TechSpot

IE keeps locking up and pop-ups

By keel5
Nov 26, 2010
  1. Hi, I'm new here and needs some help. I found this site from Google search. my problem is that ever since I installed then removed a software called podmaxx my IE8 keeps locking up every other time I start it. Now, just recently I started to get ad pop-ups and some sounds that I have disabled are sounding again. I have tryed some malware programs with no luck.

    Now I have followed the 8 step instructions to post it here and see if I can get some help. Thanks in advance.

    Malwarebytes log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5193

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/26/2010 12:40:43 PM
    mbam-log-2010-11-26 (12-40-43).txt

    Scan type: Quick scan
    Objects scanned: 155256
    Time elapsed: 5 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ____________________________________________________

    The GMER log was empty
    ______________________________________________________

    DDs logs:


    DDS (Ver_10-11-26.01) - NTFS_AMD64
    Run by Bobby at 13:10:48.72 on Fri 11/26/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.6429 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
    C:\Program Files (x86)\ClipMate7\ClipMate.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\mfevtps.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\SysWOW64\java.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\fxssvc.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\syswow64\MsiExec.exe
    C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    C:\Users\Bobby\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Bobby\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aolnews.com/
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTB.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101122065509.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTB.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "C:\Users\Bobby\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: eBay Search - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101122065509.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
    mRun-x64: [Linksys Wireless Manager] "C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun-x64: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe

    ============= SERVICES / DRIVERS ===============

    R0 DRVECDB;DRVECDB;C:\Windows\System32\drivers\DRVECDB.SYS [2010-1-7 122776]
    R0 McPvDrv;McPvDrv Driver;C:\Windows\System32\drivers\McPvDrv.sys [2009-11-17 72296]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 529128]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-7 52856]
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);C:\Windows\System32\drivers\tdrpm251.sys [2010-1-10 1455648]
    R1 DLARTL_E;DLARTL_E;C:\Windows\System32\drivers\DLARTL_E.SYS [2010-1-7 39288]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-11-22 75032]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-11-22 283360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-11-25 2806000]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-24 203264]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-1-17 90112]
    R2 DLABMFSE;DLABMFSE;C:\Windows\System32\DLA\DLABMFSE.SYS [2010-1-7 44152]
    R2 DLABOIOE;DLABOIOE;C:\Windows\System32\DLA\DLABOIOE.SYS [2010-1-7 41976]
    R2 DLADResE;DLADResE;C:\Windows\System32\DLA\DLADResE.SYS [2010-1-7 10360]
    R2 DLAIFS_E;DLAIFS_E;C:\Windows\System32\DLA\DLAIFS_E.SYS [2010-1-7 141432]
    R2 DLAOPIOE;DLAOPIOE;C:\Windows\System32\DLA\DLAOPIOE.SYS [2010-1-7 33656]
    R2 DLAPoolE;DLAPoolE;C:\Windows\System32\DLA\DLAPoolE.SYS [2010-1-7 18040]
    R2 DLAUDF_E;DLAUDF_E;C:\Windows\System32\DLA\DLAUDF_E.SYS [2010-1-7 143096]
    R2 DLAUDFAE;DLAUDFAE;C:\Windows\System32\DLA\DLAUDFAE.SYS [2010-1-7 136952]
    R2 DRVEDDM;DRVEDDM;C:\Windows\System32\drivers\DRVEDDM.SYS [2010-1-7 63608]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2010-11-17 137256]
    R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-22 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-22 355440]
    R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-11-22 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-11-22 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-11-22 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2010-11-22 149032]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2008-6-24 605464]
    R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-11-25 84752]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-4 7451648]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-4 268288]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2009-6-30 411136]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-11-22 62800]
    R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
    R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
    R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-11-22 190136]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-11-22 441328]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2009-6-19 712704]
    S1 DLACDBHE;DLACDBHE;C:\Windows\System32\drivers\DLACDBHE.SYS [2010-1-7 15992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-6 135664]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-1-14 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-1-14 79360]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-1-14 79360]
    S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
    S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
    S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
    S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\System32\drivers\HCW85BDA.sys [2009-6-10 1192448]
    S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-11-22 94864]
    S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2010-1-6 40904]
    S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2010-1-6 49480]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-9-17 1250816]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-24 1255736]

    =============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-11-26 02:11:51 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2010-11-26 00:59:26 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Malwarebytes
    2010-11-26 00:59:19 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-26 00:59:18 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-26 00:59:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-26 00:59:18 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-22 11:55:14 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2010-11-22 11:55:08 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2010-11-22 11:54:54 283360 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2010-11-22 11:54:53 94864 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2010-11-22 11:54:53 75032 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
    2010-11-22 11:54:53 62800 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2010-11-22 11:54:53 441328 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2010-11-22 11:54:53 190136 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2010-11-22 11:54:51 -------- d-----w- C:\Program Files\Common Files\McAfee
    2010-11-22 11:54:50 -------- d-----w- C:\Program Files\McAfee.com
    2010-11-22 11:52:45 149032 ----a-w- C:\Windows\System32\mfevtps.exe
    2010-11-22 11:26:48 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2010-11-22 11:26:06 -------- d-----w- C:\_AcroTemp
    2010-11-17 20:23:37 137256 ----a-w- C:\Windows\System32\drivers\idmwfp.sys
    2010-11-16 21:39:53 -------- d-----w- C:\Program Files\iTunes
    2010-11-16 21:39:53 -------- d-----w- C:\Program Files\iPod
    2010-11-12 22:46:42 -------- d-----w- C:\Users\Bobby\AppData\Local\Diagnostics
    2010-11-06 16:50:28 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-11-06 16:50:28 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-11-06 16:50:28 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-11-06 12:23:37 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{0F3D6550-E2A4-42EB-9D53-4EC92E6C9E50}\mpengine.dll
    2010-11-06 12:23:36 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-11-06 12:11:03 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2010-11-06 12:06:30 -------- d-----w- C:\PROGRA~3\PC Tools
    2010-11-05 23:28:57 -------- d-----w- C:\Windows\SysWow64\InstallShield Installation Information
    2010-11-05 23:06:41 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-11-04 21:11:30 511328 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
    2010-11-04 20:37:58 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2a1b7c641cb7c6016\InstallManager_WLE_WLE.exe
    2010-11-04 20:37:55 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28ccd76e1cb7c6015\DSETUP.dll
    2010-11-04 20:37:55 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28ccd76e1cb7c6015\DXSETUP.exe
    2010-11-04 20:37:54 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\27ffc06d1cb7c6014\DSETUP.dll
    2010-11-04 20:37:31 -------- d-----w- C:\Users\Bobby\AppData\Local\Windows Live
    2010-11-04 20:34:37 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-11-04 20:34:37 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-11-04 20:34:37 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-11-04 20:34:37 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-11-02 21:57:13 -------- d-----w- C:\Users\Bobby\AppData\Local\IsolatedStorage
    2010-11-02 21:56:05 -------- d-----w- C:\Users\Bobby\AppData\Roaming\Bling Software
    2010-11-02 21:55:42 -------- d-----w- C:\Program Files (x86)\Podmaxx09
    2010-11-02 21:55:39 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5

    ==================== Find3M ====================

    2010-10-14 23:33:48 80 --sh--r- C:\Windows\SysWow64\5984AA01EE.dll
    2010-10-14 03:28:54 529128 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2010-10-14 03:28:54 121248 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2010-09-28 20:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 20:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

    ============= FINISH: 13:11:35.00 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-26.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/6/2010 4:15:12 PM
    System Uptime: 11/26/2010 12:32:40 PM (1 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P7P55D
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | LGA1156 | 2801/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 931 GiB total, 530.56 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 351 GiB total, 101.336 GiB free.
    G: is FIXED (NTFS) - 100 GiB total, 91.625 GiB free.
    H: is FIXED (FAT32) - 14 GiB total, 6.632 GiB free.
    K: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03\4&61613AC&0&00E7
    Manufacturer: Realtek
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_83A31043&REV_03\4&61613AC&0&00E7
    Service: RTL8167

    ==== System Restore Points ===================

    RP172: 11/6/2010 8:23:02 AM - Windows Update
    RP174: 11/6/2010 12:23:53 PM - Windows Defender Checkpoint
    RP175: 11/6/2010 12:50:35 PM - Windows Update
    RP176: 11/10/2010 6:32:10 PM - Windows Update
    RP177: 11/17/2010 9:54:26 PM - Scheduled Checkpoint
    RP178: 11/25/2010 12:09:18 AM - Scheduled Checkpoint

    ==== Installed Programs ======================

    6400_Help
    Acronis*True*Image*Home
    Adobe Acrobat 9 Pro - English, Français, Deutsch
    Adobe Acrobat 9.4.1 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 7.0
    Adobe Premiere Elements 7.0 Templates
    AIM 7
    AIM Toolbar
    AMD DnD V1.0.19
    Apple Application Support
    Apple Software Update
    ATI Catalyst Registration
    BlackBerry Desktop Software 5.0.1
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    Brother P-touch Editor 5.0
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    ccc-core-static
    CCC Help English
    ClipMate 7
    Creative 3DMIDI Player
    Creative ALchemy
    Creative Audio Control Panel
    Creative Console Launcher
    Creative Diagnostics
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative System Information
    Creative WaveStudio 7
    DesignPro 5.4 Limited Edition
    Destinations
    DeviceDiscovery
    DivX
    DocProc
    Dolby Digital Live Pack
    Download Updater (AOL LLC)
    Emsisoft Anti-Malware 5.0
    erLT
    Fax
    FileOpen Client
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Calendar Sync
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    GPBaseService2
    HP Product Detection
    HP Update
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    HTC Driver Installer
    HTC Sync
    ieSpell
    Intel(R) Processor ID Utility
    Internet Download Manager
    J6400
    Java(TM) 6 Update 17
    Java(TM) 6 Update 3
    LimeWire 5.5.16
    Linksys EasyLink Advisor
    Logitech SetPoint
    Malwarebytes' Anti-Malware
    MapSend DirectRoute North America
    MarketResearch
    McAfee Total Protection
    McAfee Virtual Technician
    Microsoft .NET Framework 1.1
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Personal Folders Backup
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft Works 6-9 Converter
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OpenAL
    PC Probe II
    PCsync
    PhotoshopdotcomInspirationBrowser
    Platform
    PowerDVD
    ProductContext
    Pure Networks Platform
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Roxio Content 9
    Roxio Media Manager
    Scan
    Security Task Manager 1.7h
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartSound Quicktracks for Premiere Elements
    SmartWebPrinting
    SolSuite 2010 v10.7
    SolutionCenter
    Sound Blaster X-Fi
    SoundFont Bank Manager
    Status
    System Requirements Lab for Intel
    Toolbox
    TrayApp
    TuneUp Companion 1.9.0
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    VIA Platform Device Manager
    WebEx Support Manager for Internet Explorer
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    WinWay Resume Deluxe
    WModem Driver Installer
    Xingtone Ringtone Maker
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    11/26/2010 9:13:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk
    11/26/2010 9:12:38 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/26/2010 5:45:07 AM, Error: Service Control Manager [7022] - The SQL Server Browser service hung on starting.
    11/26/2010 12:33:50 PM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {E9513610-F218-4DDA-B954-2C7E6BA7CABB} as /. The error: "740" Happened while starting this command: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe -Embedding
    11/26/2010 12:33:42 PM, Error: Service Control Manager [7023] - The Power service terminated with the following error: The WMI request could not be completed and should be retried.
    11/26/2010 12:33:42 PM, Error: Service Control Manager [7000] - The tandpl service failed to start due to the following error: This driver has been blocked from loading
    11/26/2010 12:33:42 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/26/2010 12:33:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
    11/26/2010 12:33:08 PM, Error: Service Control Manager [7000] - The enodpl service failed to start due to the following error: This driver has been blocked from loading
    11/26/2010 12:33:08 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\enodpl.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    11/26/2010 12:32:50 PM, Error: Application Popup [876] - Driver DLACDBHE.SYS has been blocked from loading.
    11/26/2010 12:28:56 PM, Error: Service Control Manager [7031] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/26/2010 12:00:38 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BILLCARDONA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4DB36477-24C5-4C00-B410-D7BDFB849D0B}. The master browser is stopping or an election is being forced.
    11/26/2010 1:08:13 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SYSTEM' was corrupted and it has been recovered. Some data might have been lost.
    11/25/2010 8:55:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e5d7e7, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112510-24507-01.
    11/23/2010 9:44:25 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.102. The computer with the IP address 192.168.1.107 did not allow the name to be claimed by this computer.
    11/22/2010 6:46:04 AM, Error: Service Control Manager [7003] - The McAfee Firewall Core Service service depends the following service: mfevtp. This service might not be installed.
    11/22/2010 6:46:04 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    11/22/2010 6:46:03 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    11/22/2010 6:42:07 AM, Error: Service Control Manager [7003] - The McShield service depends the following service: mfevtp. This service might not be installed.
    11/22/2010 6:36:01 AM, Error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
    11/22/2010 6:33:55 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

    ==== End Of File ===========================


    Good luck with all that.

    I really apreciate any help I get. I you need more let me know.

    Bobby
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  3. keel5

    keel5 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x000004fc

    Kernel Drivers (total 242):
    0x02E55000 \SystemRoot\system32\ntoskrnl.exe
    0x02E0C000 \SystemRoot\system32\hal.dll
    0x00BCF000 \SystemRoot\system32\kdcom.dll
    0x00CD2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D16000 \SystemRoot\system32\PSHED.dll
    0x00D2A000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E2E000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00ED2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00EE1000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F38000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F41000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00F4B000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00F7E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F8B000 \SystemRoot\System32\drivers\partmgr.sys
    0x00FA0000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00FA9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00FB5000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D88000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FCA000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00FD1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FE1000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01041000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x0115D000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01166000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x01190000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0119B000 \SystemRoot\system32\drivers\fltmgr.sys
    0x011E7000 \SystemRoot\system32\drivers\fileinfo.sys
    0x012A9000 \SystemRoot\system32\drivers\mfehidk.sys
    0x01328000 \SystemRoot\System32\Drivers\DRVECDB.SYS
    0x01345000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x0141B000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01351000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015BE000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01200000 \SystemRoot\System32\Drivers\cng.sys
    0x015D8000 \SystemRoot\System32\drivers\pcw.sys
    0x015E9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01620000 \SystemRoot\system32\drivers\ndis.sys
    0x01712000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01772000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x018AA000 \SystemRoot\system32\DRIVERS\timntr.sys
    0x0198F000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01A11000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
    0x01B77000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B7F000 \SystemRoot\system32\DRIVERS\snapman.sys
    0x01BBE000 \SystemRoot\System32\drivers\rdyboost.sys
    0x019DB000 \SystemRoot\System32\Drivers\mup.sys
    0x01800000 \SystemRoot\system32\drivers\McPvDrv.sys
    0x01A00000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01818000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01852000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01868000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x043D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x04200000 \SystemRoot\System32\Drivers\Null.SYS
    0x04209000 \SystemRoot\System32\Drivers\Beep.SYS
    0x04210000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
    0x04218000 \SystemRoot\System32\drivers\vga.sys
    0x04226000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0424B000 \SystemRoot\System32\drivers\watchdog.sys
    0x0425B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04264000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0426D000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x04276000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04281000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04403000 \SystemRoot\System32\drivers\tcpip.sys
    0x0179D000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x013AF000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x04292000 \SystemRoot\system32\drivers\TDI.SYS
    0x01600000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x0469B000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x046E0000 \SystemRoot\system32\drivers\afd.sys
    0x0476A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04773000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04799000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x047AF000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x047C0000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x047CF000 \SystemRoot\system32\DRIVERS\serial.sys
    0x04600000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0461B000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0462F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04680000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0468C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x047EC000 \SystemRoot\System32\drivers\discache.sys
    0x01273000 \SystemRoot\System32\Drivers\dfsc.sys
    0x019ED000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x043FA000 \SystemRoot\SysWow64\drivers\AsIO.sys
    0x01000000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x017E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04C4D000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04E07000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x04C94000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05575000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x055AB000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04D88000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04DAC000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x058FD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x05953000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x05800000 \SystemRoot\system32\drivers\portcls.sys
    0x0583D000 \SystemRoot\system32\drivers\drmk.sys
    0x0585F000 \SystemRoot\system32\drivers\ks.sys
    0x058A2000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x058D3000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x058DB000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05A96000 \SystemRoot\system32\DRIVERS\netr28x.sys
    0x05B4C000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x05B59000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
    0x05C32000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    0x05ED6000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    0x05FA1000 \SystemRoot\system32\drivers\modem.sys
    0x05FB0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x05FEE000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x05E00000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x05E0C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05E2A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x05E3C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x05E4C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x05E55000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x05E65000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x05E6D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x05E83000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05EA7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x05DA6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x05EB3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x05DD5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x05C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x05ECE000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x05C1A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x05FF6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x05BC9000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x062B1000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x0705F000 \SystemRoot\system32\drivers\ha20x22k.sys
    0x07000000 \SystemRoot\system32\drivers\emupia2k.sys
    0x0630B000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x0704A000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0x06343000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x06358000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x06379000 \SystemRoot\System32\drivers\CTHWIUT.SYS
    0x06395000 \SystemRoot\System32\drivers\CT20XUT.SYS
    0x07885000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
    0x07800000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x06200000 \SystemRoot\system32\drivers\mfefirek.sys
    0x00050000 \SystemRoot\System32\win32k.sys
    0x0782D000 \SystemRoot\System32\drivers\Dxapi.sys
    0x07839000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0429F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x07847000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x0785A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005C0000 \SystemRoot\System32\TSDDD.dll
    0x07868000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x079E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x079EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0626A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x071EC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x06283000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x06296000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x063D2000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x00620000 \SystemRoot\System32\cdd.dll
    0x071F5000 \SystemRoot\system32\DRIVERS\HidBatt.sys
    0x063E6000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x062A3000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x05BDB000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x05A00000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x058E1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x05DF6000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x04DBD000 \SystemRoot\system32\drivers\luafv.sys
    0x05A28000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
    0x04DE0000 \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
    0x04C00000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0x079F9000 \SystemRoot\System32\DLA\DLADResE.SYS
    0x04C17000 \SystemRoot\System32\DLA\DLAIFS_E.SYS
    0x07057000 \SystemRoot\System32\DLA\DLAOPIOE.SYS
    0x079FA000 \SystemRoot\System32\DLA\DLAPoolE.SYS
    0x00E00000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05A36000 \SystemRoot\System32\DLA\DLABMFSE.SYS
    0x063F7000 \SystemRoot\System32\DLA\DLABOIOE.SYS
    0x03E55000 \SystemRoot\System32\DLA\DLAUDFAE.SYS
    0x03E75000 \SystemRoot\System32\DLA\DLAUDF_E.SYS
    0x03E97000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03EAC000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x03EFF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x03F12000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x03F1E000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x03F2A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x07ADA000 \SystemRoot\system32\drivers\HTTP.sys
    0x07BA2000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07BC0000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x07A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x07A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x07A9E000 \SystemRoot\system32\DRIVERS\idmwfp.sys
    0x07AC2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x03F42000 \SystemRoot\system32\drivers\peauth.sys
    0x07AC7000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x03E00000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07BD8000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0A884000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0A8EB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0A981000 \SystemRoot\system32\drivers\cfwids.sys
    0x0A98F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x0A871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0A9DC000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x0A800000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x775B0000 \Windows\System32\ntdll.dll
    0x475E0000 \Windows\System32\smss.exe
    0xFF8D0000 \Windows\System32\apisetschema.dll
    0xFF820000 \Windows\System32\autochk.exe
    0xFF740000 \Windows\System32\urlmon.dll
    0xFF670000 \Windows\System32\usp10.dll
    0x77780000 \Windows\System32\normaliz.dll
    0xFF490000 \Windows\System32\setupapi.dll
    0xFF410000 \Windows\System32\difxapi.dll
    0xFF370000 \Windows\System32\msvcrt.dll
    0xFF290000 \Windows\System32\advapi32.dll
    0xFF220000 \Windows\System32\gdi32.dll
    0xFF1A0000 \Windows\System32\shlwapi.dll
    0xFF100000 \Windows\System32\clbcatq.dll
    0xFE370000 \Windows\System32\shell32.dll
    0xFE160000 \Windows\System32\ole32.dll
    0xFE080000 \Windows\System32\oleaut32.dll
    0xFE070000 \Windows\System32\lpk.dll
    0x77490000 \Windows\System32\kernel32.dll
    0x77770000 \Windows\System32\psapi.dll
    0xFDF40000 \Windows\System32\rpcrt4.dll
    0x77390000 \Windows\System32\user32.dll
    0xFDF20000 \Windows\System32\imagehlp.dll
    0xFDED0000 \Windows\System32\Wldap32.dll
    0xFDE80000 \Windows\System32\ws2_32.dll
    0xFDD50000 \Windows\System32\wininet.dll
    0xFDCB0000 \Windows\System32\comdlg32.dll
    0xFDA50000 \Windows\System32\iertutil.dll
    0xFD940000 \Windows\System32\msctf.dll
    0xFD930000 \Windows\System32\nsi.dll
    0xFD900000 \Windows\System32\imm32.dll
    0xFD8E0000 \Windows\System32\sechost.dll
    0xFD8A0000 \Windows\System32\wintrust.dll
    0xFD830000 \Windows\System32\KernelBase.dll
    0xFD7F0000 \Windows\System32\cfgmgr32.dll
    0xFD7D0000 \Windows\System32\devobj.dll
    0xFD660000 \Windows\System32\crypt32.dll
    0xFD5C0000 \Windows\System32\comctl32.dll
    0xFD5B0000 \Windows\System32\msasn1.dll
    0x75360000 \Windows\SysWOW64\normaliz.dll

    Processes (total 97):
    0 System Idle Process
    4 System
    572 C:\Windows\System32\smss.exe
    888 csrss.exe
    956 C:\Windows\System32\wininit.exe
    972 csrss.exe
    140 C:\Windows\System32\winlogon.exe
    596 C:\Windows\System32\services.exe
    648 C:\Windows\System32\lsass.exe
    672 C:\Windows\System32\lsm.exe
    908 C:\Windows\System32\svchost.exe
    1060 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    1216 C:\Windows\System32\svchost.exe
    1280 C:\Windows\System32\atiesrxx.exe
    1360 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\svchost.exe
    1472 C:\Windows\System32\svchost.exe
    1580 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1616 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\atieclxx.exe
    1748 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\spoolsv.exe
    1668 C:\Windows\System32\taskhost.exe
    1700 C:\Windows\System32\dwm.exe
    2004 C:\Windows\System32\svchost.exe
    1496 C:\Windows\explorer.exe
    2224 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    2308 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    2568 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2576 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2652 C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
    2660 C:\Program Files (x86)\ClipMate7\ClipMate.exe
    2668 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2708 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    2716 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    2780 C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
    2832 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2108 C:\Windows\SysWOW64\svchost.exe
    2564 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    2788 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    2680 C:\Windows\System32\mfevtps.exe
    2984 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2764 C:\Windows\SysWOW64\java.exe
    2140 C:\Windows\System32\svchost.exe
    2348 C:\Windows\System32\conhost.exe
    3128 C:\Windows\System32\svchost.exe
    3188 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    3280 C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    3320 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3568 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    3648 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    3656 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3680 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3704 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    3720 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3736 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3744 C:\Program Files\McAfee.com\Agent\mcagent.exe
    3852 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3480 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4408 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    4444 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    4484 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    4528 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    4572 C:\Windows\System32\svchost.exe
    4668 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    4832 C:\Windows\System32\FXSSVC.exe
    5012 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    5084 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    4324 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    4456 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    4960 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    5248 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    5380 C:\Program Files\iPod\bin\iPodService.exe
    5500 C:\Windows\System32\SearchIndexer.exe
    5840 C:\Windows\System32\svchost.exe
    6008 C:\Windows\System32\svchost.exe
    6028 WUDFHost.exe
    6208 C:\Windows\System32\svchost.exe
    7092 C:\Windows\System32\svchost.exe
    6744 dllhost.exe
    2584 C:\Program Files\Common Files\McAfee\Core\mchost.exe
    5456 C:\Program Files\Common Files\McAfee\Core\mchost.exe
    324 C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe
    1628 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    7444 C:\Windows\System32\audiodg.exe
    7324 WmiPrvSE.exe
    2360 C:\Windows\System32\SearchProtocolHost.exe
    7912 C:\Windows\System32\SearchFilterHost.exe
    7756 C:\Windows\System32\msiexec.exe
    7652 C:\Windows\SysWOW64\msiexec.exe
    1920 C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    7952 C:\Users\Bobby\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe
    3688 dllhost.exe
    4988 dllhost.exe
    8184 C:\Users\Bobby\Desktop\MBRCheck.exe
    7376 C:\Windows\System32\conhost.exe
    8048 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000003`86166000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x0000005b`543e9000 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number:
    PhysicalDrive1 Model Number: ST3500418AS, Rev: CC38

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966
    465 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 98DFD9F1A89F78E429B3B2BDD871ADDDE473BA50


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
    =====================================================

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/26/2010 at 05:23 PM

    Application Version : 4.46.1000

    Core Rules Database Version : 5918
    Trace Rules Database Version: 3730

    Scan type : Complete Scan
    Total Scan Time : 01:00:51

    Memory items scanned : 405
    Memory threats detected : 0
    Registry items scanned : 16453
    Registry threats detected : 0
    File items scanned : 177598
    File threats detected : 0
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    We have some MBR problem, which needs to be addressed.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  5. keel5

    keel5 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: ASUSTeK Computer INC.
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: System manufacturer
    System Product Name: System Product Name
    Logical Drives Mask: 0x000004fc

    Kernel Drivers (total 243):
    0x0304A000 \SystemRoot\system32\ntoskrnl.exe
    0x03001000 \SystemRoot\system32\hal.dll
    0x00BAD000 \SystemRoot\system32\kdcom.dll
    0x00CA6000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CEA000 \SystemRoot\system32\PSHED.dll
    0x00CFE000 \SystemRoot\system32\CLFS.SYS
    0x00E30000 \SystemRoot\system32\CI.dll
    0x00EF0000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F94000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00FA3000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00E09000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00D5C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E13000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00D8F000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E20000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00DA4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00DB0000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E29000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x00C5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00C6C000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0102D000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x01149000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01152000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x0117C000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01187000 \SystemRoot\system32\drivers\fltmgr.sys
    0x011D3000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0120C000 \SystemRoot\system32\drivers\mfehidk.sys
    0x0128B000 \SystemRoot\System32\Drivers\DRVECDB.SYS
    0x012A8000 \SystemRoot\System32\Drivers\PxHlpa64.sys
    0x01437000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x012B4000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015DA000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01312000 \SystemRoot\System32\Drivers\cng.sys
    0x01400000 \SystemRoot\System32\drivers\pcw.sys
    0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016FA000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x018D8000 \SystemRoot\system32\DRIVERS\timntr.sys
    0x01800000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01A53000 \SystemRoot\system32\DRIVERS\tdrpm251.sys
    0x01BB9000 \SystemRoot\System32\Drivers\spldr.sys
    0x01BC1000 \SystemRoot\system32\DRIVERS\snapman.sys
    0x01A00000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01A3A000 \SystemRoot\System32\Drivers\mup.sys
    0x0184C000 \SystemRoot\system32\drivers\McPvDrv.sys
    0x01864000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0186D000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x018A7000 \SystemRoot\system32\DRIVERS\disk.sys
    0x019BD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x02F6B000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x02F98000 \SystemRoot\System32\Drivers\Null.SYS
    0x02FA1000 \SystemRoot\System32\Drivers\Beep.SYS
    0x02FA8000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
    0x02FB0000 \SystemRoot\System32\drivers\vga.sys
    0x02FBE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02FE3000 \SystemRoot\System32\drivers\watchdog.sys
    0x02FF3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02E00000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02E09000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02E12000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02E1D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x03E03000 \SystemRoot\System32\drivers\tcpip.sys
    0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01385000 \SystemRoot\system32\drivers\mfewfpk.sys
    0x02E2E000 \SystemRoot\system32\drivers\TDI.SYS
    0x016D5000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04423000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x04468000 \SystemRoot\system32\drivers\afd.sys
    0x044F2000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x044FB000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04521000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x04537000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
    0x04548000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x04557000 \SystemRoot\system32\DRIVERS\serial.sys
    0x04574000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x0458F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x045A3000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x045AD000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x0464B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x0469C000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x046A8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x046B3000 \SystemRoot\System32\drivers\discache.sys
    0x046C2000 \SystemRoot\System32\Drivers\dfsc.sys
    0x046E0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x046F1000 \SystemRoot\SysWow64\drivers\AsIO.sys
    0x046F7000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x0471D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04733000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04C16000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x0542C000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x05520000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x05556000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0559C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x055C0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x05384000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0580F000 \SystemRoot\system32\drivers\ctaud2k.sys
    0x058B8000 \SystemRoot\system32\drivers\portcls.sys
    0x058F5000 \SystemRoot\system32\drivers\drmk.sys
    0x05917000 \SystemRoot\system32\drivers\ks.sys
    0x0595A000 \SystemRoot\system32\drivers\ctoss2k.sys
    0x0598B000 \SystemRoot\system32\drivers\ctprxy2k.sys
    0x05993000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05999000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x0A832000 \SystemRoot\system32\DRIVERS\netr28x.sys
    0x0A8E8000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x0A8F5000 \SystemRoot\system32\DRIVERS\CAXHWBS2.sys
    0x0AE80000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
    0x0ACDA000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
    0x0ADA5000 \SystemRoot\system32\drivers\modem.sys
    0x0ADB4000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x0ADF2000 \SystemRoot\system32\DRIVERS\ASACPI.sys
    0x0AC00000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x0AC0C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x0AC2A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0AC3C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x0AC4C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x0AC55000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x0AC65000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x0AC6D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0AC83000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0ACA7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0AE00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0ACB3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0AE2F000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0AE50000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0ACCE000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x0AE6A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0ACD6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0A965000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x0A977000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x06A47000 \SystemRoot\system32\drivers\ha20x22k.sys
    0x06BD4000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0x0477A000 \SystemRoot\system32\drivers\emupia2k.sys
    0x06A00000 \SystemRoot\system32\drivers\ctsfm2k.sys
    0x06BE1000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0A9D1000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x0A800000 \SystemRoot\System32\drivers\CTHWIUT.SYS
    0x04600000 \SystemRoot\System32\drivers\CT20XUT.SYS
    0x06E3C000 \SystemRoot\System32\drivers\CTEXFIFX.SYS
    0x06FA0000 \SystemRoot\system32\drivers\mfeavfk.sys
    0x070A1000 \SystemRoot\system32\drivers\mfefirek.sys
    0x0710B000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x07128000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x07145000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x07147000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x07155000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x0716E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x07177000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    0x0718A000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x07197000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x071AB000 \SystemRoot\System32\drivers\Dxapi.sys
    0x071B7000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x02E3B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x071C5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x071D8000 \SystemRoot\system32\DRIVERS\HidBatt.sys
    0x071E3000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x071F4000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x07000000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x07010000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x07038000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x07053000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x0705D000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00450000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x0706B000 \SystemRoot\system32\drivers\luafv.sys
    0x0708E000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
    0x06FCD000 \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
    0x06FE4000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
    0x0709C000 \SystemRoot\System32\DLA\DLADResE.SYS
    0x06E00000 \SystemRoot\System32\DLA\DLAIFS_E.SYS
    0x06E21000 \SystemRoot\System32\DLA\DLAOPIOE.SYS
    0x0709D000 \SystemRoot\System32\DLA\DLAPoolE.SYS
    0x055D1000 \SystemRoot\system32\drivers\WudfPf.sys
    0x06E28000 \SystemRoot\System32\DLA\DLABMFSE.SYS
    0x06E32000 \SystemRoot\System32\DLA\DLABOIOE.SYS
    0x05400000 \SystemRoot\System32\DLA\DLAUDFAE.SYS
    0x053DA000 \SystemRoot\System32\DLA\DLAUDF_E.SYS
    0x0A81C000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x048CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0491F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x04932000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x0493E000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x0494A000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x04800000 \SystemRoot\system32\drivers\HTTP.sys
    0x04962000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x04980000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x04998000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x076EB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x07739000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0775C000 \SystemRoot\system32\DRIVERS\idmwfp.sys
    0x07780000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x07600000 \SystemRoot\system32\drivers\peauth.sys
    0x076A6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x076B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x07785000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x07797000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x0C897000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0C92D000 \SystemRoot\system32\drivers\cfwids.sys
    0x0C93B000 \SystemRoot\system32\drivers\mfeapfk.sys
    0x0C957000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x76F30000 \Windows\System32\ntdll.dll
    0x47C20000 \Windows\System32\smss.exe
    0xFF250000 \Windows\System32\apisetschema.dll
    0xFF2C0000 \Windows\System32\autochk.exe
    0xFF160000 \Windows\System32\oleaut32.dll
    0x77100000 \Windows\System32\normaliz.dll
    0xFEFE0000 \Windows\System32\urlmon.dll
    0xFEFC0000 \Windows\System32\imagehlp.dll
    0xFEDB0000 \Windows\System32\ole32.dll
    0xFECD0000 \Windows\System32\advapi32.dll
    0xFEBA0000 \Windows\System32\wininet.dll
    0xFEB30000 \Windows\System32\gdi32.dll
    0xFEB20000 \Windows\System32\nsi.dll
    0xFEA80000 \Windows\System32\comdlg32.dll
    0xFEA30000 \Windows\System32\Wldap32.dll
    0x76E30000 \Windows\System32\user32.dll
    0x76D10000 \Windows\System32\kernel32.dll
    0xFE960000 \Windows\System32\usp10.dll
    0xFE950000 \Windows\System32\lpk.dll
    0xFE6F0000 \Windows\System32\iertutil.dll
    0xFE6A0000 \Windows\System32\ws2_32.dll
    0xFD910000 \Windows\System32\shell32.dll
    0xFD870000 \Windows\System32\msvcrt.dll
    0xFD740000 \Windows\System32\rpcrt4.dll
    0xFD6A0000 \Windows\System32\clbcatq.dll
    0xFD670000 \Windows\System32\imm32.dll
    0xFD650000 \Windows\System32\sechost.dll
    0xFD470000 \Windows\System32\setupapi.dll
    0xFD360000 \Windows\System32\msctf.dll
    0xFD2E0000 \Windows\System32\difxapi.dll
    0x770F0000 \Windows\System32\psapi.dll
    0xFD260000 \Windows\System32\shlwapi.dll
    0xFD1C0000 \Windows\System32\comctl32.dll
    0xFD180000 \Windows\System32\wintrust.dll
    0xFD110000 \Windows\System32\KernelBase.dll
    0xFD0F0000 \Windows\System32\devobj.dll
    0xFCF80000 \Windows\System32\crypt32.dll
    0xFCF40000 \Windows\System32\cfgmgr32.dll
    0xFCF30000 \Windows\System32\msasn1.dll

    Processes (total 96):
    0 System Idle Process
    4 System
    572 C:\Windows\System32\smss.exe
    884 csrss.exe
    1004 C:\Windows\System32\wininit.exe
    152 csrss.exe
    556 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    680 C:\Windows\System32\winlogon.exe
    148 C:\Windows\System32\svchost.exe
    1040 C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    1196 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\atiesrxx.exe
    1324 C:\Windows\System32\svchost.exe
    1360 C:\Windows\System32\svchost.exe
    1400 C:\Windows\System32\svchost.exe
    1472 C:\Windows\System32\audiodg.exe
    1504 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    1552 C:\Windows\System32\svchost.exe
    1640 C:\Windows\System32\atieclxx.exe
    1720 C:\Windows\System32\svchost.exe
    1880 C:\Windows\System32\spoolsv.exe
    1920 C:\Windows\System32\svchost.exe
    2028 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1276 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    1952 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    1528 C:\Windows\System32\taskhost.exe
    2140 C:\Windows\System32\taskeng.exe
    2168 C:\Windows\System32\dwm.exe
    2224 C:\Windows\explorer.exe
    2312 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2432 C:\Windows\System32\taskeng.exe
    2508 C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    2580 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2652 C:\Windows\SysWOW64\svchost.exe
    2700 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    2768 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    2820 C:\Windows\System32\mfevtps.exe
    2852 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2884 C:\Windows\SysWOW64\java.exe
    2908 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2916 C:\Windows\System32\conhost.exe
    2952 C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
    2976 C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
    2984 C:\Windows\System32\svchost.exe
    3024 C:\Program Files (x86)\ClipMate7\ClipMate.exe
    3052 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2192 C:\Windows\System32\svchost.exe
    2112 C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    2368 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    3148 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3208 C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    3232 C:\Program Files\Logitech\SetPoint\SetPoint.exe
    3360 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3388 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3404 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3424 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    3460 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    3488 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3508 C:\Program Files\McAfee.com\Agent\mcagent.exe
    4012 C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    4048 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    3740 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4448 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    4484 C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
    4512 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    4536 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    4580 C:\Windows\System32\svchost.exe
    4660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    4748 C:\Windows\System32\FXSSVC.exe
    4800 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    4888 WmiPrvSE.exe
    4916 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    2868 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    3924 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    4264 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    5324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    5844 C:\Program Files\iPod\bin\iPodService.exe
    5916 C:\Windows\System32\SearchIndexer.exe
    6020 C:\Windows\System32\msiexec.exe
    6120 C:\Windows\System32\svchost.exe
    3992 C:\Windows\System32\svchost.exe
    3768 C:\Windows\System32\taskhost.exe
    5064 C:\Windows\System32\svchost.exe
    6420 WUDFHost.exe
    6472 C:\Windows\System32\SearchProtocolHost.exe
    6492 C:\Windows\System32\SearchFilterHost.exe
    6880 C:\Windows\System32\svchost.exe
    6004 dllhost.exe
    5708 C:\Windows\SysWOW64\msiexec.exe
    4004 C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    6268 C:\Users\Bobby\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe
    6780 C:\Users\Bobby\Desktop\MBRCheck.exe
    7032 C:\Windows\System32\conhost.exe
    3368 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\F: --> \\.\PhysicalDrive1 at offset 0x00000003`86166000 (NTFS)
    \\.\G: --> \\.\PhysicalDrive1 at offset 0x0000005b`543e9000 (NTFS)
    \\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number:
    PhysicalDrive1 Model Number: ST3500418AS, Rev: CC38

    Size Device Name MBR Status
    --------------------------------------------
    931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    465 GB \\.\PhysicalDrive1 Unknown MBR code
    SHA1: 98DFD9F1A89F78E429B3B2BDD871ADDDE473BA50


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good job :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. keel5

    keel5 TS Rookie Topic Starter

    I have had much time on the computer since the last post. IE8 does seem to be working much better now. I still get pop-ups even with Google Pop-up blocker running. It always worked before. Here are the two logs, I ran them yesterday.

    OTL logfile created on: 11/27/2010 9:49:39 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bobby\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
    16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 530.37 Gb Free Space | 56.94% Space Free | Partition Type: NTFS
    Drive D: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 351.22 Gb Total Space | 101.34 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
    Drive G: | 100.44 Gb Total Space | 91.62 Gb Free Space | 91.22% Space Free | Partition Type: NTFS
    Drive H: | 14.08 Gb Total Space | 6.63 Gb Free Space | 47.10% Space Free | Partition Type: FAT32

    Computer Name: DESKTOP | User Name: Bobby | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/27 09:47:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
    PRC - [2010/11/11 16:46:42 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/14 09:09:02 | 002,806,000 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2010/03/30 14:12:56 | 000,249,856 | R--- | M] (Teleca Sweden AB) -- C:\Program Files (x86)\HTC\HTC Sync\Sync Manager\SyncIndicator.exe
    PRC - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2010/02/01 15:59:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
    PRC - [2010/01/30 08:04:14 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/07/20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/04/01 23:27:27 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2009/03/19 10:12:38 | 000,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe
    PRC - [2009/01/31 10:00:40 | 003,760,424 | ---- | M] (Thornsoft Development, Inc.) -- C:\Program Files (x86)\ClipMate7\ClipMate.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
    PRC - [2008/10/02 11:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/27 09:47:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV:64bit: - [2010/10/13 22:28:54 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2010/08/04 00:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/06/29 12:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2009/07/20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/10/14 09:09:02 | 002,806,000 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2010/01/14 16:24:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/01/14 16:20:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2010/01/14 15:56:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/01/07 21:41:31 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/10/19 12:11:50 | 000,828,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2009/04/01 23:27:27 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
    SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
    SRV - [2008/06/24 19:57:28 | 000,605,464 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\tandpl.sys -- (tandpl)
    DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\enodpl.sys -- (enodpl)
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\EIO64.sys -- (EIO64)
    DRV:64bit: - [2010/11/17 13:07:00 | 000,137,256 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/08/04 01:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010/08/04 01:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/08/04 00:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/07/07 13:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
    DRV:64bit: - [2010/07/07 13:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
    DRV:64bit: - [2010/07/07 13:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
    DRV:64bit: - [2010/07/07 13:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV:64bit: - [2010/07/07 13:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV:64bit: - [2010/07/07 13:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
    DRV:64bit: - [2010/07/07 13:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV:64bit: - [2010/07/07 13:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
    DRV:64bit: - [2010/07/07 13:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
    DRV:64bit: - [2010/07/07 13:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
    DRV:64bit: - [2010/07/07 13:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
    DRV:64bit: - [2010/07/07 13:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
    DRV:64bit: - [2010/07/07 13:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
    DRV:64bit: - [2010/07/07 13:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
    DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/01/10 17:26:13 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
    DRV:64bit: - [2010/01/10 17:26:12 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
    DRV:64bit: - [2010/01/10 17:26:09 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
    DRV:64bit: - [2010/01/10 17:13:42 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
    DRV:64bit: - [2010/01/07 21:39:28 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/11/17 11:15:34 | 000,072,296 | ---- | M] (McAfee) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
    DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
    DRV:64bit: - [2009/11/04 16:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
    DRV:64bit: - [2009/10/26 15:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/09/30 09:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/17 19:04:18 | 001,250,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/06/30 05:05:16 | 001,486,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2009/06/30 05:01:40 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2009/06/30 04:59:54 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/17 11:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2009/06/17 11:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 08:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/12/12 18:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2008/12/12 18:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2008/05/20 17:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2007/02/06 13:30:06 | 000,227,328 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcwPP2.sys -- (hcwPP2)
    DRV:64bit: - [2006/08/08 09:18:52 | 000,010,360 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLADResE.SYS -- (DLADResE)
    DRV:64bit: - [2006/08/08 09:18:42 | 000,136,952 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS -- (DLAUDFAE)
    DRV:64bit: - [2006/08/08 09:18:42 | 000,044,152 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABMFSE.SYS -- (DLABMFSE)
    DRV:64bit: - [2006/08/08 09:18:40 | 000,143,096 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS -- (DLAUDF_E)
    DRV:64bit: - [2006/08/08 09:18:38 | 000,033,656 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS -- (DLAOPIOE)
    DRV:64bit: - [2006/08/08 09:18:36 | 000,041,976 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLABOIOE.SYS -- (DLABOIOE)
    DRV:64bit: - [2006/08/08 09:18:36 | 000,018,040 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAPoolE.SYS -- (DLAPoolE)
    DRV:64bit: - [2006/08/08 09:18:34 | 000,141,432 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS -- (DLAIFS_E)
    DRV:64bit: - [2006/08/01 20:06:26 | 000,039,288 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
    DRV:64bit: - [2006/08/01 20:06:26 | 000,015,992 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
    DRV:64bit: - [2006/08/01 19:46:36 | 000,063,608 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
    DRV:64bit: - [2006/07/21 11:21:28 | 000,122,776 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
    DRV:64bit: - [2006/06/19 06:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2010/09/19 07:57:36 | 000,084,752 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
    DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\tandpl.sys -- (tandpl)
    DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\enodpl.sys -- (enodpl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aolnews.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/25 04:48:45 | 000,000,000 | ---D | M]

    [2010/03/13 07:22:11 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Mozilla\Extensions
    [2010/03/13 07:22:11 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101122065509.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101122065509.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
    O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
    O4:64bit: - HKLM..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe (McAfee)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKCU..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8:64bit: - Extra context menu item: eBay Search - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: eBay Search - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab (SysInfo Class)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{605e086b-b6e1-11df-ae49-002618fe6f85}\Shell - "" = AutoRun
    O33 - MountPoints2\{605e086b-b6e1-11df-ae49-002618fe6f85}\Shell\AutoRun\command - "" = J:\TL-Bootstrap.exe -- File not found
    O33 - MountPoints2\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: wave1 - serwvdrv.dll (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivXNetworks)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivXNetworks)
    Drivers32: wave1 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/27 09:47:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
    [2010/11/26 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\NTBR_CD
    [2010/11/26 16:14:54 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/26 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/26 16:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/26 16:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/26 16:05:09 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bobby\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\logs
    [2010/11/26 12:09:48 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\gmer
    [2010/11/26 12:09:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\TFC.exe
    [2010/11/25 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2010/11/25 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Documents\Anti-Malware
    [2010/11/25 19:59:26 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
    [2010/11/25 19:59:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/25 19:59:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/25 19:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/25 19:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/22 06:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2010/11/22 06:55:08 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
    [2010/11/22 06:54:54 | 000,283,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2010/11/22 06:54:53 | 000,441,328 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2010/11/22 06:54:53 | 000,190,136 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2010/11/22 06:54:53 | 000,094,864 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2010/11/22 06:54:53 | 000,075,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
    [2010/11/22 06:54:53 | 000,062,800 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2010/11/22 06:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2010/11/22 06:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2010/11/22 06:52:45 | 000,149,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2010/11/22 06:26:06 | 000,000,000 | ---D | C] -- C:\_AcroTemp
    [2010/11/17 15:23:37 | 000,137,256 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
    [2010/11/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/12 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Diagnostics
    [2010/11/09 01:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
    [2010/11/06 07:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2010/11/06 07:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010/11/05 18:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\InstallShield Installation Information
    [2010/11/04 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Windows Live
    [2010/11/02 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\IsolatedStorage
    [2010/11/02 16:56:05 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Bling Software
    [2010/11/02 16:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Podmaxx09
    [2010/11/02 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
    [2010/07/07 11:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
     
  8. keel5

    keel5 TS Rookie Topic Starter

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/27 09:47:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
    [2010/11/26 17:50:16 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\NTBR_CD
    [2010/11/26 16:14:54 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/26 16:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/26 16:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/26 16:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/26 16:05:09 | 009,852,776 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bobby\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\logs
    [2010/11/26 12:09:48 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Desktop\gmer
    [2010/11/26 12:09:06 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Bobby\Desktop\TFC.exe
    [2010/11/25 21:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2010/11/25 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\Bobby\Documents\Anti-Malware
    [2010/11/25 19:59:26 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Malwarebytes
    [2010/11/25 19:59:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/25 19:59:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/25 19:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/25 19:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/22 06:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2010/11/22 06:55:08 | 000,009,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
    [2010/11/22 06:54:54 | 000,283,360 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2010/11/22 06:54:53 | 000,441,328 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2010/11/22 06:54:53 | 000,190,136 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2010/11/22 06:54:53 | 000,094,864 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2010/11/22 06:54:53 | 000,075,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
    [2010/11/22 06:54:53 | 000,062,800 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2010/11/22 06:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2010/11/22 06:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2010/11/22 06:52:45 | 000,149,032 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2010/11/22 06:26:06 | 000,000,000 | ---D | C] -- C:\_AcroTemp
    [2010/11/17 15:23:37 | 000,137,256 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
    [2010/11/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/16 16:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/12 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Diagnostics
    [2010/11/09 01:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
    [2010/11/06 07:11:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2010/11/06 07:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2010/11/05 18:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\InstallShield Installation Information
    [2010/11/04 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\Windows Live
    [2010/11/02 16:57:13 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Local\IsolatedStorage
    [2010/11/02 16:56:05 | 000,000,000 | ---D | C] -- C:\Users\Bobby\AppData\Roaming\Bling Software
    [2010/11/02 16:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Podmaxx09
    [2010/11/02 16:55:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
    [2010/07/07 11:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/27 09:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/27 09:47:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
    [2010/11/27 09:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1883524782-1493650506-1266417903-1000UA.job
    [2010/11/27 04:56:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/27 04:42:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1883524782-1493650506-1266417903-1000Core.job
    [2010/11/26 18:09:11 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/26 18:09:11 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/26 18:06:29 | 000,809,480 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/26 18:06:29 | 000,682,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/26 18:06:29 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/26 18:01:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/26 18:01:07 | 2140,418,047 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/26 17:53:55 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
    [2010/11/26 17:53:55 | 000,063,336 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
    [2010/11/26 17:53:55 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
    [2010/11/26 17:48:08 | 002,565,432 | ---- | M] () -- C:\Users\Bobby\Desktop\NTBR_CD.exe
    [2010/11/26 16:14:51 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/26 16:07:58 | 000,080,384 | ---- | M] () -- C:\Users\Bobby\Desktop\MBRCheck.exe
    [2010/11/26 16:05:09 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bobby\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 16:00:11 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
    [2010/11/26 12:11:59 | 000,625,272 | ---- | M] () -- C:\Users\Bobby\Desktop\dds.scr
    [2010/11/26 12:09:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\TFC.exe
    [2010/11/26 05:45:57 | 034,012,895 | ---- | M] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-26_0545.ZIP
    [2010/11/25 21:12:02 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2010/11/25 19:59:21 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/25 11:02:11 | 000,008,624 | ---- | M] () -- C:\Users\Bobby\Desktop\Resume2.rsm
    [2010/11/23 13:07:53 | 000,644,528 | ---- | M] () -- C:\Users\Bobby\AppData\Local\rx_image.Cache
    [2010/11/23 13:07:53 | 000,411,060 | ---- | M] () -- C:\Users\Bobby\AppData\Local\rx_audio.Cache
    [2010/11/17 13:07:00 | 000,137,256 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys
    [2010/11/16 16:40:10 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/06 07:11:36 | 001,233,614 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2010/11/06 03:42:30 | 000,002,400 | ---- | M] () -- C:\Users\Bobby\Desktop\Google Chrome.lnk
    [2010/11/05 20:11:42 | 033,943,711 | ---- | M] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-05_2111.ZIP
    [2010/11/05 17:21:46 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2010/11/04 21:14:40 | 033,943,711 | ---- | M] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-04_2214.ZIP
    [2010/11/01 12:38:38 | 033,943,713 | ---- | M] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-01_1338.ZIP

    ========== Files Created - No Company Name ==========

    [2010/11/26 17:48:05 | 002,565,432 | ---- | C] () -- C:\Users\Bobby\Desktop\NTBR_CD.exe
    [2010/11/26 16:14:51 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/26 15:59:00 | 000,080,384 | ---- | C] () -- C:\Users\Bobby\Desktop\MBRCheck.exe
    [2010/11/26 12:11:59 | 000,625,272 | ---- | C] () -- C:\Users\Bobby\Desktop\dds.scr
    [2010/11/26 05:45:47 | 034,012,895 | ---- | C] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-26_0545.ZIP
    [2010/11/25 21:12:02 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2010/11/25 19:59:21 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/23 16:22:56 | 000,008,624 | ---- | C] () -- C:\Users\Bobby\Desktop\Resume2.rsm
    [2010/11/22 06:43:59 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\vtscheduletask.job
    [2010/11/16 16:40:10 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2010/11/06 07:11:23 | 001,233,614 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2010/11/05 20:11:34 | 033,943,711 | ---- | C] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-05_2111.ZIP
    [2010/11/05 17:18:59 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2010/11/04 21:14:31 | 033,943,711 | ---- | C] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-04_2214.ZIP
    [2010/11/01 12:38:30 | 033,943,713 | ---- | C] () -- C:\Users\Bobby\Documents\ClipMate7_DB_My Clips_2010-11-01_1338.ZIP
    [2010/10/14 18:02:10 | 000,000,080 | RHS- | C] () -- C:\Windows\SysWow64\5984AA01EE.dll
    [2010/09/04 14:30:49 | 000,000,005 | ---- | C] () -- C:\ProgramData\DragToDiscUserNameD.txt
    [2010/07/22 21:01:48 | 000,000,286 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\wklnhst.dat
    [2010/07/17 03:42:37 | 000,644,528 | ---- | C] () -- C:\Users\Bobby\AppData\Local\rx_image.Cache
    [2010/07/17 03:42:36 | 000,411,060 | ---- | C] () -- C:\Users\Bobby\AppData\Local\rx_audio.Cache
    [2010/07/07 12:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
    [2010/07/07 11:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
    [2010/01/17 08:28:13 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2010/01/17 08:28:13 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2010/01/14 15:56:03 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/01/14 15:56:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/01/10 20:30:05 | 000,033,134 | ---- | C] () -- C:\Users\Bobby\AppData\Roaming\UserTile.png
    [2010/01/10 17:59:20 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
    [2010/01/10 17:59:20 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
    [2010/01/10 12:44:07 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\HCWxds.dll
    [2010/01/09 11:31:07 | 000,007,596 | ---- | C] () -- C:\Users\Bobby\AppData\Local\Resmon.ResmonCfg
    [2010/01/08 22:06:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
    [2010/01/07 20:41:03 | 000,056,056 | ---- | C] () -- C:\Windows\SysWow64\DLAAPI_W.DLL
    [2010/01/07 20:41:03 | 000,000,132 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/01/07 20:33:50 | 000,747,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/01/06 19:56:49 | 000,002,326 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/01/06 18:08:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/01/06 16:24:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2010/01/06 16:24:39 | 000,022,227 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2009/07/14 01:14:16 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/05/26 12:12:38 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
    [2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2008/08/26 14:26:24 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\pt243F.DLL
    [2006/08/15 14:54:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini
    [2005/07/15 13:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
    [2005/07/15 13:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll
    [2005/07/15 13:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll

    ========== LOP Check ==========

    [2010/01/10 15:22:49 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\acccore
    [2010/08/01 08:57:22 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Blackberry Desktop
    [2010/11/02 16:56:05 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Bling Software
    [2010/11/22 06:01:49 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\DMCache
    [2010/01/08 22:18:22 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\eBay
    [2010/01/28 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\FileOpen
    [2010/11/18 15:14:51 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\IDM
    [2010/01/16 14:27:51 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\ieSpell
    [2010/10/14 18:03:42 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Individual Software
    [2010/02/06 13:17:45 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\iolo
    [2010/01/06 20:28:50 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Laplink
    [2010/01/10 14:13:03 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Leadertech
    [2010/10/16 13:06:31 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\LimeWire
    [2010/01/24 13:53:47 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Research In Motion
    [2010/01/16 08:34:39 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Smart Recorder
    [2010/11/18 13:47:46 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\SolSuite
    [2010/08/04 16:17:25 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Teleca
    [2010/07/22 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Template
    [2010/01/08 21:28:54 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\Thornsoft Development
    [2010/07/10 13:08:55 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
    [2010/11/21 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\TuneUpMedia
    [2010/10/23 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\Bobby\AppData\Roaming\WinWay
    [2010/11/09 17:38:29 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/26 16:00:11 | 000,000,414 | ---- | M] () -- C:\Windows\Tasks\vtscheduletask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/01/10 12:58:14 | 000,000,102 | ---- | M] () -- C:\hcwclear.txt
    [2010/11/26 18:01:07 | 2140,418,047 | -HS- | M] () -- C:\hiberfil.sys
    [2010/01/10 15:22:03 | 000,000,348 | -H-- | M] () -- C:\IPH.PH
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/26 18:01:11 | 4285,550,591 | -HS- | M] () -- C:\pagefile.sys
    [2010/01/10 17:11:05 | 000,029,512 | ---- | M] () -- C:\WindowsSerifastd-black.otf
    [2010/01/10 17:11:05 | 000,027,772 | ---- | M] () -- C:\WindowsSerifastd-bold.otf
    [2010/01/10 17:11:05 | 000,028,252 | ---- | M] () -- C:\WindowsSerifastd-italic.otf
    [2010/01/10 17:11:05 | 000,027,440 | ---- | M] () -- C:\WindowsSerifastd-light.otf
    [2010/01/10 17:11:05 | 000,028,260 | ---- | M] () -- C:\WindowsSerifastd-lightitalic.otf
    [2010/01/10 17:11:05 | 000,027,452 | ---- | M] () -- C:\WindowsSerifastd-roman.otf
    [2010/01/31 14:24:13 | 000,000,030 | ---- | M] () -- C:\wizard.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/01/06 16:51:17 | 000,000,221 | -HS- | M] () -- C:\Users\Bobby\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/26 16:07:58 | 000,080,384 | ---- | M] () -- C:\Users\Bobby\Desktop\MBRCheck.exe
    [2010/11/26 17:48:08 | 002,565,432 | ---- | M] () -- C:\Users\Bobby\Desktop\NTBR_CD.exe
    [2010/11/27 09:47:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\OTL.exe
    [2010/11/26 16:05:09 | 009,852,776 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bobby\Desktop\SUPERAntiSpyware.exe
    [2010/11/26 12:09:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Bobby\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/01/06 18:45:34 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/01/06 18:45:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/01/06 18:39:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/01/06 18:39:33 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/02 18:55:48 | 000,000,402 | -HS- | M] () -- C:\Users\Bobby\Favorites\desktop.ini
    [2010/11/16 17:38:50 | 000,001,914 | ---- | M] () -- C:\Users\Bobby\Favorites\eBay

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/09/04 14:32:32 | 000,000,005 | ---- | M] () -- C:\ProgramData\DragToDiscUserNameD.txt
    [2010/02/25 04:49:02 | 000,002,326 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:40F038C5
    @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B0D4D817
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >


    =================================================================
     
  9. keel5

    keel5 TS Rookie Topic Starter

    My last two posts needed to be approved. They where very long logs and needed to be broken up into a few posts.

    I think I posted the logs in a mixed up order so when they show up I will delete them and try again.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I still need Extras.txt log.
     
  11. keel5

    keel5 TS Rookie Topic Starter

    OTL Extras logfile created on: 11/27/2010 9:49:39 AM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bobby\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 72.00% Memory free
    16.00 Gb Paging File | 13.00 Gb Available in Paging File | 84.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 530.37 Gb Free Space | 56.94% Space Free | Partition Type: NTFS
    Drive D: | 4.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 351.22 Gb Total Space | 101.34 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
    Drive G: | 100.44 Gb Total Space | 91.62 Gb Free Space | 91.22% Space Free | Partition Type: NTFS
    Drive H: | 14.08 Gb Total Space | 6.63 Gb Free Space | 47.10% Space Free | Partition Type: FAT32

    Computer Name: DESKTOP | User Name: Bobby | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
    "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
    "{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{624880EA-7610-47B6-B4A6-40DD83DB1AB4}" = McAfee Anti-Theft
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
    "{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400
    "{8DA5428C-3D35-317C-2FBA-485AAC49E9C0}" = ccc-utility64
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CCC50A42-892B-AF23-6188-6E8D2FDF34E3}" = ATI Catalyst Install Manager
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Linksys Wireless Manager" = Linksys Wireless Manager
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{0BDE949A-3CF5-3852-B4F7-92EAE4F25F73}" = CCC Help English
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1" = ClipMate 7
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{45350494-82B7-3E53-85B7-79A1AD9AE080}" = Catalyst Control Center Graphics Light
    "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{525E7F71-67C1-806E-69D0-892CC3CE2F8E}" = Catalyst Control Center Graphics Full Existing
    "{537306C2-CDAC-F606-5D46-D5727F58FAD3}" = Catalyst Control Center Graphics Previews Vista
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
    "{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
    "{625304B0-2976-473B-AD81-5CA376093F03}" = Xingtone Ringtone Maker
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
    "{787F2DC2-1699-44FA-A72F-9107166AF9CC}" = Roxio Content 9
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84DDA651-FA15-4DF2-8AE8-E98FA329B1CD}" = System Requirements Lab for Intel
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
    "{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
    "{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
    "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{88DDBE5E-8AC0-F463-AC50-E56FAA2E3CEB}" = Catalyst Control Center Graphics Previews Common
    "{897B3B21-8691-26F5-97E8-A9955C20BB20}" = Catalyst Control Center HydraVision Full
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{970704F5-579F-4430-A6A8-B562561B4D3D}" = WinWay Resume Deluxe
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A842C34B-2083-6947-BC0E-5654BDBADCDA}" = Catalyst Control Center Graphics Full New
    "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AC76BA86-1033-F400-7760-000000000004}_941" = Adobe Acrobat 9.4.1 - CPSID_83708
    "{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
    "{AFBBF30D-ADA9-4313-464E-14458B6BE034}" = PhotoshopdotcomInspirationBrowser
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}" = Catalyst Control Center InstallProxy
    "{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
    "{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB166F48-6219-2DFD-8800-191BE6F5923A}" = ccc-core-static
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = Acronis*True*Image*Home
    "{D50AD12E-4EDC-48D4-992C-A74B2FBE05B3}" = PCsync
    "{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
    "{E0B71631-6AA8-C596-A485-8480E92DD745}" = Catalyst Control Center Core Implementation
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
    "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
    "{F979ACC9-A874-457A-9BE1-7FD2085F126F}" = MapSend DirectRoute North America
    "{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
    "{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
    "3DMIDI" = Creative 3DMIDI Player
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "AIM Toolbar" = AIM Toolbar
    "AIM_7" = AIM 7
    "ALchemy" = Creative ALchemy
    "AudioCS" = Creative Audio Control Panel
    "BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
    "Console Launcher" = Creative Console Launcher
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diagnostics 4_5" = Creative Diagnostics
    "Dolby Digital Live Pack" = Dolby Digital Live Pack
    "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
    "Google Calendar Sync" = Google Calendar Sync
    "HTC_WModemDriver" = WModem Driver Installer
    "ieSpell" = ieSpell
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
    "InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
    "Internet Download Manager" = Internet Download Manager
    "LimeWire" = LimeWire 5.5.16
    "Linksys EasyLink Advisor" = Linksys EasyLink Advisor
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Virtual Technician" = McAfee Virtual Technician
    "Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MSC" = McAfee Total Protection
    "OpenAL" = OpenAL
    "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
    "PremElem70" = Adobe Premiere Elements 7.0
    "PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
    "PROR" = Microsoft Office Professional 2007
    "Security Task Manager" = Security Task Manager 1.7h
    "SFBM" = SoundFont Bank Manager
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SolSuite_is1" = SolSuite 2010 v10.7
    "SysInfo" = Creative System Information
    "TuneUpMedia" = TuneUp Companion 1.9.0
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "WaveStudio 7" = Creative WaveStudio 7
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/26/2010 6:38:50 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 6:39:41 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 7:03:04 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 7:04:00 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 7:14:53 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 7:15:43 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 7:26:36 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/26/2010 7:27:27 PM | Computer Name = DeskTop | Source = MsiInstaller | ID = 11706
    Description =

    Error - 11/27/2010 1:39:32 AM | Computer Name = DeskTop | Source = SideBySide | ID = 16842787
    Description = Activation context generation failed for "c:\program files (x86)\windows
    live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
    files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
    found in manifest does not match the identity of the component requested. Reference
    is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
    is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
    sxstrace.exe for detailed diagnosis.

    Error - 11/27/2010 1:40:45 AM | Computer Name = DeskTop | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
    9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

    [ Media Center Events ]
    Error - 1/28/2010 4:49:12 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:49:12 AM - Error connecting to the internet. 3:49:12 AM - Unable
    to contact server..

    Error - 2/2/2010 4:49:33 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:49:33 AM - Error connecting to the internet. 3:49:33 AM - Unable
    to contact server..

    Error - 2/7/2010 4:46:18 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:46:17 AM - Error connecting to the internet. 3:46:17 AM - Unable
    to contact server..

    Error - 2/12/2010 4:55:44 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:55:44 AM - Error connecting to the internet. 3:55:44 AM - Unable
    to contact server..

    Error - 2/17/2010 4:29:20 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:29:19 AM - Error connecting to the internet. 3:29:19 AM - Unable
    to contact server..

    Error - 2/22/2010 4:17:07 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:17:06 AM - Error connecting to the internet. 3:17:06 AM - Unable
    to contact server..

    Error - 3/4/2010 4:10:41 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:10:41 AM - Error connecting to the internet. 3:10:41 AM - Unable
    to contact server..

    Error - 3/4/2010 5:11:23 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 4:11:23 AM - Error connecting to the internet. 4:11:23 AM - Unable
    to contact server..

    Error - 3/4/2010 6:12:06 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 5:12:06 AM - Error connecting to the internet. 5:12:06 AM - Unable
    to contact server..

    Error - 3/9/2010 4:42:09 AM | Computer Name = DeskTop | Source = MCUpdate | ID = 0
    Description = 3:42:09 AM - Error connecting to the internet. 3:42:09 AM - Unable
    to contact server..

    [ OSession Events ]
    Error - 2/4/2010 10:20:50 PM | Computer Name = DeskTop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 470
    seconds with 180 seconds of active time. This session ended with a crash.

    Error - 11/4/2010 6:52:54 PM | Computer Name = DeskTop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/26/2010 6:25:59 PM | Computer Name = DeskTop | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 11/26/2010 6:26:07 PM | Computer Name = DeskTop | Source = DCOM | ID = 10001
    Description =

    Error - 11/26/2010 7:01:04 PM | Computer Name = DeskTop | Source = Application Popup | ID = 876
    Description = Driver DLACDBHE.SYS has been blocked from loading.

    Error - 11/26/2010 7:01:18 PM | Computer Name = DeskTop | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\drivers\enodpl.sys has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 11/26/2010 7:01:18 PM | Computer Name = DeskTop | Source = Service Control Manager | ID = 7000
    Description = The enodpl service failed to start due to the following error: %%1275

    Error - 11/26/2010 7:02:00 PM | Computer Name = DeskTop | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 9 service to connect.

    Error - 11/26/2010 7:02:01 PM | Computer Name = DeskTop | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\drivers\tandpl.sys has been blocked from loading
    due to incompatibility with this system. Please contact your software vendor for
    a compatible version of the driver.

    Error - 11/26/2010 7:02:01 PM | Computer Name = DeskTop | Source = Service Control Manager | ID = 7000
    Description = The tandpl service failed to start due to the following error: %%1275

    Error - 11/26/2010 7:02:01 PM | Computer Name = DeskTop | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 11/26/2010 7:02:10 PM | Computer Name = DeskTop | Source = DCOM | ID = 10001
    Description =


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKLM..\Run: [] File not found
      O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
      O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
      O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
      O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn...Detection2.cab (Reg Error: Key error.)
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O33 - MountPoints2\{605e086b-b6e1-11df-ae49-002618fe6f85}\Shell - "" = AutoRun
      O33 - MountPoints2\{605e086b-b6e1-11df-ae49-002618fe6f85}\Shell\AutoRun\command - "" = J:\TL-Bootstrap.exe -- File not found
      O33 - MountPoints2\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
      @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:40F038C5
      @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:B0D4D817
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. keel5

    keel5 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
    Starting removal of ActiveX control {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{605e086b-b6e1-11df-ae49-002618fe6f85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605e086b-b6e1-11df-ae49-002618fe6f85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{605e086b-b6e1-11df-ae49-002618fe6f85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{605e086b-b6e1-11df-ae49-002618fe6f85}\ not found.
    File J:\TL-Bootstrap.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8939119e-fb1c-11de-a8fd-806e6f6e6963}\ not found.
    File J:\LaunchU3.exe not found.
    ADS C:\ProgramData\TEMP:40F038C5 deleted successfully.
    ADS C:\ProgramData\TEMP:B0D4D817 deleted successfully.
    ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bobby
    ->Temp folder emptied: 5358750 bytes
    ->Temporary Internet Files folder emptied: 70778497 bytes
    ->Java cache emptied: 74699 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 3753 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 78943 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 689536 bytes

    Total Files Cleaned = 73.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bobby
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11282010_212945

    Files\Folders moved on Reboot...
    C:\Users\Bobby\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Windows\temp\mcafee_p60W7FA6Caee2ZN not found!

    Registry entries deleted on Reboot...


    =================================================================

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee Total Protection
    McAfee Virtual Technician
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    TuneUp Companion 1.9.0
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    mcafee VIRUSS~1 mcvsshld.exe
    mcafee VIRUSS~1 mcvsmap.exe
    Emsisoft Anti-Malware a2service.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````


    =============================================================

    No ESET log.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I still can see some old Java installed.
    Make sure to run JavaRa to remove them.

    Other than that....

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  15. keel5

    keel5 TS Rookie Topic Starter

    Here's the last log you asked for. I did run JavaRa twice. I checked with the Java link you posted and it says I have the latest version. I run security check again and it still says I have out of date Java.

    The computer is running great at this point.

    Thank You so much for all your help.

    Lastly, could you tell me what you found on my computer? Was it an infection or just some corrupt files?


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bobby
    ->Temp folder emptied: 5481437 bytes
    ->Temporary Internet Files folder emptied: 58415182 bytes
    ->Java cache emptied: 2027 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2371 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 145184 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 29582 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 302 bytes

    Total Files Cleaned = 61.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bobby
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11302010_184837

    Files\Folders moved on Reboot...
    C:\Users\Bobby\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Bobby\AppData\Local\Temp\~DF4FAA4A3258EBE455.TMP not found!
    File\Folder C:\Users\Bobby\AppData\Local\Temp\~DF5906DA547B4B0E22.TMP not found!
    File\Folder C:\Users\Bobby\AppData\Local\Temp\~DFD86C79255CD64D15.TMP not found!
    File\Folder C:\Users\Bobby\AppData\Local\Temp\~DFF600C1F01DED80D2.TMP not found!
    C:\Users\Bobby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YMJ5GE45\topic157228[1].html moved successfully.
    C:\Users\Bobby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHEOILMJ\crosspixel-dest[1].htm moved successfully.
    C:\Users\Bobby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AHEOILMJ\sh28[1].html moved successfully.
    File\Folder C:\Windows\temp\mcafee_FcfqtKkXvn6DlvE not found!

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You're fine :)

    I'm glad to hear good news :)

    We found possibly infected MBR (this is serious issue, which we fixed and we cleaned some garbage.

    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...