member
    Join Date
    Jan 2009
    Posts
    16

    Default

    At the risk of offending the forum gods, I'll make one last post here.

    I initially posted here under the assumption that the problem was malware, and in fact by posting here I was more hoping for a "it's a virus" or "its not a virus" response. The issue no longer appears to be a malware problem, and I have posted at What the Tech and explained the problem in detail. I suppose we can just close this thread, and if the problem is fixed but proves to have a malware component, I'll make a new thread here with updated information.

    At any rate, thank you and keep on being awesome.

  7. #7
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning, no offence taken, it can be real difficult to run scans and get the info back to me with no internet, you would have to download the programs from a known clean computer, transfer to this one, then transfer the logs back to the good one and post them, but if you would like to proceed that way we can. Either way I will keep this thread open for you until you post back with an internet connection.


    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply







    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please






    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #8
    Junior Member
    Join Date
    Jan 2009
    Posts
    16

    Default

    Okay, brace for a ton of text. Judging by your instructions, it seems you want me to post the contents of the files in the actual post, instead of attaching the files. I'll do that until you yell at me not to.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-29 06:09:54
    -----------------------------
    06:09:54.957 OS Version: Windows x64 6.1.7601 Service Pack 1
    06:09:54.957 Number of processors: 8 586 0x1E05
    06:09:54.957 ComputerName: CERBERUS UserName:
    06:09:59.216 Initialize success
    06:09:59.356 AVAST engine defs: 11111801
    06:10:06.267 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    06:10:06.267 Disk 0 Vendor: ST975042 0001 Size: 715404MB BusType: 3
    06:10:06.298 Disk 0 MBR read successfully
    06:10:06.298 Disk 0 MBR scan
    06:10:06.298 Disk 0 Windows 7 default MBR code
    06:10:06.298 Service scanning
    06:10:13.958 Modules scanning
    06:10:13.958 Disk 0 trace - called modules:
    06:10:13.989 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    06:10:13.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e17790]
    06:10:13.989 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8007ba6e40]
    06:10:14.005 5 ACPI.sys[fffff88000faa7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007ba9050]
    06:10:14.972 AVAST engine scan C:\Windows
    06:10:17.608 AVAST engine scan C:\Windows\system32
    06:11:45.093 AVAST engine scan C:\Windows\system32\drivers
    06:12:01.333 AVAST engine scan C:\Users\Colin Ahern
    06:16:29.092 AVAST engine scan C:\ProgramData
    06:17:14.457 Scan finished successfully
    15:47:43.151 Disk 0 MBR has been saved successfully to "C:\Users\Colin Ahern\Desktop\MBR.dat"
    15:47:43.151 The log file has been saved successfully to "C:\Users\Colin Ahern\Desktop\aswMBR.txt"




    OTL Extras logfile created on: 11/29/2011 4:24:34 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colin Ahern\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.08% Memory free
    15.85 Gb Paging File | 14.51 Gb Available in Paging File | 91.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 174.66 Gb Total Space | 37.48 Gb Free Space | 21.46% Space Free | Partition Type: NTFS
    Drive D: | 504.44 Gb Total Space | 443.92 Gb Free Space | 88.00% Space Free | Partition Type: NTFS
    Drive E: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 74.50 Gb Total Space | 29.65 Gb Free Space | 39.80% Space Free | Partition Type: FAT32

    Computer Name: CERBERUS | User Name: Colin Ahern | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3205341673-3714787834-18347199-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}" = Fresco Logic USB3.0 Host Controller
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb" = estamp_exe
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    "7341A1B43E7FE58942EB1E820A17C18305DFBCE6" = Windows Driver Package - Broadcom Bluetooth (01/19/2010 6.2.0.1417)
    "85CE3A3657FAE5FD305B143E90E6FC89BA53001C" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (02/25/2010 6.2.0.9419)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Drivers" = NVIDIA Drivers
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "USB2.0 UVC 2M WebCam" = USB2.0 UVC 2M WebCam
    "WinRAR archiver" = WinRAR 4.00 beta 1 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}" = Roleplaying City Map Generator 5.40
    "{3B9F15ED-C087-4FBB-805E-EE24D2AE2E13}" = Mastercam X5 Demo/Home Learning Edition
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{48530DE6-19F9-489D-809E-AFAA8AACC6DF}" = SplitMediaLabs VH Screen Capture Driver (x86)
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
    "{63A56D6A-8AA4-4568-A9E0-790D31B2F30E}" = Adobe Flash Media Encoder 2.5
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B11AB9C8-18A6-41DC-98B4-4988CC030136}" = THX TruStudio
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C9991C9B-0783-452E-8954-AB93E2AB3B80}_is1" = Game Park Console
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
    "{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{FAF34181-8A35-4182-B297-EB7E0F5B7A5A}" = XSplit
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "ASUS AP Bank_is1" = ASUS AP Bank
    "ASUS VIBE" = ASUS VIBE
    "AudibleManager" = AudibleManager
    "avast5" = avast! Free Antivirus
    "BitTorrent" = BitTorrent
    "Build Your Own Net Dream" = Build Your Own Net Dream (remove only)
    "CDisplay_is1" = CDisplay 1.8
    "Diablo II" = Diablo II
    "ERUNT_is1" = ERUNT 1.1j
    "HWiNFO32_is1" = HWiNFO32 Version 3.90
    "InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
    "InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "Notepad++" = Notepad++
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "OpenAL" = OpenAL
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 17450" = Dragon Age: Origins
    "Steam App 218" = Source SDK Base 2007
    "Steam App 47780" = Dead Space 2
    "Steam App 72850" = The Elder Scrolls V: Skyrim
    "Steam App 7670" = BioShock
    "Steam App 8140" = Tomb Raider: Underworld
    "SystemRequirementsLab" = System Requirements Lab
    "VH Toolkit_is1" = VH Toolkit 1.0.15.0
    "VLC media player" = VLC media player 1.1.7
    "Voobly_is1" = Voobly
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3205341673-3714787834-18347199-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/22/2011 10:00:12 AM | Computer Name = Cerberus | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The server name or address could not be resolved

    Error - 11/22/2011 8:26:54 PM | Computer Name = Cerberus | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
    = 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
    Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
    Writer Instance ID: {bc7191f7-edfc-43ec-8f9f-64a306247463}

    Error - 11/22/2011 8:37:06 PM | Computer Name = Cerberus | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The server name or address could not be resolved

    Error - 11/22/2011 10:09:24 PM | Computer Name = Cerberus | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 11/22/2011 10:09:28 PM | Computer Name = Cerberus | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
    enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
    "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
    on line 2. Invalid Xml syntax.

    Error - 11/23/2011 9:53:17 AM | Computer Name = Cerberus | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
    = 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
    Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
    Writer Instance ID: {ec7ef4ca-699f-4ccb-83b5-e2e3a1445b81}

    Error - 11/23/2011 10:03:09 AM | Computer Name = Cerberus | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 11/23/2011 10:03:09 AM | Computer Name = Cerberus | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    Error - 11/23/2011 10:03:27 AM | Computer Name = Cerberus | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: The server name or address could not be resolved

    Error - 11/23/2011 3:19:13 PM | Computer Name = Cerberus | Source = VSS | ID = 8193
    Description = Volume Shadow Copy Service error: Unexpected error calling routine
    RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
    = 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
    Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
    Writer Instance ID: {3c79782f-7ba8-4944-a94d-b2ab277ca81a}

    [ System Events ]
    Error - 7/6/2011 5:13:57 AM | Computer Name = Cerberus | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 7/7/2011 12:52:59 AM | Computer Name = Cerberus | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 9:51:24 PM on ?7/?6/?2011 was unexpected.

    Error - 7/8/2011 1:32:09 AM | Computer Name = Cerberus | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:30:37 PM on ?7/?7/?2011 was unexpected.

    Error - 7/9/2011 3:09:41 AM | Computer Name = Cerberus | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:08:16 AM on ?7/?9/?2011 was unexpected.

    Error - 7/9/2011 4:53:46 AM | Computer Name = Cerberus | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:52:18 AM on ?7/?9/?2011 was unexpected.


    < End of report >


    [QUOTE="mbam-log-2011-11-29 (15-50-40).txt"]Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7622

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    11/29/2011 3:50:40 PM
    mbam-log-2011-11-29 (15-50-40).txt

    Scan type: Quick scan
    Objects scanned: 179543
    Time elapsed: 1 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    OTL logfile created on: 11/29/2011 4:24:34 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Colin Ahern\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 84.08% Memory free
    15.85 Gb Paging File | 14.51 Gb Available in Paging File | 91.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 174.66 Gb Total Space | 37.48 Gb Free Space | 21.46% Space Free | Partition Type: NTFS
    Drive D: | 504.44 Gb Total Space | 443.92 Gb Free Space | 88.00% Space Free | Partition Type: NTFS
    Drive E: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive F: | 74.50 Gb Total Space | 29.65 Gb Free Space | 39.80% Space Free | Partition Type: FAT32

    Computer Name: CERBERUS | User Name: Colin Ahern | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Colin Ahern\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
    PRC - C:\Windows\AsScrPro.exe (ASUS)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
    PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
    SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
    SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
    SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
    SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
    SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (FLxHCIc) Fresco Logic xHCI (USB3) -- C:\Windows\SysNative\drivers\FLxHCIc.sys (Fresco Logic)
    DRV:64bit: - (FLxHCIh) Fresco Logic xHCI (USB3) -- C:\Windows\SysNative\drivers\FLxHCIh.sys (Fresco Logic)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
    DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
    DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
    DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (HWiNFO32) -- C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS (REALiX(tm))
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3205341673-3714787834-18347199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    IE - HKU\S-1-5-21-3205341673-3714787834-18347199-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    IE - HKU\S-1-5-21-3205341673-3714787834-18347199-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3205341673-3714787834-18347199-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "hotmail.com"
    FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.15
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
    FF - prefs.js..network.proxy.type: 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Colin Ahern\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files (x86)\BYOND\bin\npbyond.dll (BYOND)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/10 17:37:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/23 14:29:01 | 000,000,000 | ---D | M]

    [2010/11/23 22:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin Ahern\AppData\Roaming\Mozilla\Extensions
    [2011/11/12 11:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Colin Ahern\AppData\Roaming\Mozilla\Firefox\Profiles\b3yqkken.default\extensions
    [2011/11/10 17:37:35 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Colin Ahern\AppData\Roaming\Mozilla\Firefox\Profiles\b3yqkken.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
    [2010/11/28 00:40:58 | 000,002,057 | ---- | M] () -- C:\Users\Colin Ahern\AppData\Roaming\Mozilla\Firefox\Profiles\b3yqkken.default\searchplugins\youtube-video-search.xml
    [2011/11/10 17:37:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/02/12 13:13:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    () (No name found) -- C:\USERS\COLIN AHERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B3YQKKEN.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170633FE}.XPI
    () (No name found) -- C:\USERS\COLIN AHERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B3YQKKEN.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
    () (No name found) -- C:\USERS\COLIN AHERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B3YQKKEN.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\COLIN AHERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B3YQKKEN.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
    [2011/11/10 17:37:17 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/07/08 13:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files (x86)\mozilla firefox\plugins\npbyond.dll
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/05/06 06:55:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/10 17:37:17 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3205341673-3714787834-18347199-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3205341673-3714787834-18347199-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.42.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22C60620-3693-4DB7-B6D7-FD16290C125A}: DhcpNameServer = 172.16.42.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/10/06 07:01:16 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{155ab4dd-cc45-11df-b102-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{155ab4dd-cc45-11df-b102-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011/10/06 07:01:18 | 000,355,920 | R--- | M] (Valve Corporation)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/29 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\Malwarebytes
    [2011/11/29 15:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/11/29 15:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/11/29 15:48:04 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/11/29 15:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/11/29 06:09:43 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Colin Ahern\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/29 06:09:43 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Colin Ahern\Desktop\OTL.exe
    [2011/11/29 06:09:42 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Colin Ahern\Desktop\aswMBR.exe
    [2011/11/26 09:28:40 | 000,000,000 | ---D | C] -- C:\Windows\Options
    [2011/11/26 09:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
    [2011/11/26 09:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
    [2011/11/26 09:28:06 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\Desktop\atheros_v9.2.0.105
    [2011/11/25 22:35:24 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\Intel
    [2011/11/25 22:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
    [2011/11/25 22:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
    [2011/11/25 22:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
    [2011/11/25 22:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
    [2011/11/25 22:33:15 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\Desktop\WiFi_Intel_1000_Win7_64_Z132030
    [2011/11/19 07:32:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/19 07:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2011/11/19 07:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2011/11/15 20:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO32
    [2011/11/15 20:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HWiNFO32
    [2011/11/12 22:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\E9F4B
    [2011/11/12 22:32:40 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\2C6E9
    [2011/11/12 22:32:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
    [2011/11/12 22:32:32 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\l333pmmG5aQJdW8
    [2011/11/12 22:32:26 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\QqqhhYXwwkV
    [2011/11/12 22:32:25 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\KnnnGG4amH6sJ7E
    [2011/11/12 22:32:18 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\lzzOONyyxA0vSib
    [2011/11/12 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Roaming\dEEKK8gRRZhY
    [2011/11/12 20:28:45 | 000,000,000 | ---D | C] -- C:\Users\Colin Ahern\AppData\Local\Skyrim
    [1 C:\Users\Colin Ahern\AppData\Local\*.tmp files -> C:\Users\Colin Ahern\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/29 16:19:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/29 16:19:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/29 16:12:11 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
    [2011/11/29 16:11:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/29 16:11:46 | 2087,997,439 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/29 15:48:07 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/29 15:47:43 | 000,000,512 | ---- | M] () -- C:\Users\Colin Ahern\Desktop\MBR.dat
    [2011/11/29 06:08:08 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Colin Ahern\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/11/29 06:07:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Colin Ahern\Desktop\OTL.exe
    [2011/11/29 06:07:42 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Colin Ahern\Desktop\aswMBR.exe
    [2011/11/28 18:31:49 | 001,233,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/28 18:31:49 | 000,331,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/28 18:31:49 | 000,006,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/25 22:18:58 | 050,049,747 | ---- | M] () -- C:\Users\Colin Ahern\Desktop\WiFi_Intel_1000_Win7_64_Z132030.zip
    [2011/11/19 07:32:23 | 000,000,907 | ---- | M] () -- C:\Users\Colin Ahern\Desktop\ERUNT.lnk
    [2011/11/16 19:17:09 | 000,001,823 | ---- | M] () -- C:\Users\Colin Ahern\Desktop\TESV.exe - Shortcut.lnk
    [2011/11/11 16:02:54 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2011/11/11 10:21:22 | 000,275,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/11/10 17:37:38 | 000,002,050 | ---- | M] () -- C:\Users\Colin Ahern\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [1 C:\Users\Colin Ahern\AppData\Local\*.tmp files -> C:\Users\Colin Ahern\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/29 15:48:07 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/11/29 15:47:43 | 000,000,512 | ---- | C] () -- C:\Users\Colin Ahern\Desktop\MBR.dat
    [2011/11/25 22:33:09 | 050,049,747 | ---- | C] () -- C:\Users\Colin Ahern\Desktop\WiFi_Intel_1000_Win7_64_Z132030.zip
    [2011/11/19 07:32:23 | 000,000,907 | ---- | C] () -- C:\Users\Colin Ahern\Desktop\ERUNT.lnk
    [2011/11/16 19:17:09 | 000,001,823 | ---- | C] () -- C:\Users\Colin Ahern\Desktop\TESV.exe - Shortcut.lnk
    [2011/07/04 00:32:18 | 000,003,584 | ---- | C] () -- C:\Users\Colin Ahern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/28 01:35:00 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
    [2011/06/11 02:35:42 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/05/09 19:49:41 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/02/12 13:23:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/02/01 19:22:26 | 000,000,000 | ---- | C] () -- C:\Windows\McHmm.INI
    [2011/01/21 22:15:12 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/01/21 22:15:11 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2011/01/21 22:15:11 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/12/26 07:59:33 | 000,006,598 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/09/29 20:02:01 | 000,001,200 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2010/09/29 20:02:01 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2010/09/29 20:02:01 | 000,001,099 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2010/09/29 20:01:59 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/09/29 20:01:59 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/09/29 19:30:38 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
    [2010/02/08 23:07:38 | 000,020,480 | ---- | C] () -- C:\Windows\OOBEPlayer.exe
    [2010/02/08 23:07:38 | 000,000,269 | ---- | C] () -- C:\Windows\OOBEPlayer.ini
    [2009/10/25 19:38:22 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
    [2009/07/28 21:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/05/18 19:39:57 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
    [2005/08/30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\SysWow64\RGSS102J.dll
    [2005/08/30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\SysWow64\RGSS102E.dll
    [2005/08/30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\SysWow64\RGSS100J.dll
    [2005/04/04 07:59:00 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\implode.dll
    [1997/06/13 16:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

    ========== LOP Check ==========

    [2011/10/17 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\.minecraft
    [2011/11/12 11:28:03 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\.purple
    [2011/11/12 22:32:40 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\2C6E9
    [2011/09/10 23:13:25 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\Amazon
    [2011/03/14 19:26:17 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\AtomZombieDemoData
    [2011/10/27 19:25:57 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\Bioshock
    [2011/11/29 06:04:34 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\BitTorrent
    [2011/11/12 22:32:17 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\dEEKK8gRRZhY
    [2011/09/09 19:50:37 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\gtk-2.0
    [2011/11/28 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\IrfanView
    [2011/03/14 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\Kalypso Media
    [2011/11/12 22:32:25 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\KnnnGG4amH6sJ7E
    [2011/11/12 22:32:32 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\l333pmmG5aQJdW8
    [2011/11/12 22:32:18 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\lzzOONyyxA0vSib
    [2010/12/13 18:33:37 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\Notepad++
    [2011/11/12 22:32:26 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\QqqhhYXwwkV
    [2011/05/26 10:42:57 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\RIFT
    [2011/11/15 22:24:57 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\SoftGrid Client
    [2011/09/30 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\SplitMediaLabs
    [2011/01/16 21:44:48 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\SystemRequirementsLab
    [2010/12/26 08:00:38 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\TP
    [2011/03/05 22:07:58 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\Ubisoft
    [2011/03/20 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\Unity
    [2011/03/21 21:42:35 | 000,000,000 | ---D | M] -- C:\Users\Colin Ahern\AppData\Roaming\WinterVoicesDemo
    [2011/11/17 18:00:09 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >


    There you have it in all it's glory.
    Last edited by ken545; 2011-11-30 at 04:29. Reason: Removed Quotes

  9. #9
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not really looking at anything earthshattering , lets see what the Networking people find
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Jan 2009
    Posts
    16

    Default

    Apparently I went and committed the gran faux pas by posting in the What the Tech forums. I sincerely hope this doesn't adversely effect the process here, but I was instructed, and rightly so, to post a link to THAT forum here as well. Here it is:

    forums.whatthetech.com/index.php?showtopic=121326&st=0&gopid=760306

    Thanks in advance for your continued patience.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •