TechSpot

Congratulations You Won!

By jeezybaby43
Feb 4, 2011
  1. Hi all I'm new to this forum but after reading some threads I see people on this site are more knowledgeable then other sites.

    At random times a soundbite will play "congratulations, you won!". Not sure what this is or how it got onto my computer because I'm usually pretty good staying away from malware and viruses. Not sure if this is something I should be concerned with and any help with removal would be much appreciated.

    - Jeremy
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    Here is my logs from the scans

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5681

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/4/2011 9:15:59 PM
    mbam-log-2011-02-04 (21-15-59).txt

    Scan type: Quick scan
    Objects scanned: 186090
    Time elapsed: 2 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMR
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-04 21:40:28
    Windows 6.1.7600
    Running: tzcwbx2z.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x3F 0x06 0x08 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x5A 0x57 0xE0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA3 0x50 0xAB 0x61 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0x3F 0x06 0x08 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2B 0x5A 0x57 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA3 0x50 0xAB 0x61 ...

    ---- EOF - GMER 1.0.15 ----

    DDS

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/25/2010 3:36:52 PM
    System Uptime: 2/4/2011 9:10:16 PM (0 hours ago)

    Motherboard: DELL Inc. | | 0X501H
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 550 GiB total, 378.156 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 9 GiB total, 4.128 GiB free.
    P: is FIXED (NTFS) - 140 GiB total, 139.56 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02B71028&REV_02\4&22BD4E0B&0&00E2
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02B71028&REV_02\4&22BD4E0B&0&00E2
    Service: RTL8167

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart D110 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam

    Class GUID:
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer:
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:

    ==== System Restore Points ===================

    RP93: 1/12/2011 10:26:15 PM - Installed Java(TM) 6 Update 23
    RP94: 1/13/2011 2:25:11 AM - Windows Update
    RP95: 1/21/2011 1:21:56 AM - Scheduled Checkpoint
    RP96: 1/29/2011 12:00:04 AM - Scheduled Checkpoint
    RP97: 1/29/2011 6:48:09 PM - Installed Deployment Manager 1.2.0.219
    RP98: 1/29/2011 6:49:58 PM - Removed Deployment Manager 1.2.0.219
    RP99: 1/29/2011 6:50:23 PM - Removed Microsoft SQL Server Compact 3.5 SP1 x64 English
    RP100: 1/29/2011 6:50:38 PM - Removed Microsoft SQL Server Compact 3.5 SP1 English
    RP101: 1/30/2011 12:28:19 AM - Before Ubuntu
    RP102: 1/31/2011 6:53:55 PM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1.2
    Apple Application Support
    Apple Software Update
    ARMA 2
    ARMA 2: Operation Arrowhead
    Banctec Service Agreement
    BattlEye for OA Uninstall
    BattlEye Uninstall
    Belkin F7D1101 Basic Wireless USB Adapter
    BufferChm
    CCleaner
    Citrix XenApp Web Plugin
    Coupon Printer for Windows
    Crysis(R)
    Curse Client
    D110
    D3DX10
    Dead Rising 2
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Destinations
    DeviceDiscovery
    Diablo II
    DirectXInstallService
    EA Download Manager
    EMC 10 Content
    Fallout 3
    ffdshow [rev 2527] [2008-12-19]
    Free Window Registry Repair
    Full Tilt Poker
    GameSpy Comrade
    GoToAssist 8.0.0.514
    GPBaseService2
    HP Photo Creations
    HP Update
    HPAppStudio
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Internet TV for Windows Media Center
    Java Auto Updater
    Java(TM) 6 Update 23
    Junk Mail filter update
    Just Cause 2
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Medal of Honor (TM)
    Microsoft .NET Framework 1.1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MotoHelper 2.0.24 Driver 4.7.1
    MotoHelper MergeModules
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Netflix in Windows Media Center
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Octoshape add-in for Adobe Flash Player
    PowerDVD DX
    PS_AIO_07_D110_SW_Min
    QuickTime
    QuickTransfer
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB982127)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sid Meier's Civilization V
    SmartWebPrinting
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    StarCraft II
    Status
    Steam
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2483110)
    Verizon V CAST Media Manager
    Virtual Vulcan
    WebReg
    Winamp
    Winamp Detector Plug-in
    Winamp Remote
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Flash
    World of Warcraft
    Yahoo! Messenger
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    2/4/2011 9:10:49 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
    2/4/2011 9:10:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    2/4/2011 9:10:42 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
    2/4/2011 9:08:56 PM, Error: Service Control Manager [7034] - The Dock Login Service service terminated unexpectedly. It has done this 1 time(s).
    2/4/2011 7:23:22 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    2/4/2011 6:40:27 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa80094e14e0, 0xfffff8801069923c, 0xffffffffc000009a, 0x0000000000000004). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020411-20295-01.
    1/30/2011 12:30:51 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004

    ==== End Of File ===========================


    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Jeezys at 21:41:52.49 on Fri 02/04/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6391 [GMT -6:00]

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Winamp\winamp.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Jeezys\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102180903.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Adobe.exe] C:\Users\Jeezys\AppData\Roaming\Adobe.exe
    uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101102180903.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Jeezys\AppData\Roaming\Mozilla\Firefox\Profiles\08x31bot.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jeezys\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Arabic spell-checking dictionary: ar@dictionaries.addons.mozilla.org - %profile%\extensions\ar@dictionaries.addons.mozilla.org
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============

    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-8-2 529128]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-19 55280]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-8-2 75032]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-8-2 283360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-2 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-2 355440]
    R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-8-2 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-8-2 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-8-2 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-8-2 149032]
    R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-19 658656]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-8-2 62800]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-8-2 190136]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-8-2 441328]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2010-6-29 155752]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-19 216064]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SessionLauncher;SessionLauncher; [x]
    S3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-9-2 1101600]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2010-5-19 35840]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-8-2 94864]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2010-6-18 20992]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
    S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-3-19 215040]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-6-21 693864]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-15 1255736]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

    =============== Created Last 30 ================

    2011-02-05 03:12:45 -------- d-----w- C:\Users\Jeezys\AppData\Roaming\Malwarebytes
    2011-02-05 03:12:40 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-05 03:12:39 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-02-05 03:12:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-02-05 03:12:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-04 01:05:40 -------- d-sh--w- C:\Boot
    2011-01-30 00:48:34 -------- d-----w- C:\Users\Jeezys\AppData\Roaming\Centrify
    2011-01-25 04:28:24 -------- d-----w- C:\Program Files\HP
    2011-01-15 03:16:32 -------- d-----w- C:\Program Files (x86)\Motorola
    2011-01-15 03:16:32 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
    2011-01-13 04:28:48 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
    2011-01-13 04:28:48 720896 ----a-w- C:\Windows\System32\odbc32.dll
    2011-01-13 04:28:48 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
    2011-01-13 04:28:48 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
    2011-01-13 04:28:48 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
    2011-01-13 04:28:48 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
    2011-01-13 04:28:48 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-13 04:28:48 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
    2011-01-13 04:28:48 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-13 04:28:48 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
    2011-01-08 02:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-01-08 02:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-01-08 02:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
    2011-01-08 02:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-01-08 02:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

    ==================== Find3M ====================

    2010-12-02 09:12:08 1359976 ----a-w- C:\Windows\System32\nvgenco64hda.dll
    2010-11-30 00:50:39 327680 ----a-w- C:\Users\Jeezys\AppData\Roaming\Adobe.exe
    2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-13 00:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-11-11 23:10:56 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
    2010-11-11 23:10:49 155752 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

    ============= FINISH: 21:42:21.69 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    Alright, had some trouble with combofix in the start (McAfee was acting up) but here is my logs from MBRcheck and Combofix

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: DELL Inc.
    BIOS Manufacturer: DELL INC.
    System Manufacturer: DELL Inc.
    System Product Name: Studio XPS 435T/9000
    Logical Drives Mask: 0x0000803c

    Kernel Drivers (total 196):
    0x03857000 \SystemRoot\system32\ntoskrnl.exe
    0x0380E000 \SystemRoot\system32\hal.dll
    0x00BBF000 \SystemRoot\system32\kdcom.dll
    0x00CC6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D0A000 \SystemRoot\system32\PSHED.dll
    0x00D1E000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E60000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F04000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01054000 \SystemRoot\System32\Drivers\spjz.sys
    0x0117A000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01183000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00F13000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x011B2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x011BC000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x011C9000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01000000 \SystemRoot\System32\drivers\partmgr.sys
    0x01015000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F6A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x0102A000 \SystemRoot\System32\drivers\mountmgr.sys
    0x012E3000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01200000 \SystemRoot\system32\DRIVERS\jraid.sys
    0x0121D000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01228000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01274000 \SystemRoot\system32\drivers\fileinfo.sys
    0x00D7C000 \SystemRoot\system32\drivers\mfehidk.sys
    0x01288000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x0142A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x00E00000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015CD000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01693000 \SystemRoot\System32\Drivers\cng.sys
    0x01706000 \SystemRoot\System32\drivers\pcw.sys
    0x01717000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x018F8000 \SystemRoot\system32\drivers\ndis.sys
    0x01800000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01860000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x0188B000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x018D7000 \SystemRoot\System32\Drivers\spldr.sys
    0x01721000 \SystemRoot\System32\drivers\rdyboost.sys
    0x018DF000 \SystemRoot\System32\Drivers\mup.sys
    0x019EA000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0175B000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01795000 \SystemRoot\system32\DRIVERS\disk.sys
    0x017AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02D4B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02D75000 \SystemRoot\System32\Drivers\Null.SYS
    0x02D7E000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02D85000 \SystemRoot\System32\drivers\vga.sys
    0x02D93000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02DB8000 \SystemRoot\System32\drivers\watchdog.sys
    0x02DC8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02DD1000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02DDA000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02DE3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02DEE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04001000 \SystemRoot\System32\drivers\tcpip.sys
    0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0164A000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x02C00000 \SystemRoot\system32\drivers\TDI.SYS
    0x01400000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01294000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x042D7000 \SystemRoot\system32\drivers\afd.sys
    0x04361000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x0436A000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04390000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x043A6000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x043B7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x043C6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x043E1000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x04200000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04251000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0425D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x04268000 \SystemRoot\System32\drivers\discache.sys
    0x04277000 \SystemRoot\System32\Drivers\dfsc.sys
    0x04295000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x042A6000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x017E9000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x0FE69000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10AC4000 \SystemRoot\System32\Drivers\nvBridge.kmd
    0x10AC6000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x10BBA000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0FE00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0FE24000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x0482C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04882000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x048CC000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x0490A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04917000 \SystemRoot\System32\Drivers\asyqy7z9.SYS
    0x0495C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04965000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x0497D000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04983000 \SystemRoot\system32\drivers\ks.sys
    0x049C6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x049DC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04800000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0FE31000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0480C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x00FC6000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04CBE000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04CD8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04CE7000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04CF6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04CF8000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x04D0A000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04D1C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04D76000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04D8B000 \SystemRoot\system32\drivers\nvhda64v.sys
    0x04DB4000 \SystemRoot\system32\drivers\portcls.sys
    0x04C00000 \SystemRoot\system32\drivers\drmk.sys
    0x05E0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04C22000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x04C4F000 \SystemRoot\system32\drivers\mfefirek.sys
    0x00030000 \SystemRoot\System32\win32k.sys
    0x05E00000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04DF1000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02C0D000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x02D29000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x02D3C000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005C0000 \SystemRoot\System32\TSDDD.dll
    0x0283B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x02858000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x0285A000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x02868000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02881000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x00640000 \SystemRoot\System32\cdd.dll
    0x0288A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02897000 \SystemRoot\System32\Drivers\RtsUStor.sys
    0x028D1000 \SystemRoot\system32\DRIVERS\usbcir.sys
    0x028F0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x028FE000 \SystemRoot\system32\DRIVERS\hidir.sys
    0x0290F000 \SystemRoot\system32\drivers\luafv.sys
    0x02932000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02953000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02968000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x029BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x029CE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0665D000 \SystemRoot\system32\drivers\HTTP.sys
    0x06725000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x06743000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0675B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06788000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x067D6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06C9B000 \SystemRoot\system32\drivers\peauth.sys
    0x06D41000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06D4C000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06D79000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06D8B000 \SystemRoot\system32\drivers\tdtcp.sys
    0x06D96000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x06DA5000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x076BB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07751000 \SystemRoot\system32\drivers\cfwids.sys
    0x0777B000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x0768D000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x077B1000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x077EA000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x77020000 \Windows\System32\ntdll.dll
    0x475D0000 \Windows\System32\smss.exe
    0xFF340000 \Windows\System32\apisetschema.dll
    0xFFEB0000 \Windows\System32\autochk.exe
    0xFF2B0000 \Windows\System32\shlwapi.dll
    0xFF290000 \Windows\System32\sechost.dll
    0xFF1C0000 \Windows\System32\usp10.dll
    0xFF040000 \Windows\System32\urlmon.dll
    0x771F0000 \Windows\System32\normaliz.dll
    0xFF030000 \Windows\System32\nsi.dll
    0x76F00000 \Windows\System32\kernel32.dll
    0x771E0000 \Windows\System32\psapi.dll
    0xFEF90000 \Windows\System32\comdlg32.dll
    0xFEF70000 \Windows\System32\imagehlp.dll
    0xFEF60000 \Windows\System32\lpk.dll
    0xFEE30000 \Windows\System32\wininet.dll
    0xFED50000 \Windows\System32\oleaut32.dll
    0xFEC40000 \Windows\System32\msctf.dll
    0xFDEB0000 \Windows\System32\shell32.dll
    0xFDE60000 \Windows\System32\Wldap32.dll
    0xFDDC0000 \Windows\System32\clbcatq.dll
    0xFDC90000 \Windows\System32\rpcrt4.dll
    0xFDC20000 \Windows\System32\gdi32.dll
    0xFDA40000 \Windows\System32\setupapi.dll
    0xFD7E0000 \Windows\System32\iertutil.dll
    0xFD700000 \Windows\System32\advapi32.dll
    0x76E00000 \Windows\System32\user32.dll
    0xFD4F0000 \Windows\System32\ole32.dll
    0xFD470000 \Windows\System32\difxapi.dll
    0xFD3D0000 \Windows\System32\msvcrt.dll
    0xFD3A0000 \Windows\System32\imm32.dll
    0xFD350000 \Windows\System32\ws2_32.dll
    0xFD2E0000 \Windows\System32\KernelBase.dll
    0xFD2A0000 \Windows\System32\wintrust.dll
    0xFD280000 \Windows\System32\devobj.dll
    0xFD240000 \Windows\System32\cfgmgr32.dll
    0xFD0D0000 \Windows\System32\crypt32.dll
    0xFD030000 \Windows\System32\comctl32.dll
    0xFD020000 \Windows\System32\msasn1.dll
    0x74FC0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    384 C:\Windows\System32\smss.exe
    656 csrss.exe
    732 C:\Windows\System32\wininit.exe
    752 csrss.exe
    788 C:\Windows\System32\services.exe
    812 C:\Windows\System32\lsass.exe
    820 C:\Windows\System32\lsm.exe
    904 C:\Windows\System32\winlogon.exe
    1004 C:\Windows\System32\svchost.exe
    364 C:\Windows\System32\nvvsvc.exe
    436 C:\Windows\System32\svchost.exe
    880 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1160 C:\Windows\System32\audiodg.exe
    1212 C:\Windows\System32\svchost.exe
    1268 C:\Program Files\Dell\DellDock\DockLogin.exe
    1348 C:\Windows\System32\svchost.exe
    1516 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1528 C:\Windows\System32\nvvsvc.exe
    1656 C:\Windows\System32\spoolsv.exe
    1684 C:\Windows\System32\svchost.exe
    1840 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1888 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1936 C:\Windows\SysWOW64\svchost.exe
    1960 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    2028 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    1364 C:\Windows\System32\svchost.exe
    1820 C:\Windows\System32\svchost.exe
    1916 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2064 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    2092 C:\Windows\System32\svchost.exe
    2132 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2168 C:\Windows\System32\svchost.exe
    2208 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2432 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2472 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2520 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2676 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    2728 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    2756 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3092 C:\Windows\System32\svchost.exe
    3220 C:\Windows\System32\svchost.exe
    3304 C:\Windows\System32\taskhost.exe
    3740 C:\Windows\System32\dwm.exe
    3772 C:\Windows\explorer.exe
    3892 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    4496 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    4532 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    4704 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    4880 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    4916 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    5048 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    5072 C:\Program Files\McAfee.com\Agent\mcagent.exe
    5088 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    5100 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    5112 C:\Program Files (x86)\Winamp\winampa.exe
    3716 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    4256 C:\Windows\System32\SearchIndexer.exe
    5256 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    5320 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5352 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    5516 C:\Windows\System32\svchost.exe
    5684 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    5920 C:\Program Files (x86)\Winamp\winamp.exe
    6108 dllhost.exe
    4720 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    308 C:\Program Files\Common Files\McAfee\Core\mchost.exe
    4724 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    1548 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    3268 C:\Windows\System32\SearchProtocolHost.exe
    6228 C:\Windows\System32\SearchFilterHost.exe
    7068 dllhost.exe
    4876 dllhost.exe
    3908 C:\Users\Jeezys\Downloads\MBRCheck.exe
    6788 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`4a600000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
    \\.\P: --> \\.\PhysicalDrive0 at offset 0x0000008b`bef00000 (NTFS)

    PhysicalDrive0 Model Number: ST3750528AS, Rev: CC45

    Size Device Name MBR Status
    --------------------------------------------
    698 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ComboFix 11-01-31.02 - Jeezys 02/04/2011 22:28:23.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6424 [GMT -6:00]
    Running from: c:\users\Jeezys\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
    .

    2011-02-05 04:32 . 2011-02-05 04:32 -------- d-----w- c:\users\Mcx1-JEEZYS-PC\AppData\Local\temp
    2011-02-05 04:27 . 2011-02-05 04:27 -------- d-----w- C:\32788R22FWJFW
    2011-02-05 03:12 . 2011-02-05 03:12 -------- d-----w- c:\users\Jeezys\AppData\Roaming\Malwarebytes
    2011-02-05 03:12 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-05 03:12 . 2011-02-05 03:12 -------- d-----w- c:\progra~3\Malwarebytes
    2011-02-05 03:12 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-05 03:12 . 2011-02-05 03:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-04 01:05 . 2011-02-04 01:17 -------- d-----w- C:\Boot
    2011-01-30 00:48 . 2011-01-30 00:48 -------- d-----w- c:\users\Jeezys\AppData\Roaming\Centrify
    2011-01-25 04:28 . 2011-01-25 04:28 -------- d-----w- c:\program files\HP
    2011-01-15 03:16 . 2011-01-15 03:16 -------- d-----w- c:\program files (x86)\Motorola
    2011-01-13 04:28 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
    2011-01-13 04:28 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
    2011-01-13 04:28 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
    2011-01-13 04:28 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2011-01-13 04:28 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
    2011-01-13 04:28 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
    2011-01-13 04:28 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
    2011-01-13 04:28 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
    2011-01-13 04:28 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
    2011-01-13 04:28 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
    2011-01-08 02:49 . 2011-01-08 02:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
    2011-01-08 02:49 . 2011-01-08 02:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
    2011-01-08 02:49 . 2011-01-08 02:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-01-08 02:48 . 2011-01-08 02:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-01-08 02:48 . 2011-01-08 02:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-08 03:27 . 2010-07-10 10:38 5653096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-01-08 03:27 . 2010-07-10 10:38 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-01-08 03:27 . 2010-04-11 21:39 7729256 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-01-08 03:27 . 2010-04-11 21:39 2200680 ----a-w- c:\windows\system32\nvapi64.dll
    2011-01-08 03:27 . 2010-04-11 21:39 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-01-02 19:13 . 2011-01-02 19:13 737072 ----a-w- c:\progra~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll
    2011-01-02 19:13 . 2011-01-02 19:13 4277016 ----a-w- c:\progra~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
    2011-01-02 19:13 . 2010-11-26 10:11 42776 ----a-w- c:\progra~3\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-01-02 18:13 . 2010-08-27 20:21 42776 ----a-w- c:\progra~3\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-01-02 18:12 . 2010-11-26 10:10 539968 ----a-w- c:\progra~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-12-10 17:22 . 2010-08-27 20:21 539968 ----a-w- c:\progra~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-30 00:50 . 2010-11-30 00:50 327680 ----a-w- c:\users\Jeezys\AppData\Roaming\Adobe.exe
    2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-26 10:11 . 2010-11-26 10:11 737072 ----a-w- c:\progra~3\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-11-26 10:11 . 2010-11-26 10:11 4277016 ----a-w- c:\progra~3\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-11-13 00:53 . 2010-08-04 07:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2010-11-11 23:10 . 2010-06-30 00:03 29288 ----a-w- c:\windows\system32\nvhdap64.dll
    2010-11-11 23:10 . 2010-06-30 00:03 155752 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]
    "Adobe.exe"="c:\users\Jeezys\AppData\Roaming\Adobe.exe" [2010-11-30 327680]
    "HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-12-08 5247624]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

    c:\users\Anyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SessionLauncher;SessionLauncher; [x]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600]
    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-05-04 35840]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 94864]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-06-18 20992]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
    R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-06-21 693864]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-10 834544]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-14 75032]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-14 283360]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-10-14 149032]
    S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-03-04 658656]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 62800]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 441328]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Jeezys\AppData\Roaming\Mozilla\Firefox\Profiles\08x31bot.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Arabic spell-checking dictionary: ar@dictionaries.addons.mozilla.org - %profile%\extensions\ar@dictionaries.addons.mozilla.org
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmABattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Jeezys\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1046951974-1599380402-3457755934-1000\Software\SecuROM\License information*]
    "datasecu"=hex:97,0d,b4,d2,6d,65,dd,b4,a2,3f,b5,33,d4,b2,04,bc,02,0e,be,2f,a6,
    0c,a3,88,d8,8a,10,6d,21,54,48,3e,9a,05,2f,ce,2b,31,d2,e9,e3,d5,06,2b,c3,d6,\
    "rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-02-04 22:33:56
    ComboFix-quarantined-files.txt 2011-02-05 04:33

    Pre-Run: 409,748,377,600 bytes free
    Post-Run: 409,713,152,000 bytes free

    - - End Of File - - 59D00F6D0DEE0106F98C014786F0B2E4
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Both logs look fine.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    2011/02/04 23:24:13.0499 3800 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/04 23:24:13.0816 3800 ================================================================================
    2011/02/04 23:24:13.0816 3800 SystemInfo:
    2011/02/04 23:24:13.0816 3800
    2011/02/04 23:24:13.0816 3800 OS Version: 6.1.7600 ServicePack: 0.0
    2011/02/04 23:24:13.0816 3800 Product type: Workstation
    2011/02/04 23:24:13.0816 3800 ComputerName: JEEZYS-PC
    2011/02/04 23:24:13.0816 3800 UserName: Jeezys
    2011/02/04 23:24:13.0816 3800 Windows directory: C:\Windows
    2011/02/04 23:24:13.0816 3800 System windows directory: C:\Windows
    2011/02/04 23:24:13.0816 3800 Running under WOW64
    2011/02/04 23:24:13.0816 3800 Processor architecture: Intel x64
    2011/02/04 23:24:13.0816 3800 Number of processors: 8
    2011/02/04 23:24:13.0816 3800 Page size: 0x1000
    2011/02/04 23:24:13.0816 3800 Boot type: Normal boot
    2011/02/04 23:24:13.0816 3800 ================================================================================
    2011/02/04 23:24:14.0282 3800 Initialize success
    2011/02/04 23:24:58.0580 0308 ================================================================================
    2011/02/04 23:24:58.0580 0308 Scan started
    2011/02/04 23:24:58.0580 0308 Mode: Manual;
    2011/02/04 23:24:58.0580 0308 ================================================================================
    2011/02/04 23:24:58.0980 0308 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/02/04 23:24:59.0006 0308 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/02/04 23:24:59.0024 0308 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/02/04 23:24:59.0052 0308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/02/04 23:24:59.0068 0308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/02/04 23:24:59.0083 0308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/02/04 23:24:59.0134 0308 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys
    2011/02/04 23:24:59.0181 0308 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/02/04 23:24:59.0200 0308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/02/04 23:24:59.0254 0308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/02/04 23:24:59.0267 0308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/02/04 23:24:59.0282 0308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/02/04 23:24:59.0294 0308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/02/04 23:24:59.0325 0308 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/02/04 23:24:59.0337 0308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/02/04 23:24:59.0358 0308 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/02/04 23:24:59.0379 0308 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/02/04 23:24:59.0458 0308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/02/04 23:24:59.0474 0308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/02/04 23:24:59.0527 0308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/04 23:24:59.0564 0308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/02/04 23:24:59.0602 0308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/02/04 23:24:59.0627 0308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/02/04 23:24:59.0653 0308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/02/04 23:24:59.0728 0308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/02/04 23:24:59.0764 0308 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/04 23:24:59.0779 0308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/02/04 23:24:59.0794 0308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/02/04 23:24:59.0835 0308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/02/04 23:24:59.0858 0308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/02/04 23:24:59.0872 0308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/02/04 23:24:59.0883 0308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/02/04 23:24:59.0940 0308 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
    2011/02/04 23:24:59.0960 0308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/02/04 23:25:00.0034 0308 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    2011/02/04 23:25:00.0082 0308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/04 23:25:00.0112 0308 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/04 23:25:00.0156 0308 cfwids (e02c9cdb15f13de4eb2ff67660e62317) C:\Windows\system32\drivers\cfwids.sys
    2011/02/04 23:25:00.0172 0308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/02/04 23:25:00.0202 0308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/02/04 23:25:00.0244 0308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/02/04 23:25:00.0290 0308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/02/04 23:25:00.0312 0308 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/02/04 23:25:00.0334 0308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/02/04 23:25:00.0371 0308 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/02/04 23:25:00.0394 0308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/02/04 23:25:00.0461 0308 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/04 23:25:00.0479 0308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/02/04 23:25:00.0529 0308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/02/04 23:25:00.0614 0308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/04 23:25:00.0690 0308 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/04 23:25:00.0762 0308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/02/04 23:25:00.0814 0308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/02/04 23:25:00.0834 0308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/02/04 23:25:00.0872 0308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/02/04 23:25:00.0898 0308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/02/04 23:25:00.0918 0308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/04 23:25:00.0987 0308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/04 23:25:01.0002 0308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/02/04 23:25:01.0013 0308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/04 23:25:01.0044 0308 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/04 23:25:01.0062 0308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/02/04 23:25:01.0103 0308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/04 23:25:01.0147 0308 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/02/04 23:25:01.0170 0308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/02/04 23:25:01.0214 0308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/02/04 23:25:01.0253 0308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/02/04 23:25:01.0295 0308 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/04 23:25:01.0327 0308 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/04 23:25:01.0343 0308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/02/04 23:25:01.0355 0308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/02/04 23:25:01.0392 0308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/02/04 23:25:01.0414 0308 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/04 23:25:01.0475 0308 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/02/04 23:25:01.0531 0308 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/02/04 23:25:01.0552 0308 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/02/04 23:25:01.0594 0308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/04 23:25:01.0637 0308 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/02/04 23:25:01.0667 0308 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/02/04 23:25:01.0692 0308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/02/04 23:25:01.0778 0308 IntcAzAudAddService (2a7cf87be453241fe0baa1c8651e7aa4) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/02/04 23:25:01.0814 0308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/02/04 23:25:01.0840 0308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/04 23:25:01.0887 0308 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/04 23:25:01.0913 0308 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/02/04 23:25:01.0932 0308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/02/04 23:25:01.0992 0308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/02/04 23:25:02.0018 0308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/02/04 23:25:02.0054 0308 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/04 23:25:02.0067 0308 JRAID (71235f7baa7e5e79d38157df7a0f806a) C:\Windows\system32\DRIVERS\jraid.sys
    2011/02/04 23:25:02.0086 0308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/04 23:25:02.0115 0308 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/04 23:25:02.0170 0308 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/04 23:25:02.0200 0308 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/02/04 23:25:02.0216 0308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/02/04 23:25:02.0278 0308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/04 23:25:02.0302 0308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/02/04 23:25:02.0334 0308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/02/04 23:25:02.0370 0308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/02/04 23:25:02.0393 0308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/02/04 23:25:02.0415 0308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/02/04 23:25:02.0501 0308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/02/04 23:25:02.0525 0308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/02/04 23:25:02.0556 0308 mfeapfk (c1556ca9695fcd6bbd23d75d402fd43d) C:\Windows\system32\drivers\mfeapfk.sys
    2011/02/04 23:25:02.0611 0308 mfeavfk (8857ee8b49f3338fc1fad476bfcca146) C:\Windows\system32\drivers\mfeavfk.sys
    2011/02/04 23:25:02.0677 0308 mfefirek (19c44295f6bf085c83352d48397f7870) C:\Windows\system32\drivers\mfefirek.sys
    2011/02/04 23:25:02.0700 0308 mfehidk (5f915e20ab56121c41c6bf9a91a83bda) C:\Windows\system32\drivers\mfehidk.sys
    2011/02/04 23:25:02.0734 0308 mfenlfk (23ae332e32ff615ca5e5224c8d91af11) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/02/04 23:25:02.0794 0308 mferkdet (9c7a9273e345f8d653394b5c542bf86a) C:\Windows\system32\drivers\mferkdet.sys
    2011/02/04 23:25:02.0840 0308 mfewfpk (3140b2c56d7119ba314f68fc785683f0) C:\Windows\system32\drivers\mfewfpk.sys
    2011/02/04 23:25:02.0862 0308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/02/04 23:25:02.0912 0308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/04 23:25:02.0966 0308 motccgp (93f5adcad940111f6d4d71ae1d9ec7f6) C:\Windows\system32\DRIVERS\motccgp.sys
    2011/02/04 23:25:03.0000 0308 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
    2011/02/04 23:25:03.0031 0308 motmodem (db83dc223b9133da3e41afcbdecc46b5) C:\Windows\system32\DRIVERS\motmodem.sys
    2011/02/04 23:25:03.0058 0308 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
    2011/02/04 23:25:03.0083 0308 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
    2011/02/04 23:25:03.0103 0308 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
    2011/02/04 23:25:03.0146 0308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/04 23:25:03.0163 0308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/04 23:25:03.0210 0308 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/04 23:25:03.0235 0308 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/02/04 23:25:03.0259 0308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/04 23:25:03.0302 0308 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/04 23:25:03.0334 0308 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/04 23:25:03.0356 0308 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/04 23:25:03.0380 0308 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/04 23:25:03.0399 0308 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/02/04 23:25:03.0444 0308 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/02/04 23:25:03.0495 0308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/02/04 23:25:03.0549 0308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/02/04 23:25:03.0570 0308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/02/04 23:25:03.0606 0308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/04 23:25:03.0623 0308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/04 23:25:03.0643 0308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/04 23:25:03.0665 0308 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/04 23:25:03.0692 0308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/04 23:25:03.0710 0308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/04 23:25:03.0726 0308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/02/04 23:25:03.0758 0308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/02/04 23:25:03.0790 0308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/04 23:25:03.0829 0308 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/02/04 23:25:03.0844 0308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/02/04 23:25:03.0878 0308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/04 23:25:03.0921 0308 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/04 23:25:03.0941 0308 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/04 23:25:03.0962 0308 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/04 23:25:04.0021 0308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/04 23:25:04.0044 0308 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/04 23:25:04.0105 0308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/02/04 23:25:04.0133 0308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/02/04 23:25:04.0147 0308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/04 23:25:04.0214 0308 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/04 23:25:04.0234 0308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/02/04 23:25:04.0286 0308 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
    2011/02/04 23:25:04.0504 0308 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/02/04 23:25:04.0570 0308 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/02/04 23:25:04.0595 0308 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/02/04 23:25:04.0629 0308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/02/04 23:25:04.0672 0308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/04 23:25:04.0721 0308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/02/04 23:25:04.0741 0308 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/02/04 23:25:04.0762 0308 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/02/04 23:25:04.0780 0308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/02/04 23:25:04.0806 0308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/02/04 23:25:04.0829 0308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/02/04 23:25:04.0858 0308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/02/04 23:25:04.0958 0308 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/04 23:25:04.0982 0308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/02/04 23:25:05.0016 0308 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/04 23:25:05.0057 0308 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/02/04 23:25:05.0101 0308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/02/04 23:25:05.0121 0308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/02/04 23:25:05.0168 0308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/04 23:25:05.0211 0308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/04 23:25:05.0242 0308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/02/04 23:25:05.0266 0308 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/04 23:25:05.0292 0308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/04 23:25:05.0312 0308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/04 23:25:05.0337 0308 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/04 23:25:05.0357 0308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/02/04 23:25:05.0379 0308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/04 23:25:05.0394 0308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/04 23:25:05.0413 0308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/02/04 23:25:05.0435 0308 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/04 23:25:05.0459 0308 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/02/04 23:25:05.0502 0308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/04 23:25:05.0558 0308 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
    2011/02/04 23:25:05.0589 0308 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/02/04 23:25:05.0640 0308 RTL8192su (8ca3e3f5f6d508d216fc4b64e9d8786a) C:\Windows\system32\DRIVERS\RTL8192su.sys
    2011/02/04 23:25:05.0676 0308 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/02/04 23:25:05.0724 0308 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/02/04 23:25:05.0761 0308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/02/04 23:25:05.0803 0308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/02/04 23:25:05.0825 0308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/02/04 23:25:05.0848 0308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/02/04 23:25:05.0894 0308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/02/04 23:25:05.0907 0308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/02/04 23:25:05.0923 0308 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/02/04 23:25:05.0981 0308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/02/04 23:25:06.0029 0308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/02/04 23:25:06.0072 0308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/02/04 23:25:06.0104 0308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/04 23:25:06.0156 0308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/02/04 23:25:06.0225 0308 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2011/02/04 23:25:06.0225 0308 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2011/02/04 23:25:06.0229 0308 sptd - detected Locked file (1)
    2011/02/04 23:25:06.0252 0308 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/04 23:25:06.0275 0308 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/04 23:25:06.0292 0308 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/04 23:25:06.0341 0308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/02/04 23:25:06.0374 0308 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    2011/02/04 23:25:06.0396 0308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/04 23:25:06.0486 0308 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/02/04 23:25:06.0552 0308 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/04 23:25:06.0579 0308 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/04 23:25:06.0623 0308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/04 23:25:06.0646 0308 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/04 23:25:06.0669 0308 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/04 23:25:06.0687 0308 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/04 23:25:06.0728 0308 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/04 23:25:06.0759 0308 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/04 23:25:06.0795 0308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/04 23:25:06.0817 0308 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/04 23:25:06.0851 0308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/02/04 23:25:06.0872 0308 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/04 23:25:06.0893 0308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/02/04 23:25:06.0956 0308 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/02/04 23:25:07.0014 0308 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/02/04 23:25:07.0049 0308 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/04 23:25:07.0081 0308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/02/04 23:25:07.0126 0308 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/04 23:25:07.0146 0308 usbhub (7cc1c95896d60e868aa6dd2dd2f97ead) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/04 23:25:07.0181 0308 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/02/04 23:25:07.0200 0308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/04 23:25:07.0223 0308 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/04 23:25:07.0239 0308 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/04 23:25:07.0265 0308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/02/04 23:25:07.0294 0308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/04 23:25:07.0315 0308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/02/04 23:25:07.0339 0308 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/02/04 23:25:07.0360 0308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/02/04 23:25:07.0383 0308 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/02/04 23:25:07.0405 0308 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/04 23:25:07.0426 0308 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/02/04 23:25:07.0441 0308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/02/04 23:25:07.0476 0308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/02/04 23:25:07.0502 0308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/02/04 23:25:07.0534 0308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/02/04 23:25:07.0558 0308 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/04 23:25:07.0566 0308 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/04 23:25:07.0612 0308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/02/04 23:25:07.0640 0308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/04 23:25:07.0711 0308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/02/04 23:25:07.0756 0308 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/02/04 23:25:07.0782 0308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/02/04 23:25:07.0851 0308 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/02/04 23:25:07.0879 0308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/02/04 23:25:07.0920 0308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/04 23:25:07.0984 0308 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    2011/02/04 23:25:08.0013 0308 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/02/04 23:25:08.0039 0308 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/04 23:25:08.0102 0308 ================================================================================
    2011/02/04 23:25:08.0102 0308 Scan finished
    2011/02/04 23:25:08.0102 0308 ================================================================================
    2011/02/04 23:25:08.0109 4216 Detected object count: 1
    2011/02/04 23:25:20.0970 4216 Locked file(sptd) - User select action: Skip
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    OTL Extras logfile created on: 2/4/2011 11:37:30 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jeezys\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 549.82 Gb Total Space | 381.64 Gb Free Space | 69.41% Space Free | Partition Type: NTFS
    Drive F: | 9.12 Gb Total Space | 4.13 Gb Free Space | 45.25% Space Free | Partition Type: NTFS
    Drive P: | 139.65 Gb Total Space | 139.56 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

    Computer Name: JEEZYS-PC | User Name: Jeezys | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1046951974-1599380402-3457755934-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
    "{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{82ED9FB2-55AF-4A61-A6F3-506CEE112779}" = Motorola Mobile Drivers Installation 4.7.1
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
    "{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
    "{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{4343080E-448E-4E2C-B27F-B91000018201}" = Dead Rising 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
    "{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
    "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
    "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
    "{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "BattlEye" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "CCleaner" = CCleaner
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Diablo II" = Diablo II
    "EADM" = EA Download Manager
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "Free Window Registry Repair" = Free Window Registry Repair
    "GoToAssist" = GoToAssist 8.0.0.514
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSC" = McAfee SecurityCenter
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Orb" = Winamp Remote
    "StarCraft II" = StarCraft II
    "Steam App 33900" = ARMA 2
    "Steam App 33930" = ARMA 2: Operation Arrowhead
    "Steam App 45740" = Dead Rising 2
    "Steam App 8190" = Just Cause 2
    "Steam App 8930" = Sid Meier's Civilization V
    "uTorrent" = µTorrent
    "Verizon V CAST Media Manager" = Verizon V CAST Media Manager
    "Virtual Vulcan" = Virtual Vulcan
    "VISPRO" = Microsoft Office Visio Professional 2007
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1046951974-1599380402-3457755934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/3/2011 4:24:40 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 83937290

    Error - 2/3/2011 4:24:41 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/3/2011 4:24:41 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 83938288

    Error - 2/3/2011 4:24:41 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 83938288

    Error - 2/3/2011 4:24:42 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/3/2011 4:24:42 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 83939302

    Error - 2/3/2011 4:24:42 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 83939302

    Error - 2/3/2011 4:24:43 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/3/2011 4:24:43 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 83940301

    Error - 2/3/2011 4:24:43 AM | Computer Name = Jeezys-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 83940301

    [ Media Center Events ]
    Error - 11/24/2010 1:23:15 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 11:23:15 AM - Error connecting to the internet. 11:23:15 AM - Unable
    to contact server..

    Error - 11/24/2010 1:23:21 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 11:23:21 AM - Error connecting to the internet. 11:23:21 AM - Unable
    to contact server..

    Error - 11/24/2010 2:23:29 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 12:23:29 PM - Error connecting to the internet. 12:23:29 PM - Unable
    to contact server..

    Error - 11/24/2010 2:23:35 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 12:23:35 PM - Error connecting to the internet. 12:23:35 PM - Unable
    to contact server..

    Error - 11/24/2010 3:23:43 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 1:23:43 PM - Error connecting to the internet. 1:23:43 PM - Unable
    to contact server..

    Error - 11/24/2010 3:23:49 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 1:23:49 PM - Error connecting to the internet. 1:23:49 PM - Unable
    to contact server..

    Error - 11/24/2010 4:23:57 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 2:23:57 PM - Error connecting to the internet. 2:23:57 PM - Unable
    to contact server..

    Error - 11/24/2010 4:24:03 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 2:24:03 PM - Error connecting to the internet. 2:24:03 PM - Unable
    to contact server..

    Error - 1/2/2011 1:12:37 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 11:12:37 AM - Error connecting to the internet. 11:12:37 AM - Unable
    to contact server..

    Error - 1/2/2011 1:12:43 PM | Computer Name = Jeezys-PC | Source = MCUpdate | ID = 0
    Description = 11:12:42 AM - Error connecting to the internet. 11:12:42 AM - Unable
    to contact server..

    [ System Events ]
    Error - 2/4/2011 8:40:45 PM | Computer Name = Jeezys-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 2/4/2011 9:23:22 PM | Computer Name = Jeezys-PC | Source = WMPNetworkSvc | ID = 866333
    Description =

    Error - 2/4/2011 11:08:56 PM | Computer Name = Jeezys-PC | Source = Service Control Manager | ID = 7034
    Description = The Dock Login Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2/4/2011 11:10:42 PM | Computer Name = Jeezys-PC | Source = Service Control Manager | ID = 7000
    Description = The SessionLauncher service failed to start due to the following error:
    %%3

    Error - 2/4/2011 11:10:46 PM | Computer Name = Jeezys-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 2/4/2011 11:10:49 PM | Computer Name = Jeezys-PC | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 2/5/2011 12:27:08 AM | Computer Name = Jeezys-PC | Source = Service Control Manager | ID = 7034
    Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
    time(s).

    Error - 2/5/2011 12:27:08 AM | Computer Name = Jeezys-PC | Source = Service Control Manager | ID = 7034
    Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 2/5/2011 12:32:17 AM | Computer Name = Jeezys-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 2/5/2011 12:32:38 AM | Computer Name = Jeezys-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  10. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    wont be able to fit all of OTL in one.

    OTL logfile created on: 2/4/2011 11:37:30 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Jeezys\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
    16.00 Gb Paging File | 14.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 549.82 Gb Total Space | 381.64 Gb Free Space | 69.41% Space Free | Partition Type: NTFS
    Drive F: | 9.12 Gb Total Space | 4.13 Gb Free Space | 45.25% Space Free | Partition Type: NTFS
    Drive P: | 139.65 Gb Total Space | 139.56 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

    Computer Name: JEEZYS-PC | User Name: Jeezys | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/04 23:36:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeezys\Desktop\OTL.exe
    PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/12/09 19:00:19 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    PRC - [2010/12/09 19:00:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2010/07/12 10:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe
    PRC - [2010/07/12 10:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
    PRC - [2010/03/04 11:28:08 | 000,658,656 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/04 23:36:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeezys\Desktop\OTL.exe
    MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/10/13 21:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV:64bit: - [2010/10/13 21:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/11/17 02:04:09 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2010/03/19 01:32:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/04 11:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2009/06/26 10:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/11/11 17:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2010/10/13 21:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/09/10 00:29:01 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/06/21 11:38:58 | 000,693,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
    DRV:64bit: - [2010/06/18 15:09:42 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2010/06/18 14:42:40 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
    DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
    DRV:64bit: - [2010/02/12 14:36:33 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
    DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
    DRV:64bit: - [2009/07/24 20:58:56 | 000,100,776 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/06/04 18:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/03 21:32:16 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
    DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
    DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
    DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
    DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/06/26 09:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: ar@dictionaries.addons.mozilla.org:2.0.20080110
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/02 21:42:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/18 20:38:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/18 20:38:36 | 000,000,000 | ---D | M]

    [2010/03/25 14:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeezys\AppData\Roaming\Mozilla\Extensions
    [2011/02/04 18:52:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeezys\AppData\Roaming\Mozilla\Firefox\Profiles\08x31bot.default\extensions
    [2010/10/13 01:21:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jeezys\AppData\Roaming\Mozilla\Firefox\Profiles\08x31bot.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/09/04 13:52:58 | 000,000,000 | ---D | M] (Arabic spell-checking dictionary) -- C:\Users\Jeezys\AppData\Roaming\Mozilla\Firefox\Profiles\08x31bot.default\extensions\ar@dictionaries.addons.mozilla.org
    [2011/01/12 22:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/08/04 01:00:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/02 12:08:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/12 22:27:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/10/13 21:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    [2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2010/07/12 10:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101102180903.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101102180903.dll (McAfee, Inc.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000..\Run: [Adobe.exe] C:\Users\Jeezys\AppData\Roaming\Adobe.exe (Adobe Corporation)
    O4 - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
    O4 - Startup: C:\Users\Anyone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Mcx1-JEEZYS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  11. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    part 2 of OTL

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/04 23:36:26 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Jeezys\Desktop\OTL.exe
    [2011/02/04 23:26:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/02/04 22:27:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/04 22:27:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/04 22:27:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/04 22:27:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/04 22:27:19 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/04 22:27:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/04 22:27:02 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/02/04 21:12:45 | 000,000,000 | ---D | C] -- C:\Users\Jeezys\AppData\Roaming\Malwarebytes
    [2011/02/04 21:12:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/02/04 21:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/04 21:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/04 21:12:37 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/02/04 21:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/02/04 21:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/02/04 19:57:27 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll
    [2011/02/04 19:57:27 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll
    [2011/02/04 19:57:27 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll
    [2011/02/04 19:57:26 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll
    [2011/02/04 19:57:26 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll
    [2011/02/04 19:57:26 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll
    [2011/02/04 19:57:26 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll
    [2011/02/04 19:57:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
    [2011/02/04 19:57:26 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
    [2011/02/04 19:57:26 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
    [2011/02/04 19:57:26 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.OCX
    [2011/02/04 19:57:26 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
    [2011/02/04 19:57:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll
    [2011/02/04 19:57:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
    [2011/02/04 19:57:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL
    [2011/02/04 19:57:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL
    [2011/02/04 19:57:26 | 000,000,000 | ---D | C] -- C:\Users\Jeezys\AppData\Roaming\FreeAudioPack
    [2011/02/04 19:57:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Audio Pack
    [2011/02/03 19:05:40 | 000,000,000 | ---D | C] -- C:\Boot
    [2011/01/31 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\Jeezys\Desktop\Lil Jon And The Eastside Boyz - Kings Of Crunk (2002)
    [2011/01/31 22:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2011/01/31 21:58:53 | 020,471,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2011/01/31 21:58:53 | 018,580,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2011/01/31 21:58:53 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2011/01/31 21:58:53 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2011/01/31 21:58:53 | 006,604,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2011/01/31 21:58:53 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2011/01/31 21:58:53 | 003,112,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2011/01/31 21:58:53 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2011/01/31 21:58:53 | 002,479,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2011/01/31 21:58:53 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2011/01/31 21:58:53 | 001,965,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
    [2011/01/31 21:58:53 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
    [2011/01/31 21:58:53 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64hda.dll
    [2011/01/31 21:58:53 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
    [2011/01/31 21:58:53 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/01/31 21:58:53 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/01/31 21:58:53 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
    [2011/01/29 18:48:34 | 000,000,000 | ---D | C] -- C:\Users\Jeezys\AppData\Roaming\Centrify
    [2011/01/24 22:29:21 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/01/24 22:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2011/01/14 21:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
    [2011/01/14 21:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
    [2011/01/12 22:29:06 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2011/01/12 22:29:06 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2011/01/12 22:29:06 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
    [2011/01/12 22:29:06 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2011/01/12 22:29:06 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2011/01/12 22:29:06 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2011/01/12 22:29:06 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2011/01/12 22:29:05 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2011/01/12 22:29:05 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2011/01/12 22:29:05 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2011/01/12 22:29:05 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2011/01/12 22:29:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2011/01/12 22:29:05 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2011/01/12 22:29:05 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2011/01/12 22:29:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2011/01/12 22:29:05 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
    [2011/01/12 22:29:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2011/01/12 22:29:05 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
    [2011/01/12 22:29:05 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2011/01/12 22:29:05 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2011/01/12 22:28:48 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
    [2011/01/12 22:28:48 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
    [2011/01/12 22:27:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2011/01/12 22:27:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2011/01/12 22:27:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2011/01/07 20:49:34 | 000,795,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
    [2011/01/07 20:49:28 | 006,143,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
    [2011/01/07 20:49:10 | 003,156,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
    [2011/01/07 20:48:58 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
    [2010/11/29 18:50:39 | 000,327,680 | ---- | C] (Adobe Corporation) -- C:\Users\Jeezys\AppData\Roaming\Adobe.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/02/04 23:36:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeezys\Desktop\OTL.exe
    [2011/02/04 23:30:32 | 000,001,565 | ---- | M] () -- C:\Users\Jeezys\Desktop\G.jpg
    [2011/02/04 22:09:26 | 001,196,258 | ---- | M] () -- C:\Users\Jeezys\Desktop\AROD.gif
    [2011/02/04 22:08:25 | 003,036,681 | ---- | M] () -- C:\Users\Jeezys\Desktop\RODGERSBELT.gif.pagespeed.ce.-gYOv8YQbg.gif
    [2011/02/04 21:17:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/04 21:17:53 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/04 21:16:19 | 001,311,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/02/04 21:16:19 | 000,338,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/02/04 21:16:19 | 000,005,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/02/04 21:12:40 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/04 21:10:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/04 21:10:27 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/04 20:17:28 | 000,007,358 | ---- | M] () -- C:\Users\Jeezys\Desktop\SharePodSettings.xml
    [2011/02/04 18:40:18 | 793,118,266 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/02/03 17:20:43 | 008,871,223 | ---- | M] () -- C:\Users\Jeezys\Desktop\Lil_Wayne-Green_And_Yellow-2dope.mp3
    [2011/01/31 21:53:17 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/01/24 22:32:08 | 000,205,606 | ---- | M] () -- C:\Windows\hpoins46.dat
    [2011/01/07 21:27:00 | 020,471,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
    [2011/01/07 21:27:00 | 018,580,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
    [2011/01/07 21:27:00 | 015,047,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
    [2011/01/07 21:27:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
    [2011/01/07 21:27:00 | 012,859,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
    [2011/01/07 21:27:00 | 010,078,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
    [2011/01/07 21:27:00 | 007,729,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
    [2011/01/07 21:27:00 | 006,604,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
    [2011/01/07 21:27:00 | 005,653,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
    [2011/01/07 21:27:00 | 004,941,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
    [2011/01/07 21:27:00 | 003,112,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
    [2011/01/07 21:27:00 | 002,895,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
    [2011/01/07 21:27:00 | 002,479,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
    [2011/01/07 21:27:00 | 002,251,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
    [2011/01/07 21:27:00 | 002,200,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
    [2011/01/07 21:27:00 | 001,965,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
    [2011/01/07 21:27:00 | 001,614,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
    [2011/01/07 21:27:00 | 001,359,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
    [2011/01/07 21:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/01/07 21:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/01/07 21:27:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
    [2011/01/07 21:27:00 | 000,007,621 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
    [2011/01/07 20:49:34 | 000,795,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyUpdatusAPIU64.dll
    [2011/01/07 20:49:28 | 006,143,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
    [2011/01/07 20:49:10 | 003,156,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
    [2011/01/07 20:48:58 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll

    ========== Files Created - No Company Name ==========

    [2011/02/04 23:30:14 | 000,001,565 | ---- | C] () -- C:\Users\Jeezys\Desktop\G.jpg
    [2011/02/04 22:27:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/04 22:27:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/04 22:27:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/04 22:27:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/04 22:27:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/04 22:09:25 | 001,196,258 | ---- | C] () -- C:\Users\Jeezys\Desktop\AROD.gif
    [2011/02/04 22:08:25 | 003,036,681 | ---- | C] () -- C:\Users\Jeezys\Desktop\RODGERSBELT.gif.pagespeed.ce.-gYOv8YQbg.gif
    [2011/02/04 21:12:40 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/04 19:57:27 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
    [2011/02/03 19:17:15 | 000,383,562 | RHS- | C] () -- C:\bootmgr
    [2011/02/03 17:20:03 | 008,871,223 | ---- | C] () -- C:\Users\Jeezys\Desktop\Lil_Wayne-Green_And_Yellow-2dope.mp3
    [2011/02/01 09:52:00 | 000,007,358 | ---- | C] () -- C:\Users\Jeezys\Desktop\SharePodSettings.xml
    [2011/01/31 21:53:17 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/01/24 22:26:54 | 000,207,034 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
    [2011/01/24 22:26:54 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
    [2010/12/22 15:07:47 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2010/09/10 00:34:43 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/07/31 16:13:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/06/29 22:21:12 | 000,000,017 | ---- | C] () -- C:\Users\Jeezys\AppData\Local\resmon.resmoncfg
    [2010/06/07 21:05:41 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
    [2010/06/07 21:05:41 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
    [2010/06/07 21:05:41 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
    [2010/03/27 11:52:42 | 000,000,094 | ---- | C] () -- C:\Users\Jeezys\AppData\Local\fusioncache.dat
    [2010/03/27 11:51:09 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/02/04 22:33:57 | 000,018,967 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/19 04:07:48 | 000,025,542 | RH-- | M] () -- C:\dell.sdr
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/02/04 21:10:27 | 2140,393,471 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/02/04 21:10:31 | 4285,517,823 | -HS- | M] () -- C:\pagefile.sys
    [2011/02/04 23:26:39 | 000,067,294 | ---- | M] () -- C:\TDSSKiller.2.4.16.0_04.02.2011_23.24.13_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/05/18 19:43:12 | 000,001,670 | -HS- | M] () -- C:\Users\Jeezys\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/03/25 14:44:32 | 000,000,221 | -HS- | M] () -- C:\Users\Jeezys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/04 23:36:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Jeezys\Desktop\OTL.exe
    [2010/07/17 11:41:44 | 005,470,720 | ---- | M] (Jeffrey Harris) -- C:\Users\Jeezys\Desktop\SharePod.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/01/31 22:00:20 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/01/31 22:00:21 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/06/29 18:03:19 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/06/29 18:03:19 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2011/01/31 22:00:21 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 08:34:25 | 000,000,402 | -HS- | M] () -- C:\Users\Jeezys\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/24 22:32:09 | 000,002,384 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-1046951974-1599380402-3457755934-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1046951974-1599380402-3457755934-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Anyone

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jeezys
    ->Temp folder emptied: 952877 bytes
    ->Temporary Internet Files folder emptied: 910945 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 43095562 bytes
    ->Flash cache emptied: 3548 bytes

    User: Mcx1-JEEZYS-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5590 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 161809 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Anyone

    User: Default

    User: Default User

    User: Jeezys
    ->Flash cache emptied: 0 bytes

    User: Mcx1-JEEZYS-PC

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.6 log created on 02052011_001845

    Files\Folders moved on Reboot...
    C:\Users\Jeezys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    __________________________________________________________________

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Security Scan Plus
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.1.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````

    nothing from ESET Online Scanner
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
     
  15. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    Installed Adobe reader X, its seems like I have narrowed it down to only happening once after I log in (like 2 minutes of me just sitting there idle not opening anything). This thing is going to be the death of me...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    We'll reset your router...

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE

    Let me know, if the issue is gone.
     
  17. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    Well, my internet is now faster thanks to some tweeked settings...but unfortunately the sound still popped up. Although this time a little later then usual, am I doomed to just have this unless I reformat?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  19. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    When I try and run the program is gives me the following error,
    "Error loading driver, NTSTATUS code: 0xC000036B"
    I tried all three links with the same error and each of them.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download The Avenger by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
     
  21. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    i ran the program twice but no log opened. it says no logged was saved.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  23. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    changed the dns settings and got the check mark on OpenDNS.
    that damned soundbite still plays...ARGH
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download Sophos Anti-rootkit & save it to your desktop.

    IMPORTANT!
    • Disconnect from the Internet or physically unplug you Internet cable connection.
    • Clean out your temporary files.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
    • After starting the scan, do not use the computer until the scan has completed.
    • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

    • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
    • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
    • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
    • Make sure the following are checked:
      • Running processes
      • Windows Registry
      • Local Hard Drives

    • Click Start scan.
    • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
    • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
    • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
      • Files tagged as Removable: No are not marked for removal and cannot be removed.
      • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
      • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.

    • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
    • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
    • After reboot, a dialog box displays the files you selected for removal and the action taken.
    • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
    • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
    • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\
     
  25. jeezybaby43

    jeezybaby43 TS Rookie Topic Starter Posts: 16

    When I ran the program I was unable to scan for running processes(grayed out) but I scanned twice and didn't come up with anything that needed to be removed.


    Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
    Started logging on 2/6/2011 at 14:45:06 PM
    User "Jeezys" on computer "JEEZYS-PC"
    Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
    Info: Starting registry scan.
    Info: Starting disk scan of C: (NTFS).
    Hidden: file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\%3Dtrue%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1159961;sub2=1159959;sub3=1159957;sub4=1159958;misc=685526894[1]
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\05ba5b8c242055;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt18=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\7c1624f7b218a8;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\baa9dce6d6a27a;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\0761a4f77141dc;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\85cc12e8d0b0c9;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\831fef9e8dd137;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\5b32e307756e73;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\d559008f833ced;kvexpandable=0;kvdim=300x250;kvbw=1;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\e954c46feca7c0;kvexpandable=0;kvdim=300x250;kvbw=1;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\dbdfbea4a5e2004;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt18=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\45c27c984f5194;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\28fe37bd60a5fa9;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt35=100;kvagt18=100;kvagt25=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\e15bcdb670c94f8;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt18=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\2967f68dbf5508;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\Music\iTunes\iTunes Media\Music\Lil Wayne\Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS]\12-Lil Wayne Ft. Lil Twist, Lil’ Chuckee, Gudda Gudda, Jae Millz, And Nicki Minaj - YM Salute (Bonus Track) (Prod. by Lil Wayne, Mr. Pyro, & Polow da Don).mp3
    Hidden: file C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enUS-patch.exe
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\a7d00ec3dc006b;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\f2628b0e3649ee;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\53120ce49e73e7;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\9198623996d52d;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\8fa2e41e7a3c9ea;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\430e3f7e51a74b;kvexpandable=0;kvdim=300x250;kvbw=1;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\%3Dtrue%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1159961;sub2=1159959;sub3=1159957;sub4=1159958;misc=469771708[1]
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\798e397d939ba8;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\5b077ce433b446;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgm=100[1].htm
    Hidden: file C:\Windows\PEV.exe
    Hidden: file C:\Program Files (x86)\Coupons\uninstall.exe
    Hidden: file C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll
    Hidden: file C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    Hidden: file C:\Windows\System32\drivers\sptd.sys
    Hidden: file C:\Windows\Installer\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}\moh.exe
    Hidden: file C:\Program Files\Verizon V CAST Media Manager\Setup.exe
    Hidden: file C:\Users\Jeezys\Downloads\266.58_desktop_win7_winvista_64bit_english_whql.exe
    Hidden: file C:\Users\Jeezys\Downloads\MBRCheck.exe
    Info: Starting disk scan of F: (NTFS).
    Info: Starting disk scan of P: (NTFS).
    Stopped logging on 2/6/2011 at 15:17:06 PM


    Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
    Started logging on 2/8/2011 at 15:26:39 PM
    User "Jeezys" on computer "JEEZYS-PC"
    Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64
    Info: Starting registry scan.
    Info: Starting disk scan of C: (NTFS).
    Hidden: file C:\Users\Jeezys\Desktop\RKUnhookerLE.EXE
    Hidden: file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Hidden: file C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-patch.exe
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\%3Dtrue%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1159961;sub2=1159959;sub3=1159957;sub4=1159958;misc=685526894[1]
    Hidden: file C:\Users\Jeezys\Downloads\TFC.exe
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\05ba5b8c242055;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt18=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\7c1624f7b218a8;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\baa9dce6d6a27a;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\0761a4f77141dc;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\85cc12e8d0b0c9;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\831fef9e8dd137;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\5b32e307756e73;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\d559008f833ced;kvexpandable=0;kvdim=300x250;kvbw=1;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\e954c46feca7c0;kvexpandable=0;kvdim=300x250;kvbw=1;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Program Files\World of Warcraft\WoW-3.3.0.11159-to-3.3.2.11403-enUS-patch.exe
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\dbdfbea4a5e2004;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt18=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\45c27c984f5194;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\28fe37bd60a5fa9;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt35=100;kvagt18=100;kvagt25=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\Downloads\OTL.exe
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\e15bcdb670c94f8;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt18=100;kvagt35=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\2967f68dbf5508;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Program Files (x86)\uTorrent\uTorrent.exe
    Hidden: file C:\Windows\SysWOW64\pbsvc.exe
    Hidden: file C:\Users\Jeezys\Music\iTunes\iTunes Media\Music\Lil Wayne\Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS]\12-Lil Wayne Ft. Lil Twist, Lil’ Chuckee, Gudda Gudda, Jae Millz, And Nicki Minaj - YM Salute (Bonus Track) (Prod. by Lil Wayne, Mr. Pyro, & Polow da Don).mp3
    Hidden: file C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.3.0.10958-enUS-patch.exe
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\a7d00ec3dc006b;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\f2628b0e3649ee;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\53120ce49e73e7;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\9198623996d52d;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva1834=100;kva2534=100;kva2544=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\8fa2e41e7a3c9ea;kvexpandable=0;kvdim=728x90;kvbw=0;kvpid=1778378;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt25=100;kvagt35=100;kvagt18=100;kvgf=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\430e3f7e51a74b;kvexpandable=0;kvdim=300x250;kvbw=1;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\%3Dtrue%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1159961;sub2=1159959;sub3=1159957;sub4=1159958;misc=469771708[1]
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\798e397d939ba8;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt35=100;kvagt25=100;kvagt18=100;kvgm=100[1].htm
    Hidden: file C:\Users\Jeezys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BKTTMY8O\5b077ce433b446;kvexpandable=0;kvdim=300x250;kvbw=0;kvpid=1778380;kva1824=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100;kvgm=100[1].htm
    Hidden: file C:\Windows\PEV.exe
    Hidden: file C:\Program Files (x86)\DAEMON Tools Lite\imgengine.dll
    Hidden: file C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    Hidden: file C:\Windows\System32\drivers\sptd.sys
    Hidden: file C:\Windows\Installer\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}\moh.exe
    Hidden: file C:\Program Files\Verizon V CAST Media Manager\Setup.exe
    Hidden: file C:\Users\Jeezys\Downloads\266.58_desktop_win7_winvista_64bit_english_whql.exe
    Hidden: file C:\Users\Jeezys\Downloads\MBRCheck.exe
    Info: Starting disk scan of F: (NTFS).
    Info: Starting disk scan of P: (NTFS).
    Stopped logging on 2/8/2011 at 16:04:58 PM
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...