1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Reappearing proxy setting and authorization failure

Discussion in 'All Other Software' started by jstockton, Dec 29, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    I have an application that needs to connect to authorize my purchase, but when it tries is unable to.

    Here are somethings that I have tried/done to resolve this
    1. Ran MSFT Network Monitor and see that the outbound IP address when trying to activate is 27.0.0.1:6092
    2. Searched for network settings in IE, Chrome, etc to see if anything was set and found nothing.
    3. Searched through the registry and found two places where this IP address and port were set for the proxy
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    and
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    4. Cleared out the settings in both of the keys above and tried the activation again only to find that the settings came back.
    5. Ran Process Monitor and found that the application I am trying to authorize was the source of the registry settings.
    6. In an attempt to find out if this was normal behavior for this software, I installed it on a different PC and through the same monitoring processes above, found that this was not how it should be working. None of the proxy settings on my second PC where changed and I when I monitored the network traffic saw that it was going to the correct destination.
    7. I then uninstalled and reinstalled the application only to find that the same results of the registry changing and not being able to activate.
    8. Installed and ran MSFT Security Essentials, SUPERAntiSpyware, and Malwarebytes' Anti-Malware. I found some issues and cleaned them, tried the activation again and no luck.

    I am obviously missing something or have an infection of some sorts that I can't find through these scanners. I am out of options. Any suggestions on what to try next?

    Thanks,
    Jason
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Please click HERE to download and install HijackThis.

    Run it and select Do a system scan and save a logfile from the Main Menu.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    IMPORTANT: Do not fix anything
     
  3. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    As requested:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:08:26 PM, on 12/29/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Vista4Cast\Vista4Cast.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\IRTrans\irtranstray.exe
    C:\Program Files\Subsonic\subsonic-agent.exe
    C:\Program Files\IRTrans\IRSERVER.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe
    C:\Windows\ehome\ehShell.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\eHome\ehExtHost.exe
    C:\Windows\eHome\EhTray.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Windows\system32\rdpclip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Vista4Cast\Vista4Cast.exe
    C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Subsonic\subsonic-agent.exe
    C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe
    C:\Windows\eHome\EhTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\SmartLabs\HouseLinc\HouseLinc.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\eHome\ehExtHost.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jason\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Jason\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: 85.17.80.246 tracker.openbittorrent.com # TORRENT REDIRECT
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O4 - HKLM\..\Run: [Vista4Cast] C:\Program Files\Vista4Cast\Vista4Cast.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [RoxioNowMediaManagerApp] C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe -start
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAA1ADcANQAwADIANQA2ADQALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA0AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.872
    O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: mcfsix.exe
    O4 - Global Startup: IRTranstray USB.lnk = C:\Program Files\IRTrans\irtranstray.exe
    O4 - Global Startup: mkRemote.lnk = C:\Program Files\mkRemote\mkRemote.exe
    O4 - Global Startup: Subsonic.lnk = C:\Program Files\Subsonic\subsonic-agent.exe
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.cinemanow.com
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: OCUR SDV Service (DkTahsp) - Digital Keystone, Inc. - C:\Windows\system32\dktahsp.exe
    O23 - Service: mHome Automation Server (mControlServer) - Embedded Automation, Inc. - C:\Program Files\Embedded Automation\mControl\server\mServer.exe
    O23 - Service: RoxioNow Service - Roxio - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
    O23 - Service: ShowAnalyzerMaster - Dragon Global - C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
    O23 - Service: Subsonic - Unknown owner - C:\Program Files\Subsonic\subsonic-service.exe

    --
    End of file - 6434 bytes
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Was that application something like µTorrent or another Torrent download program?

    Are you the one who has edited your HOSTS file?

    O1 - Hosts: 85.17.80.246 tracker.openbittorrent.com # TORRENT REDIRECT
     
  5. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    The application I am trying to register is not µTorrent or another Torrent download program. It's one that I installed from a CD. I did have µTorrent installed and have since removed it which I assume is where that host entry came from. In the past couple of days I had tinkered around with the hosts file to see if I could at least get the software activated.
     
  6. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    If you don't need that entry in your HOSTS file, run HijackThis again.

    Select Do a system scan only.

    Put a check mark on:

    O1 - Hosts: 85.17.80.246 tracker.openbittorrent.com # TORRENT REDIRECT

    Click Fix checked.
     
  7. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    Done.

    Not sure if you wanted the log again, but in case here it is:


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:15:42 PM, on 12/30/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Vista4Cast\Vista4Cast.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\IRTrans\irtranstray.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Program Files\Subsonic\subsonic-agent.exe
    C:\Program Files\IRTrans\IRSERVER.EXE
    C:\Windows\system32\conhost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\ehome\ehShell.exe
    C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\eHome\ehExtHost.exe
    C:\Windows\eHome\EhTray.exe
    C:\Windows\system32\rdpclip.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Vista4Cast\Vista4Cast.exe
    C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Subsonic\subsonic-agent.exe
    C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\eHome\EhTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O4 - HKLM\..\Run: [Vista4Cast] C:\Program Files\Vista4Cast\Vista4Cast.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
    O4 - HKLM\..\Run: [RoxioNowMediaManagerApp] C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe -start
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0ANAA1ADcANQAwADIANQA2ADQALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA0AC0ARgA5AE0AMQAwAEIAKwAxAA"&"prod=90"&"ver=9.0.872
    O4 - HKCU\..\Run: [Windows Media Center] RunDLL32.exe C:\Windows\ehome\ehuihlp.dll,BootMediaCenter
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: mcfsix.exe
    O4 - Global Startup: IRTranstray USB.lnk = C:\Program Files\IRTrans\irtranstray.exe
    O4 - Global Startup: mkRemote.lnk = C:\Program Files\mkRemote\mkRemote.exe
    O4 - Global Startup: Subsonic.lnk = C:\Program Files\Subsonic\subsonic-agent.exe
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.cinemanow.com
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: OCUR SDV Service (DkTahsp) - Digital Keystone, Inc. - C:\Windows\system32\dktahsp.exe
    O23 - Service: mHome Automation Server (mControlServer) - Embedded Automation, Inc. - C:\Program Files\Embedded Automation\mControl\server\mServer.exe
    O23 - Service: RoxioNow Service - Roxio - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
    O23 - Service: ShowAnalyzerMaster - Dragon Global - C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe
    O23 - Service: Subsonic - Unknown owner - C:\Program Files\Subsonic\subsonic-service.exe

    --
    End of file - 5614 bytes
     
  8. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    What's mcfsix.exe in your Startup directory?
     
  9. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    Nothing anymore. I thought it had something to do with a Windows Media Center issue and that was supposed to "fix" it, but I couldn't find anything when I Googled it.
     
  10. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    Phantom, is there anything else I can try?
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    follow advice here and post the logs those programs make

    don't worry if Gmer won't run but I do need to see DDS & DDS extra txt
     
  12. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    GMER will not run for me.

    I have similar issues as others do where DDS stops and doesn't respond. I found a post where the user was instructed to use OTL and post the results. With settings identical to what was instructed there, here are my results:

    OTL:


    OTL logfile created on: 1/2/2011 12:46:36 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Jason\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.99 Gb Total Space | 261.64 Gb Free Space | 87.80% Space Free | Partition Type: NTFS
    Drive D: | 54.79 Gb Total Space | 33.10 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
    Drive M: | 1342.47 Gb Total Space | 415.71 Gb Free Space | 30.97% Space Free | Partition Type: NTFS

    Computer Name: STOCKTON-2 | User Name: Jason | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Roxio\RoxioNow Player\CNRpc.exe (Roxio)
    PRC - C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
    PRC - C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe (Roxio)
    PRC - C:\Program Files\Subsonic\subsonic-service.exe ()
    PRC - C:\Program Files\Subsonic\subsonic-agent.exe ()
    PRC - C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
    PRC - C:\Windows\System32\atieclxx.exe (AMD)
    PRC - C:\Windows\System32\atiesrxx.exe (AMD)
    PRC - C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzer.exe (Dragon Global)
    PRC - C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (Dragon Global)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\dktahsp.exe (Digital Keystone, Inc.)
    PRC - C:\Program Files\Vista4Cast\Vista4Cast.exe ()
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\rdpclip.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Embedded Automation\mControl\server\mServer.exe (Embedded Automation, Inc.)
    PRC - C:\Program Files\GmoteServer\GmoteServer.exe ()
    PRC - C:\Program Files\IRTrans\IRServer.exe (IRTrans GmbH)
    PRC - C:\Program Files\IRTrans\irtranstray.exe (Marcus Müller and parts Marcel Houweling)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Jason\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
    MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (PEVSystemStart) -- C:\ComboFix\PEV.cfx File not found
    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV - (RoxioNow Service) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
    SRV - (Subsonic) -- C:\Program Files\Subsonic\subsonic-service.exe ()
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
    SRV - (ShowAnalyzerMaster) -- C:\Program Files\Dragon Global\ShowAnalyzerSuite\ShowAnalyzerMaster.exe (Dragon Global)
    SRV - (DkTahsp) -- C:\Windows\System32\dktahsp.exe (Digital Keystone, Inc.)
    SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
    SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
    SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
    SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
    SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
    SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
    SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
    SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
    SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
    SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
    SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
    SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
    SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
    SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
    SRV - (mControlServer) -- C:\Program Files\Embedded Automation\mControl\server\mServer.exe (Embedded Automation, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- C:\Users\Jason\AppData\Local\Temp\catchme.sys File not found
    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
    DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
    DRV - (nm3) -- C:\Windows\System32\drivers\nm3.sys (Microsoft Corporation)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
    DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
    DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
    DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
    DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
    DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
    DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
    DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
    DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
    DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
    DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
    DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
    DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
    DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
    DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
    DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
    DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
    DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
    DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
    DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
    DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
    DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
    DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
    DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
    DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (volsnap) -- C:\Windows\system32\DRIVERS\volsnap.sys ()
    DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
    DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
    DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
    DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
    DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
    DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
    DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
    DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
    DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
    DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
    DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
    DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
    DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
    DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
    DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
    DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
    DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
    DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
    DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
    DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
    DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
    DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
    DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
    DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
    DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
    DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
    DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
    DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
    DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
    DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
    DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
    DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
    DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
    DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
    DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
    DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 7B 9C 39 51 A9 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/12/30 12:15:17 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [RoxioNowMediaManagerApp] C:\Program Files\Roxio\RoxioNow Player\RNowShell.exe (Roxio)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Vista4Cast] C:\Program Files\Vista4Cast\Vista4Cast.exe ()
    O4 - HKCU..\Run: [Google Update] C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [Windows Media Center] C:\Windows\ehome\ehuihlp.DLL (Microsoft Corporation)
    O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Program Files\GmoteServer\GmoteServer.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: disableregistrytools = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.115.71.53 24.159.193.40
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/02 12:16:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2010/12/31 20:29:08 | 000,293,968 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/12/31 20:29:08 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/12/31 20:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2010/12/31 20:29:07 | 000,023,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/12/31 20:29:06 | 000,047,440 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/12/31 20:29:05 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/12/31 20:29:02 | 000,188,216 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/12/31 20:29:02 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/12/31 20:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/12/31 20:29:01 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/12/31 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer
    [2010/12/31 20:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
    [2010/12/31 20:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\GmoteServer
    [2010/12/31 20:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mControl
    [2010/12/31 19:50:12 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/12/31 19:49:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/31 19:36:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/31 19:36:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/31 19:36:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/31 19:36:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/31 19:36:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/29 14:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/12/29 14:08:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2010/12/29 11:51:15 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
    [2010/12/29 11:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2010/12/26 22:02:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\data
    [2010/12/26 15:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
    [2010/12/26 15:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
    [2010/12/24 11:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2010/12/24 11:04:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Network Monitor 3
    [2010/12/24 11:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
    [2010/12/24 11:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
    [2010/12/23 22:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/12/23 22:37:52 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Malwarebytes
    [2010/12/23 22:37:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/23 22:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2010/12/23 22:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/12/23 22:37:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/23 22:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/23 14:19:55 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2010/12/23 10:21:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\BdaSup.sys
    [2010/12/19 16:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Teknowebworks LLC
    [2010/12/19 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HouseLinc
    [2010/12/19 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boxee
    [2010/12/19 09:29:00 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\BOXEE
    [2010/12/19 09:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Boxee
    [2010/12/15 03:46:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2010/12/15 03:45:56 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/12/15 03:45:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/12/15 03:45:56 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/12/15 03:45:56 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/12/15 03:45:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/12/15 03:45:56 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/12/15 03:45:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/12/15 03:45:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/12/15 03:45:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/12/15 03:45:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/12/15 03:45:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/12/15 03:45:46 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
    [2010/12/15 03:45:46 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
    [2010/12/15 03:45:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
    [2010/12/15 03:45:46 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
    [2010/12/15 03:45:39 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/12/15 03:45:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/12/15 03:45:36 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
    [2010/12/15 03:45:36 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
    [2010/12/15 03:45:35 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/12/05 22:01:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\100205 - Replacement mControl license

    ========== Files - Modified Within 30 Days ==========

    [2011/01/02 12:46:23 | 000,018,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/02 12:46:23 | 000,018,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/02 12:43:19 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/01/02 12:43:19 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/01/02 12:38:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/02 12:38:49 | 2612,846,592 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/02 12:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231490338-1352067553-1177303866-1000UA.job
    [2011/01/02 12:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2231490338-1352067553-1177303866-1000Core.job
    [2011/01/02 12:15:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\OTL.exe
    [2011/01/01 12:39:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/12/31 20:29:08 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/12/31 20:28:15 | 000,001,031 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk
    [2010/12/31 20:25:15 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2010/12/31 20:24:43 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/12/31 14:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/12/31 14:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/12/31 14:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/12/31 13:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/12/31 13:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/12/31 13:56:37 | 000,051,280 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/12/31 13:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/12/30 12:15:17 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/29 14:08:00 | 000,002,081 | ---- | M] () -- C:\Users\Jason\Desktop\HijackThis.lnk
    [2010/12/27 13:13:36 | 000,000,410 | ---- | M] () -- C:\Windows\System32\drivers\etc\networks
    [2010/12/25 16:53:21 | 000,025,088 | ---- | M] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/22 11:25:13 | 001,389,883 | ---- | M] () -- C:\Users\Jason\Desktop\tdguide.pdf
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/16 03:18:29 | 000,266,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2010/12/31 20:29:08 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/12/31 20:28:15 | 000,001,031 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk
    [2010/12/31 19:36:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/31 19:36:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/31 19:36:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/31 19:36:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/31 19:36:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/29 14:08:00 | 000,002,081 | ---- | C] () -- C:\Users\Jason\Desktop\HijackThis.lnk
    [2010/12/23 14:20:55 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2010/12/22 11:25:38 | 001,389,883 | ---- | C] () -- C:\Users\Jason\Desktop\tdguide.pdf
    [2010/10/29 18:08:41 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
    [2010/09/20 19:36:11 | 000,000,017 | ---- | C] () -- C:\Users\Jason\AppData\Local\resmon.resmoncfg
    [2010/03/31 11:30:22 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/03/08 20:59:36 | 000,025,088 | ---- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/21 04:48:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/11/26 20:27:08 | 000,000,435 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\WtvWatcher.settings
    [2009/09/19 20:40:20 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 17:11:34 | 000,245,328 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
    [2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2007/11/06 12:08:22 | 000,077,824 | ---- | C] () -- C:\Windows\System32\IRTransView.dll
    [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

    ========== LOP Check ==========

    [2010/09/10 19:14:24 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\69798AF33AF0EC380F02850B4D93A897
    [2010/12/19 09:29:00 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\BOXEE
    [2010/09/10 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ESET
    [2010/11/21 08:08:52 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Foxit Software
    [2010/01/17 18:36:18 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\GlarySoft
    [2011/01/02 12:40:39 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Gmote
    [2010/12/26 19:12:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\HandBrake
    [2010/04/12 22:01:37 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Media Control
    [2010/10/07 05:59:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Promixis
    [2010/02/16 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\RRC
    [2010/02/28 17:00:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Silicondust
    [2010/12/19 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
    [2010/04/04 20:11:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Win7codecs
    [2010/09/20 21:38:37 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:319E7F0B
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:351B5DA2

    < End of report >
     
  13. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    Results from extras:

    OTL Extras logfile created on: 1/2/2011 12:46:37 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Jason\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 297.99 Gb Total Space | 261.64 Gb Free Space | 87.80% Space Free | Partition Type: NTFS
    Drive D: | 54.79 Gb Total Space | 33.10 Gb Free Space | 60.41% Space Free | Partition Type: NTFS
    Drive M: | 1342.47 Gb Total Space | 415.71 Gb Free Space | 30.97% Space Free | Partition Type: NTFS

    Computer Name: STOCKTON-2 | User Name: Jason | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00CC55E1-EA68-22D4-92DF-B94F287DCE40}" = ccc-core-static
    "{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
    "{0E76D6D4-5EFD-0714-1E65-E5B0ED1C9731}" = Catalyst Control Center Core Implementation
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F9EB8D8-D9EA-4F94-8272-614B9EF1A00B}" = Device Manager
    "{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
    "{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
    "{298DC487-79C9-4F72-A432-C8BC37B70ACB}" = HouseLinc
    "{2D206DBD-6491-26BD-0DFA-165AA8A0CFFD}" = Catalyst Control Center Graphics Light
    "{2D3B4614-7291-583D-A925-476924FF5A5F}" = Catalyst Control Center Graphics Previews Common
    "{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
    "{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
    "{466756D2-37B1-4164-BF2F-0FB27DDE9517}" = mControl
    "{497EEC0F-9D2E-4784-A455-83FAD81A0D11}" = Windows 7 x86 DTB Addin
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53A47403-D9EA-4F94-8272-D03510ADE401}" = SALad Downloader
    "{55B6344C-AE4F-4DA8-BF32-D7AE0CB4D2BE}_is1" = theRenamer 6.7
    "{57114D23-8C46-40C3-A215-AAF2216D015B}" = meta<browser/>
    "{5919420E-B18A-4DE2-8501-EA0F8E4B4955}" = HDHomeRun
    "{5A1A9AB2-2F68-462D-A67D-7C855DFF5EEB}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
    "{5B479C22-7B50-5D31-7BD9-02D1260254D3}" = Catalyst Control Center HydraVision Full
    "{6D372DFB-666E-FD3D-8B23-C116A8F5A643}" = Catalyst Control Center Graphics Full Existing
    "{6E994B82-FE8B-2777-295A-4D6F4314E8DD}" = ccc-utility
    "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{781B5379-E643-4942-97CD-C0335A221BBA}" = IRTrans Software
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{979C4702-8F6D-4C57-B9BB-95ED08A03F11}" = Refresh Rate Changer v2
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{A2F2C44A-869E-4C32-9CEC-E22B1CC91F06}" = Microsoft Network Monitor 3.4
    "{A3D84D4A-DE51-42A1-964B-E80013272D55}" = BoxeeIntegration
    "{B3D726D7-12FC-B85D-E6C9-54536827A01A}" = Catalyst Control Center Graphics Previews Vista
    "{C14143B1-0190-4A0C-985F-9C16B30FB456}" = Media Browser
    "{C176CB21-4E7D-D56D-905B-F4A4CB1301AD}" = Catalyst Control Center Graphics Full New
    "{D3BD4C42-B54D-DD47-68EC-5DD1D6097E6F}" = CCC Help English
    "{E573DD70-4E08-4AC6-B87C-FEF4EC82A07D}" = My Channel Logos
    "{E7ECD072-02DF-4F24-B5C9-7928A2867B14}" = DVRMSToolbox
    "{F20F8E93-3471-1808-AC39-7CE622FCBB4B}" = Catalyst Control Center InstallProxy
    "{F3B61779-CA51-4238-9F7D-D22EBF8F5D43}" = ShowAnalyzerSuite
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Album Art Downloader XUI" = Album Art Downloader XUI 0.34.1
    "avast5" = avast! Free Antivirus
    "BOXEE" = Boxee
    "CCleaner" = CCleaner
    "DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
    "DVD Shrink_is1" = DVD Shrink 3.2
    "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
    "Foxit Reader" = Foxit Reader
    "HijackThis" = HijackThis 2.0.2
    "IRTrans Software" = IRTrans Software
    "KeyFinder_is1" = Magical Jelly Bean KeyFinder
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaMonkey_is1" = MediaMonkey 3.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Revo Uninstaller" = Revo Uninstaller 1.89
    "Subsonic" = Subsonic
    "Torrent Episode Downloader 0.9715" = Torrent Episode Downloader
    "uTorrent" = µTorrent
    "Vista4Cast_is1" = Vista4Cast
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f58cbb372ebb2ec8" = Media Center Studio
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/1/2011 4:49:55 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/1/2011 4:49:56 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/1/2011 4:49:57 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/1/2011 4:49:58 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/1/2011 4:49:59 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/1/2011 4:50:00 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/1/2011 4:50:01 PM | Computer Name = stockton-2 | Source = CommercialSkipAddIn | ID = 0
    Description = User: Jason The Current MediaExperience object is null. It should
    never be null during playback. This is a BUG in MediaCenter.

    Error - 1/2/2011 2:00:09 PM | Computer Name = stockton-2 | Source = Application Error | ID = 1000
    Description = Faulting application name: javaw.exe, version: 6.0.180.7, time stamp:
    0x4b2aa6d3 Faulting module name: java.dll, version: 6.0.180.7, time stamp: 0x4b2ad748
    Exception
    code: 0xc0000005 Fault offset: 0x00004e46 Faulting process id: 0x1298 Faulting application
    start time: 0x01cbaaa6e2e72931 Faulting application path: C:\Program Files\Java\jre6\bin\javaw.exe
    Faulting
    module path: C:\Program Files\Java\jre6\bin\java.dll Report Id: 22f821fe-169a-11e0-99d9-001cc09100cc

    Error - 1/2/2011 2:00:09 PM | Computer Name = stockton-2 | Source = Application Error | ID = 1000
    Description = Faulting application name: subsonic-agent.exe, version: 0.0.0.0, time
    stamp: 0x4b7171c5 Faulting module name: java.dll, version: 6.0.180.7, time stamp:
    0x4b2ad748 Exception code: 0xc0000005 Fault offset: 0x00004e46 Faulting process id:
    0x1328 Faulting application start time: 0x01cbaaa6e2d0bac0 Faulting application path:
    C:\Program Files\Subsonic\subsonic-agent.exe Faulting module path: c:\program files\java\jre6\bin\java.dll
    Report
    Id: 22faba18-169a-11e0-99d9-001cc09100cc

    Error - 1/2/2011 2:28:27 PM | Computer Name = stockton-2 | Source = Application Error | ID = 1000
    Description = Faulting application name: subsonic-agent.exe, version: 0.0.0.0, time
    stamp: 0x4b7171c5 Faulting module name: java.dll, version: 6.0.180.7, time stamp:
    0x4b2ad748 Exception code: 0xc0000005 Fault offset: 0x00004e46 Faulting process id:
    0x5ac Faulting application start time: 0x01cbaaaac8d967ad Faulting application path:
    C:\Program Files\Subsonic\subsonic-agent.exe Faulting module path: c:\program files\java\jre6\bin\java.dll
    Report
    Id: 16c12f0d-169e-11e0-a341-001cc09100cc

    [ Lifextender Events ]
    Error - 11/26/2009 11:06:40 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = The following file encountered an error while uncommercializing. M:\Users\Public\Recorded
    TV\Grey's Anatomy_WBAYDT_2009_11_19_20_00_00.dvr-ms This file has been blacklisted
    and restored to it's original location. Details of the error to follow: System.IO.FileNotFoundException:
    Could not load file or assembly 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot
    find the file specified. File name: 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' at YellowCup.MediaCenter.Lifextender.Utility.SyncMediaCenterLibraryCache(TVShow
    show, Boolean forceUpdate, Int32 tries) at YellowCup.MediaCenter.Lifextender.TVShowProcessor.ProcessShow(TVShow
    tvShow) at YellowCup.MediaCenter.Lifextender.LifextenderService.ParseForUnCommercializing(List`1
    shows) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure
    logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD)
    to 1. Note: There is some performance penalty associated with assembly bind failure
    logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


    Error - 11/26/2009 11:12:23 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = The following file encountered an error while uncommercializing. M:\Users\Public\Recorded
    TV\The Middle_WBAYDT_2009_11_25_19_28_00.dvr-ms This file has been blacklisted and
    restored to it's original location. Details of the error to follow: System.IO.FileNotFoundException:
    Could not load file or assembly 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot
    find the file specified. File name: 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' at YellowCup.MediaCenter.Lifextender.Utility.SyncMediaCenterLibraryCache(TVShow
    show, Boolean forceUpdate, Int32 tries) at YellowCup.MediaCenter.Lifextender.TVShowProcessor.ProcessShow(TVShow
    tvShow) at YellowCup.MediaCenter.Lifextender.LifextenderService.ParseForUnCommercializing(List`1
    shows) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure
    logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD)
    to 1. Note: There is some performance penalty associated with assembly bind failure
    logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


    Error - 11/27/2009 6:06:58 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = The following file encountered an error while uncommercializing. M:\Users\Public\Recorded
    TV\Curious George_ABCF_2009_11_27_13_58_00.dvr-ms This file has been blacklisted
    and restored to it's original location. Details of the error to follow: System.IO.FileNotFoundException:
    Could not load file or assembly 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot
    find the file specified. File name: 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' at YellowCup.MediaCenter.Lifextender.Utility.SyncMediaCenterLibraryCache(TVShow
    show, Boolean forceUpdate, Int32 tries) at YellowCup.MediaCenter.Lifextender.TVShowProcessor.ProcessShow(TVShow
    tvShow) at YellowCup.MediaCenter.Lifextender.LifextenderService.ParseForUnCommercializing(List`1
    shows) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure
    logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD)
    to 1. Note: There is some performance penalty associated with assembly bind failure
    logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


    Error - 11/27/2009 7:01:25 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = The following file encountered an error while uncommercializing. M:\Users\Public\Recorded
    TV\Between the Lions_WPNE_2009_11_27_14_28_00.dvr-ms This file has been blacklisted
    and restored to it's original location. Details of the error to follow: System.IO.FileNotFoundException:
    Could not load file or assembly 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot
    find the file specified. File name: 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' at YellowCup.MediaCenter.Lifextender.Utility.SyncMediaCenterLibraryCache(TVShow
    show, Boolean forceUpdate, Int32 tries) at YellowCup.MediaCenter.Lifextender.TVShowProcessor.ProcessShow(TVShow
    tvShow) at YellowCup.MediaCenter.Lifextender.LifextenderService.ParseForUnCommercializing(List`1
    shows) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure
    logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD)
    to 1. Note: There is some performance penalty associated with assembly bind failure
    logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


    Error - 11/27/2009 7:02:29 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = The following file encountered an error while uncommercializing. M:\Users\Public\Recorded
    TV\WordGirl_WPNE_2009_11_27_16_28_00.dvr-ms This file has been blacklisted and restored
    to it's original location. Details of the error to follow: System.IO.FileNotFoundException:
    Could not load file or assembly 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot
    find the file specified. File name: 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' at YellowCup.MediaCenter.Lifextender.Utility.SyncMediaCenterLibraryCache(TVShow
    show, Boolean forceUpdate, Int32 tries) at YellowCup.MediaCenter.Lifextender.TVShowProcessor.ProcessShow(TVShow
    tvShow) at YellowCup.MediaCenter.Lifextender.LifextenderService.ParseForUnCommercializing(List`1
    shows) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure
    logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD)
    to 1. Note: There is some performance penalty associated with assembly bind failure
    logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


    Error - 11/27/2009 7:34:17 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = The following file encountered an error while uncommercializing. M:\Users\Public\Recorded
    TV\Fetch! With Ruff Ruffman_WPNE_2009_11_27_17_00_00.dvr-ms This file has been blacklisted
    and restored to it's original location. Details of the error to follow: System.IO.FileNotFoundException:
    Could not load file or assembly 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot
    find the file specified. File name: 'ehiProxy, Version=6.0.6000.0, Culture=neutral,
    PublicKeyToken=31bf3856ad364e35' at YellowCup.MediaCenter.Lifextender.Utility.SyncMediaCenterLibraryCache(TVShow
    show, Boolean forceUpdate, Int32 tries) at YellowCup.MediaCenter.Lifextender.TVShowProcessor.ProcessShow(TVShow
    tvShow) at YellowCup.MediaCenter.Lifextender.LifextenderService.ParseForUnCommercializing(List`1
    shows) WRN: Assembly binding logging is turned OFF. To enable assembly bind failure
    logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD)
    to 1. Note: There is some performance penalty associated with assembly bind failure
    logging. To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].


    Error - 11/27/2009 8:37:08 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = An error occurred attempting to Uninitialize Add-in System.NullReferenceException:
    Object reference not set to an instance of an object. at YellowCup.MediaCenter.Lifextender.AddIn.Background.Connect.Uninitialize()

    Error - 11/27/2009 8:37:10 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = An error occurred attempting to Uninitialize Add-in System.NullReferenceException:
    Object reference not set to an instance of an object. at YellowCup.MediaCenter.Lifextender.AddIn.Background.Connect.Uninitialize()

    Error - 11/27/2009 8:41:04 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = An error occurred attempting to Uninitialize Add-in System.NullReferenceException:
    Object reference not set to an instance of an object. at YellowCup.MediaCenter.Lifextender.AddIn.Background.Connect.Uninitialize()

    Error - 11/27/2009 8:41:04 PM | Computer Name = stockton-2 | Source = Lifextender | ID = 0
    Description = An error occurred attempting to Uninitialize Add-in System.NullReferenceException:
    Object reference not set to an instance of an object. at YellowCup.MediaCenter.Lifextender.AddIn.Background.Connect.Uninitialize()

    [ Media Center Events ]
    Error - 12/3/2010 8:48:49 AM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/6/2010 11:29:11 PM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/12/2010 2:35:27 PM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/12/2010 2:36:40 PM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/12/2010 2:38:18 PM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/12/2010 2:41:32 PM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/16/2010 12:24:45 AM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/21/2010 8:13:26 AM | Computer Name = stockton-2 | Source = Microsoft-Windows-Media Center Extender | ID = 602
    Description =

    Error - 12/26/2010 2:33:22 PM | Computer Name = stockton-2 | Source = ehRecvr | ID = 3
    Description = TV tuner encountered an error. (0xc0040524) Silicondust HDHomeRun
    Tuner 1010CF1E-1

    Error - 12/26/2010 2:34:22 PM | Computer Name = stockton-2 | Source = ehRecvr | ID = 3
    Description = TV tuner encountered an error. (0xc0040524) Silicondust HDHomeRun
    Tuner 1010CF1E-1

    [ System Events ]
    Error - 1/2/2011 12:12:09 PM | Computer Name = stockton-2 | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Netman service.

    Error - 1/2/2011 12:12:09 PM | Computer Name = stockton-2 | Source = Service Control Manager | ID = 7000
    Description = The Network Connections service failed to start due to the following
    error: %%1053

    Error - 1/2/2011 1:58:43 PM | Computer Name = stockton-2 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:44:44 AM on ?1/?2/?2011 was unexpected.

    Error - 1/2/2011 2:10:46 PM | Computer Name = stockton-2 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:05:36 PM on ?1/?2/?2011 was unexpected.

    Error - 1/2/2011 2:27:51 PM | Computer Name = stockton-2 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:16:39 PM on ?1/?2/?2011 was unexpected.

    Error - 1/2/2011 2:38:52 PM | Computer Name = stockton-2 | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 12:35:44 PM on ?1/?2/?2011 was unexpected.

    Error - 1/2/2011 2:39:44 PM | Computer Name = stockton-2 | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the IPBusEnum service.

    Error - 1/2/2011 2:40:14 PM | Computer Name = stockton-2 | Source = DCOM | ID = 10005
    Description =

    Error - 1/2/2011 2:40:14 PM | Computer Name = stockton-2 | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Netman service.

    Error - 1/2/2011 2:40:14 PM | Computer Name = stockton-2 | Source = Service Control Manager | ID = 7000
    Description = The Network Connections service failed to start due to the following
    error: %%1053


    < End of report >
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Sorry but I don't use or work with OTL ever

    if you are telling me that DDS won't run, that is becasue Avast is interfering with it & deleteing aprt of it
    you need to disable avast real time protection before running it

    becasue it has been damaged, you need to delete that version of DDS & download a new copy from original link
    before doing that though


    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    post back with its log and we can go from there
     
  15. jstockton

    jstockton Thread Starter

    Joined:
    Dec 29, 2010
    Messages:
    18
    I ran tdss killer a couple of times and each time report that there are no infections found. As far as DDS not running, I have disabled Avast! by right clicking on the tray icon and choosing disable permanently from the shields menu. I have also gone into the Troubleshooting options and unchecked all the options there before running DSS. Each time I run DDS, the progress bar gets to a certain point and then the computer becomes unresponsive and requires a hard reboot. Im pretty sure that I downloaded DDS again after making sure Avast! was disabled, but will try it again tonight when I get home and let you know what happens.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/971411

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice