Inactive IE keeps popping up; I use google chrome

Status
Not open for further replies.
P

princessdaedae

Posts: 14   +0
My brother-in-law was watching a stupid video on my laptop. Since that day Internet Explorer has been popping up. I've read through the revised 8 steps process & this is what I have. (gmer appears to come up blank even though I did it 3 times.) I also have the "attach" log but it says do not post unless specifically instructed. If requested, zip it up and attach it"

Can you help?


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5752

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/13/2011 3:25:04 AM
mbam-log-2011-02-13 (03-25-04).txt

Scan type: Full scan (C:\|D:\|G:\|Q:\|)
Objects scanned: 301027
Time elapsed: 39 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Ojaraa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.





DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by DaeDae at 6:46:58.21 on Sun 02/13/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2482 [GMT -10:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
C:\Users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\DaeDae\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "C:\Users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobiLink3] C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {2950CA20-07C8-4FC9-B9A7-190C89F5ED6F} = 68.28.50.91 68.28.58.92
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-15 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 202752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-2-13 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-2-13 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-2-13 83120]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-8-24 82432]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-4-16 6403584]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-16 188928]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-24 32880]
R3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-15 239136]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-15 38456]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/16 00:13:21;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-11-15 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-15 295424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2011-02-13 12:14:42 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\Malwarebytes
2011-02-13 12:07:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-13 12:07:11 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-13 12:07:08 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-13 12:07:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-13 10:34:36 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\Avira
2011-02-13 10:27:56 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-02-13 10:27:55 -------- d-----w- C:\Program Files (x86)\Avira
2011-02-13 10:27:55 -------- d-----w- C:\PROGRA~3\Avira
2011-02-12 19:45:19 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-02-12 08:17:16 129024 ------w- C:\Windows\Ojaraa.exe
2011-02-12 04:40:41 -------- d-----w- C:\Users\DaeDae\AppData\Local\Adobe
2011-02-12 03:46:57 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E1E1CAF4-5307-4EDB-82DA-75313269A6B1}\mpengine.dll
2011-02-09 06:04:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-07 05:17:42 -------- d-----w- C:\PROGRA~3\Recovery
2011-02-06 01:58:33 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2011-02-05 23:46:32 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\SoftGrid Client
2011-02-05 23:46:32 -------- d-----w- C:\Users\DaeDae\AppData\Local\SoftGrid Client
2011-02-05 23:45:44 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-02-05 23:45:29 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\TP
2011-02-02 06:00:38 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-02-01 08:19:35 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\Macrovision
2011-02-01 05:31:41 -------- d-----w- C:\Program Files (x86)\Audible
2011-01-31 20:21:42 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\ICAClient
2011-01-31 20:18:00 73728 ----a-r- C:\Users\DaeDae\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
2011-01-31 20:18:00 73728 ----a-r- C:\Users\DaeDae\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
2011-01-31 20:17:58 -------- d-----w- C:\Users\DaeDae\AppData\Local\Citrix
2011-01-31 09:02:30 -------- d-----w- C:\Users\DaeDae\AppData\Local\HP MediaSmart Video
2011-01-30 20:35:49 -------- d-----w- C:\Users\DaeDae\AppData\Local\CutePDF Writer
2011-01-30 02:59:53 -------- d-----w- C:\Users\DaeDae\AppData\Local\Apple Computer
2011-01-30 02:59:45 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-01-30 02:59:45 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-01-30 02:59:45 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-01-30 02:59:31 -------- d-----w- C:\Program Files\iTunes
2011-01-30 02:59:31 -------- d-----w- C:\Program Files\iPod
2011-01-30 02:59:31 -------- d-----w- C:\Program Files (x86)\iTunes
2011-01-30 02:59:31 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-01-30 02:58:04 -------- d-----w- C:\Users\DaeDae\AppData\Local\Apple
2011-01-30 02:57:39 -------- d-----w- C:\Program Files\Bonjour
2011-01-30 02:57:39 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-01-30 02:47:25 -------- d-----w- C:\Users\DaeDae\AppData\Local\Yahoo
2011-01-30 02:22:45 -------- d-----w- C:\Program Files (x86)\Yahoo!
2011-01-30 02:13:30 -------- d-----r- C:\Program Files (x86)\Skype
2011-01-30 01:37:47 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-01-30 01:31:22 -------- d-----w- C:\Windows\SysWow64\Wat
2011-01-30 01:31:22 -------- d-----w- C:\Windows\System32\Wat
2011-01-29 08:52:57 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-01-29 08:52:57 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-01-29 08:52:57 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-01-29 08:52:57 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-01-29 08:52:57 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-01-29 08:52:57 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-01-29 08:52:56 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-01-29 08:52:56 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-01-29 08:52:56 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-01-29 08:52:56 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-01-29 08:48:17 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-01-29 08:48:17 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-01-29 07:09:44 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
2011-01-29 07:09:15 -------- d-----w- C:\PROGRA~3\Novatel Wireless
2011-01-29 07:07:53 -------- d-----w- C:\Program Files (x86)\Novatel Wireless
2011-01-29 07:06:52 -------- d-----w- C:\Users\DaeDae\AppData\Local\Downloaded Installations
2011-01-29 03:00:19 -------- d-----w- C:\Program Files (x86)\GPLGS
2011-01-29 02:59:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
2011-01-29 02:59:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2011-01-29 02:59:34 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-01-29 02:43:59 633856 ----a-w- C:\Windows\System32\comctl32.dll
2011-01-29 02:40:05 -------- d-----w- C:\Users\DaeDae\AppData\Local\Google
2011-01-29 02:34:21 -------- d-----w- C:\Users\DaeDae\AppData\Local\Deployment
2011-01-29 02:34:21 -------- d-----w- C:\Users\DaeDae\AppData\Local\Apps
2011-01-28 06:24:27 -------- d-----w- C:\Users\DaeDae\AppData\Local\IsolatedStorage
2011-01-28 06:14:57 -------- d-----w- C:\Users\DaeDae\AppData\Local\ATI
2011-01-28 06:14:50 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\hpqLog
2011-01-28 06:07:32 -------- d-----w- C:\Users\DaeDae\AppData\Local\Hewlett-Packard
2011-01-28 06:03:57 -------- d-----w- C:\Users\DaeDae\AppData\Local\VirtualStore

==================== Find3M ====================

2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-30 03:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-30 03:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-16 08:55:11 52224 ----a-w- C:\Windows\System32\rtutils.dll
2010-11-16 08:55:11 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2010-11-16 08:55:01 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-11-16 08:53:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2010-11-16 08:53:10 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-11-16 08:53:10 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-11-16 08:10:11 0 ----a-w- C:\Windows\ativpsrm.bin

============= FINISH: 6:47:48.15 ===============
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Attach.txt part of DDS is missing.
 
Thank you

I've read your response, and will do what ever you tell me to do. Did you want me to copy+paste the "attached" log from the DDS?
 
Attached



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2011 7:57:45 PM
System Uptime: 2/13/2011 3:27:10 AM (3 hours ago)

Motherboard: Hewlett-Packard | | 143F
Processor: AMD Phenom(tm) II P840 Triple-Core Processor | Socket S1G4 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 576 GiB total, 532.896 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 2.88 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP11: 1/31/2011 10:17:31 AM - Installed Citrix XenApp Web Plugin
RP12: 2/1/2011 8:00:16 PM - Windows Update
RP13: 2/4/2011 11:29:15 AM - Windows Update
RP14: 2/7/2011 9:25:50 PM - Windows Update
RP15: 2/8/2011 12:09:26 AM - Windows Update
RP16: 2/8/2011 7:43:31 PM - Windows Update
RP17: 2/9/2011 12:20:24 AM - Windows Update
RP18: 2/11/2011 5:46:15 PM - Windows Update
RP19: 2/11/2011 11:15:27 PM - Removed Adobe Reader 9.4.2 MUI.
RP20: 2/11/2011 11:16:55 PM - Removed Adobe Reader 9.4.2 MUI.
RP21: 2/11/2011 11:20:28 PM - HPSF Restore Point
RP22: 2/12/2011 9:40:56 AM - HPSF Applying updates
RP23: 2/12/2011 9:45:27 AM - Installed HP Support Assistant
RP24: 2/12/2011 9:47:43 AM - Windows Modules Installer
RP25: 2/12/2011 9:48:44 AM - Windows Modules Installer

==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
Audible Download Manager
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
Broadband2Go
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
CyberLink DVD Suite
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
Google Chrome
Heroes of Hellas 2 - Olympia
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
Hulu Desktop
IDT Audio
InstallVC90Support
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype Toolbars
Skype™ 5.1
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Virgin Mobile Broadband Modem Drivers
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

2/9/2011 7:36:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
2/13/2011 6:26:34 AM, Error: RasMan [20276] - CoId={2AB53B3E-2D8F-4F6B-AD5B-CB2388BDAD62}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM5 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
2/13/2011 12:28:15 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
2/12/2011 9:54:17 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882
2/11/2011 10:45:27 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0001007c

Kernel Drivers (total 205):
0x02C54000 \SystemRoot\system32\ntoskrnl.exe
0x02C0B000 \SystemRoot\system32\hal.dll
0x00B96000 \SystemRoot\system32\kdcom.dll
0x00CE7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CF4000 \SystemRoot\system32\PSHED.dll
0x00D08000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EBA000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F5E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F6D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FC4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FCD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D66000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E99000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DC2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EA2000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00FD7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010F1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01255000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01151000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014EA000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x014D5000 \SystemRoot\System32\Drivers\spldr.sys
0x011AF000 \SystemRoot\System32\drivers\rdyboost.sys
0x015DC000 \SystemRoot\System32\Drivers\mup.sys
0x015EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x014DD000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x0184D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01887000 \SystemRoot\system32\DRIVERS\disk.sys
0x0189D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018CD000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x0190D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01937000 \SystemRoot\System32\Drivers\Null.SYS
0x01940000 \SystemRoot\System32\Drivers\Beep.SYS
0x01947000 \SystemRoot\System32\drivers\vga.sys
0x01955000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0197A000 \SystemRoot\System32\drivers\watchdog.sys
0x0198A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01993000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0199C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019A5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019C1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x019DF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CF9000 \SystemRoot\system32\drivers\afd.sys
0x02D83000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DC8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DD1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C16000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C25000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C40000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C54000 \SystemRoot\system32\ntoskrnl.exe
0x02CA5000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02CBC000 \SystemRoot\System32\drivers\discache.sys
0x02CCB000 \SystemRoot\System32\Drivers\dfsc.sys
0x019EC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01800000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01822000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01235000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03696000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03EE0000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x036CA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0454F000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04595000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04800000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04989000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x049E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x049EF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x03E63000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E74000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03E92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03600000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x049FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03EA1000 \SystemRoot\System32\Drivers\fastfat.SYS
0x045B9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x045C8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x045D4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045D9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x045E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045F2000 \SystemRoot\system32\DRIVERS\clwvd.sys
0x03653000 \SystemRoot\system32\DRIVERS\ks.sys
0x045F9000 \SystemRoot\system32\drivers\ksthunk.sys
0x037BE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x037D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02CE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x010BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04AFD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04B1E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04B38000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04B3A000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04B4C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04B5E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04BB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04BCD000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x04A00000 \SystemRoot\system32\drivers\portcls.sys
0x04A3D000 \SystemRoot\system32\drivers\drmk.sys
0x04A5F000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04AE1000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x04BF0000 \SystemRoot\System32\drivers\Dxapi.sys
0x04996000 \SystemRoot\System32\Drivers\crashdmp.sys
0x049A4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04AF2000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x049B0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05C04000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x05C41000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05C5E000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05C8C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x05C9A000 \SystemRoot\system32\drivers\luafv.sys
0x05CBD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x05CDA000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0x05CE5000 \SystemRoot\system32\drivers\WudfPf.sys
0x05D06000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05D1B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x05D6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x05D81000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06041000 \SystemRoot\system32\drivers\HTTP.sys
0x06124000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06142000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0615A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06187000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x061D5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06A31000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
0x0807B000 \SystemRoot\system32\drivers\peauth.sys
0x08121000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0812C000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0x08000000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0x0804D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x081E3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05D99000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08815000 \SystemRoot\System32\DRIVERS\srv.sys
0x088AB000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0x088B6000 \SystemRoot\system32\DRIVERS\nwvmmdm.sys
0x088EB000 \SystemRoot\system32\drivers\modem.sys
0x088FA000 \SystemRoot\system32\DRIVERS\nwvmser.sys
0x0892F000 \SystemRoot\system32\DRIVERS\nwvmser2.sys
0x08964000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0897F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x089B0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x09A88000 \SystemRoot\system32\drivers\spsys.sys
0x77B90000 \Windows\System32\ntdll.dll
0x478F0000 \Windows\System32\smss.exe
0xFFEB0000 \Windows\System32\apisetschema.dll
0xFF810000 \Windows\System32\autochk.exe
0xFFD70000 \Windows\System32\wininet.dll
0x77A90000 \Windows\System32\user32.dll
0xFFC40000 \Windows\System32\rpcrt4.dll
0xFFBC0000 \Windows\System32\difxapi.dll
0xFFBB0000 \Windows\System32\nsi.dll
0xFFB60000 \Windows\System32\ws2_32.dll
0xFFB40000 \Windows\System32\sechost.dll
0xFFAC0000 \Windows\System32\shlwapi.dll
0xFFA70000 \Windows\System32\Wldap32.dll
0xFF9D0000 \Windows\System32\clbcatq.dll
0xFF8C0000 \Windows\System32\msctf.dll
0xFF6E0000 \Windows\System32\setupapi.dll
0xFF6C0000 \Windows\System32\imagehlp.dll
0x77D60000 \Windows\System32\psapi.dll
0xFF4B0000 \Windows\System32\ole32.dll
0x77970000 \Windows\System32\kernel32.dll
0xFF410000 \Windows\System32\comdlg32.dll
0xFF290000 \Windows\System32\urlmon.dll
0xFF220000 \Windows\System32\gdi32.dll
0x77D50000 \Windows\System32\normaliz.dll
0xFF210000 \Windows\System32\lpk.dll
0xFF130000 \Windows\System32\advapi32.dll
0xFE3A0000 \Windows\System32\shell32.dll
0xFE140000 \Windows\System32\iertutil.dll
0xFE0A0000 \Windows\System32\msvcrt.dll
0xFDFC0000 \Windows\System32\oleaut32.dll
0xFDEF0000 \Windows\System32\usp10.dll
0xFDEC0000 \Windows\System32\imm32.dll
0xFDE80000 \Windows\System32\wintrust.dll
0xFDD10000 \Windows\System32\crypt32.dll
0xFDCF0000 \Windows\System32\devobj.dll
0xFDCB0000 \Windows\System32\cfgmgr32.dll
0xFDC40000 \Windows\System32\KernelBase.dll
0xFDBA0000 \Windows\System32\comctl32.dll
0xFDB90000 \Windows\System32\msasn1.dll
0x76830000 \Windows\SysWOW64\normaliz.dll

Processes (total 94):
0 System Idle Process
4 System
268 C:\Windows\System32\smss.exe
380 csrss.exe
460 C:\Windows\System32\wininit.exe
492 csrss.exe
516 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
664 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\atiesrxx.exe
884 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
296 C:\Program Files\IDT\WDM\stacsv64.exe
1092 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\atieclxx.exe
1164 C:\Windows\System32\hpservice.exe
1316 C:\Windows\System32\atibtmon.exe
1340 C:\Windows\System32\vcsFPService.exe
1396 C:\Windows\System32\svchost.exe
1488 C:\Windows\System32\wlanext.exe
1496 C:\Windows\System32\conhost.exe
1592 C:\Windows\System32\spoolsv.exe
1620 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
1684 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1748 C:\Windows\System32\svchost.exe
1900 C:\Windows\System32\svchost.exe
1928 C:\Program Files\IDT\WDM\AESTSr64.exe
1956 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1984 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2012 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2044 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
1124 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1308 C:\Windows\System32\conhost.exe
2116 C:\Windows\System32\taskhost.exe
2236 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
2252 C:\Windows\System32\dwm.exe
2292 C:\Windows\explorer.exe
2464 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2500 C:\Program Files\IDT\WDM\sttray64.exe
2528 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2572 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2624 C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
2684 C:\Users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2696 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
2760 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2768 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
2784 C:\Program Files (x86)\iTunes\iTunesHelper.exe
2960 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2988 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
2376 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
2424 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2560 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2600 C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
3164 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
3212 C:\Windows\System32\svchost.exe
3256 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
3356 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
3408 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3584 WmiPrvSE.exe
3728 WmiPrvSE.exe
3840 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3864 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4056 C:\Windows\System32\taskeng.exe
3248 C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
4364 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4604 C:\Program Files\iPod\bin\iPodService.exe
4800 C:\Windows\System32\SearchIndexer.exe
5032 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1876 WUDFHost.exe
4660 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
2216 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
684 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
2740 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
5244 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
5308 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
5428 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
5508 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
5928 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6008 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
6060 C:\Windows\System32\sppsvc.exe
3572 <unknown>
5140 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5396 C:\Windows\servicing\TrustedInstaller.exe
5400 <unknown>
708 C:\Windows\System32\svchost.exe
5468 C:\Windows\System32\audiodg.exe
404 C:\Users\DaeDae\Downloads\MBRCheck.exe
3000 C:\Windows\System32\conhost.exe
2808 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000090`10200000 (NTFS)
\\.\Q: --> error 5

PhysicalDrive0 Model Number: WDCWD6400BEVT-60A0RT0, Rev: 02.01A02

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1EEA63D727183061F2A693FAB2B948CABB4235AB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Running combofix as soon as I close this browser
 
ComboFix 11-02-13.01 - DaeDae 02/13/2011 18:17:45.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2595 [GMT -10:00]
Running from: c:\users\DaeDae\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-14 04:30 . 2011-02-14 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-13 12:07 . 2010-12-21 04:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-13 12:07 . 2011-02-13 12:07 -------- d-----w- c:\programdata\Malwarebytes
2011-02-13 12:07 . 2011-02-13 12:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-13 12:07 . 2010-12-21 04:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-13 10:27 . 2011-01-11 00:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-13 10:27 . 2011-01-11 00:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-02-13 10:27 . 2011-02-13 10:27 -------- d-----w- c:\programdata\Avira
2011-02-13 10:27 . 2011-02-13 10:27 -------- d-----w- c:\program files (x86)\Avira
2011-02-12 19:45 . 2011-02-12 19:45 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2011-02-12 09:13 . 2011-02-12 09:13 -------- d-----w- c:\windows\Sun
2011-02-12 03:46 . 2011-01-20 20:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E1CAF4-5307-4EDB-82DA-75313269A6B1}\mpengine.dll
2011-02-09 06:04 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 05:45 . 2011-02-09 05:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-02-07 05:17 . 2011-02-12 09:18 -------- d-----w- c:\programdata\Recovery
2011-02-06 01:58 . 2011-02-06 02:01 -------- d-----w- c:\programdata\VirtualizedApplications
2011-02-05 23:45 . 2011-02-05 23:45 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-02-01 05:31 . 2011-02-01 05:31 -------- d-----w- c:\program files (x86)\Audible
2011-01-30 02:59 . 2009-05-18 23:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-30 02:59 . 2008-04-17 22:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-01-30 02:58 . 2011-01-30 02:58 -------- d-----w- c:\program files (x86)\QuickTime
2011-01-30 02:58 . 2011-01-30 02:58 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\program files\Common Files\Apple
2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\program files\Bonjour
2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\program files (x86)\Bonjour
2011-01-30 02:57 . 2011-01-30 02:59 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\programdata\Apple
2011-01-30 02:28 . 2011-01-30 02:28 -------- d-----w- c:\programdata\Yahoo! Companion
2011-01-30 02:27 . 2011-01-30 02:28 -------- d-----w- c:\programdata\Yahoo!
2011-01-30 02:22 . 2011-01-30 02:28 -------- d-----w- c:\program files (x86)\Yahoo!
2011-01-30 02:13 . 2011-01-30 02:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-01-30 02:13 . 2011-01-30 02:14 -------- d-----r- c:\program files (x86)\Skype
2011-01-30 01:37 . 2011-01-30 01:37 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-30 01:31 . 2011-01-30 01:31 -------- d-----w- c:\windows\SysWow64\Wat
2011-01-30 01:31 . 2011-01-30 01:31 -------- d-----w- c:\windows\system32\Wat
2011-01-29 08:52 . 2009-11-25 22:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-01-29 08:52 . 2009-11-25 22:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-01-29 08:52 . 2009-11-25 22:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-01-29 08:52 . 2009-11-25 22:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-01-29 08:52 . 2009-11-25 22:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-01-29 08:52 . 2009-11-25 22:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-29 08:52 . 2009-11-25 22:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-29 08:52 . 2009-11-25 22:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-01-29 08:52 . 2009-11-25 22:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-29 08:52 . 2009-11-25 22:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-01-29 08:48 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2011-01-29 08:48 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2011-01-29 07:09 . 2009-08-25 04:53 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
2011-01-29 07:09 . 2011-01-29 07:09 -------- d-----w- c:\programdata\Novatel Wireless
2011-01-29 07:07 . 2011-01-29 07:09 -------- d-----w- c:\program files (x86)\Novatel Wireless
2011-01-29 03:00 . 2011-01-29 03:00 -------- d-----w- c:\program files (x86)\GPLGS
2011-01-29 02:59 . 2009-11-05 17:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
2011-01-29 02:59 . 2011-01-29 02:59 -------- d-----w- c:\program files (x86)\Acro Software
2011-01-29 02:59 . 2011-01-29 02:59 -------- d-----w- c:\program files (x86)\Ask.com
2011-01-29 02:43 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-01-28 06:01 . 2011-01-28 06:01 -------- d-----w- c:\users\Public\Symantec
2011-01-28 05:58 . 2011-02-13 04:18 -------- d-----w- c:\users\DaeDae

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 03:38 . 2010-11-30 03:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-30 03:38 . 2010-11-30 03:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-16 08:55 . 2010-11-16 08:55 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-11-16 08:55 . 2010-11-16 08:55 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
2010-11-16 08:55 . 2010-11-16 08:55 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2010-11-16 08:53 . 2010-11-16 08:53 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-16 08:53 . 2010-11-16 08:53 613888 ----a-w- c:\windows\system32\psisdecd.dll
2010-11-16 08:53 . 2010-11-16 08:53 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 08:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Google Update"="c:\users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-29 136176]
"MobiLink3"="c:\program files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-26 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-11 281768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/16 00:13;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-16 213376]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-16 213376]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-16 213376]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-16 202752]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-11 135336]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-25 82432]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-16 6403584]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-16 188928]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-25 32880]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]


--- Other Services/Drivers In Memory ---

*Deregistered* - CLKMDRV10_C6F09094

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000Core.job
- c:\users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 02:40]

2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000UA.job
- c:\users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 02:40]

2011-02-13 c:\windows\Tasks\HPCeeScheduleForDaeDae.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF11112.cfxxe" [X]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-09 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: {2950CA20-07C8-4FC9-B9A7-190C89F5ED6F} = 68.28.50.91 68.28.58.92
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atibtmon.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
c:\users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2011-02-13 18:57:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-14 04:57

Pre-Run: 571,631,407,104 bytes free
Post-Run: 571,144,921,088 bytes free

- - End Of File - - 7487955D697E3C74FAB41C0073BEFCC9


I can't run the other one right now. I have to leave for church, but I'll run it as soon as I get home. Thanks again.
 
Uninstall Ask Toolbar, known foistware.

Combofix log looks clean.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
So far the comps been fine. Haven't had that IE pop up. I tried to uninstall Ask gave me a pop up that said, "Do you want to allow the following programs from an unknown publisher to make changes to this computer, C:\Windows\Installer\1d34ad.msi File origin: Hard Drive on this computer" I wasn't sure, so I clicked no. Then it gave me the error message attached.

Should I still run the "rkill" program? And should I run the OTL.exe even if I haven't been able to uninstall ask tool bar?
 

Attachments

  • error.jpg
    error.jpg
    22.8 KB · Views: 0
Try to uninstall Ask Toolbar one more time, but this time say "yes".

Then post OTL logs.
 
Ok Ask is gone. I ran the OTL scan & tried to paste each log in here, but it gave me this error.

The text that you have entered is too long (55905 characters). Please shorten it to 50000 characters long.

Should I save each document & load them as attachments?
 
OTL logfile created on: 2/14/2011 10:06:49 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\DaeDae\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.06 Gb Total Space | 532.43 Gb Free Space | 92.43% Space Free | Partition Type: NTFS
Drive D: | 19.82 Gb Total Space | 2.88 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

Computer Name: DAEDAE-HP | User Name: DaeDae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
PRC - [2011/01/28 16:40:04 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/19 12:09:04 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/06/29 16:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 15:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/24 20:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/06/12 16:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009/08/26 19:44:34 | 000,902,144 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
PRC - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
MOD - [2010/08/20 19:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/18 13:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/08 23:06:18 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/23 16:42:40 | 000,445,192 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/04/16 04:09:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/23 05:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 10:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/29 18:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/06/29 16:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/12 16:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 13:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/23 05:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/10 14:23:53 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/01/10 14:23:52 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010/09/02 19:02:03 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/09/02 19:02:03 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/24 20:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/08 23:06:18 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/05/27 13:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/05/06 03:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/16 04:19:34 | 006,403,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/04/16 03:11:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/02 14:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/08 19:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 00:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/27 15:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/23 15:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 15:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 13:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 10:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 10:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 10:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 10:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 10:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 10:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/11/15 22:41:42 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000..\Run: [MobiLink3] C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe (Novatel Wireless Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 22:15:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
[2011/02/13 18:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/13 18:33:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/02/13 18:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/13 18:16:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/13 18:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/13 18:16:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/13 18:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/13 18:15:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/13 03:25:48 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Desktop\clean
[2011/02/13 02:14:42 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Malwarebytes
[2011/02/13 02:07:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/13 02:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/13 02:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/13 02:07:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/13 02:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/13 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Avira
[2011/02/13 00:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/02/13 00:27:56 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/02/13 00:27:56 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/02/13 00:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/02/13 00:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/02/12 09:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
[2011/02/11 23:13:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/02/11 18:40:41 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Adobe
[2011/02/08 19:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/06 19:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2011/02/05 16:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2011/02/05 15:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/02/05 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Avatar
[2011/02/05 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\SoftGrid Client
[2011/02/05 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\SoftGrid Client
[2011/02/05 13:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/02/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/02/05 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\TP
[2011/01/31 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Macrovision
[2011/01/31 19:31:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2011/01/31 19:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/01/31 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Audible
[2011/01/31 19:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2011/01/31 10:21:42 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\ICAClient
[2011/01/31 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Mozilla
[2011/01/31 10:17:58 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Citrix
[2011/01/30 23:02:30 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\HP MediaSmart Video
[2011/01/30 10:35:49 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\CutePDF Writer
[2011/01/29 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Apple Computer
[2011/01/29 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Apple Computer
[2011/01/29 16:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/01/29 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/29 16:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/01/29 16:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/29 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Apple
[2011/01/29 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/01/29 16:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/01/29 16:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/01/29 16:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/01/29 16:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/01/29 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/01/29 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Yahoo
[2011/01/29 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/01/29 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Yahoo!
[2011/01/29 16:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/01/29 16:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/01/29 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011/01/29 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\skypePM
[2011/01/29 16:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/01/29 16:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/01/29 16:13:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/01/29 16:13:30 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Skype
[2011/01/29 15:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/01/29 15:31:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/01/29 15:31:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/01/28 21:09:44 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
[2011/01/28 21:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novatel Wireless
[2011/01/28 21:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Novatel Wireless
[2011/01/28 21:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novatel Wireless
[2011/01/28 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Downloaded Installations
[2011/01/28 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2011/01/28 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
[2011/01/28 16:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
[2011/01/28 16:51:05 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Desktop\Work
[2011/01/28 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/01/28 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Google
[2011/01/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Deployment
[2011/01/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Apps
[2011/01/28 07:03:24 | 000,000,000 | R-SD | C] -- C:\Users\DaeDae\Documents\My Stationery
[2011/01/28 04:36:29 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Documents\Scanned Documents
[2011/01/28 04:36:29 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Fax
[2011/01/27 20:39:10 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Adobe
[2011/01/27 20:24:27 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\IsolatedStorage
[2011/01/27 20:24:03 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Webcam
[2011/01/27 20:23:54 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\CyberLink
[2011/01/27 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\ATI
[2011/01/27 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\ATI
[2011/01/27 20:14:50 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\hpqLog
[2011/01/27 20:14:20 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/01/27 20:14:20 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/01/27 20:14:19 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Searches
[2011/01/27 20:14:19 | 000,000,000 | -H-D | C] -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/01/27 20:14:10 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Identities
[2011/01/27 20:14:06 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Contacts
[2011/01/27 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Hewlett-Packard
[2011/01/27 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\VirtualStore
[2011/01/27 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Hewlett-Packard
[2011/01/27 20:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
[2011/01/27 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\DigitalPersona
[2011/01/27 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\DigitalPersona
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\AppData\Local\Temporary Internet Files
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Templates
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Start Menu
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\SendTo
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Recent
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\PrintHood
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\NetHood
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Documents\My Videos
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Documents\My Pictures
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Documents\My Music
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\My Documents
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Local Settings
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\AppData\Local\History
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Cookies
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Application Data
[2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\AppData\Local\Application Data
[2011/01/27 19:58:37 | 000,000,000 | --SD | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Videos
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Saved Games
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Pictures
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Music
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Links
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Favorites
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Downloads
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\My Documents
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Desktop
[2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/01/27 19:58:37 | 000,000,000 | -H-D | C] -- C:\Users\DaeDae\AppData
[2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Temp
[2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Microsoft
[2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Media Center Programs
[2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Macromedia
[2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\HuluDesktop

========== Files - Modified Within 30 Days ==========

[2011/02/14 22:03:52 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/14 22:03:52 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/14 22:03:52 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/14 22:02:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/14 22:02:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/14 21:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/14 21:54:54 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/14 06:45:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000UA.job
[2011/02/13 22:25:57 | 000,023,341 | ---- | M] () -- C:\Users\DaeDae\Desktop\error.jpg
[2011/02/13 22:23:24 | 000,034,370 | ---- | M] () -- C:\Users\DaeDae\Desktop\Error.docx
[2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
[2011/02/13 18:10:42 | 000,721,199 | ---- | M] () -- C:\Users\DaeDae\Desktop\rkill.exe
[2011/02/13 18:09:59 | 004,267,704 | R--- | M] () -- C:\Users\DaeDae\Desktop\ComboFix.exe
[2011/02/13 02:07:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/13 00:33:11 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDaeDae.job
[2011/02/13 00:28:03 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/12 09:46:53 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/02/11 17:46:00 | 000,002,368 | ---- | M] () -- C:\Users\DaeDae\Desktop\Google Chrome.lnk
[2011/02/09 19:25:13 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/02/05 16:45:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000Core.job
[2011/02/05 13:45:56 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/31 19:31:42 | 000,002,119 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/01/31 10:19:33 | 000,001,447 | ---- | M] () -- C:\Users\DaeDae\Desktop\Internet Explorer.lnk
[2011/01/29 16:59:47 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/29 16:58:26 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/29 16:27:52 | 000,001,165 | ---- | M] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/29 16:27:52 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/01/29 16:15:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2011/01/29 16:13:32 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/28 21:09:22 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
[2011/01/27 20:36:46 | 000,001,441 | ---- | M] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/27 11:55:12 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/01/27 11:55:12 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/02/13 22:25:57 | 000,023,341 | ---- | C] () -- C:\Users\DaeDae\Desktop\error.jpg
[2011/02/13 22:23:23 | 000,034,370 | ---- | C] () -- C:\Users\DaeDae\Desktop\Error.docx
[2011/02/13 18:16:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/13 18:16:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/13 18:16:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/13 18:16:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/13 18:16:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/13 18:13:39 | 000,721,199 | ---- | C] () -- C:\Users\DaeDae\Desktop\rkill.exe
[2011/02/13 18:13:36 | 004,267,704 | R--- | C] () -- C:\Users\DaeDae\Desktop\ComboFix.exe
[2011/02/13 02:07:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/13 00:28:03 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011/02/12 09:46:53 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/02/05 13:45:56 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/02 17:23:19 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDaeDae.job
[2011/01/31 19:31:42 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2011/01/31 10:19:33 | 000,001,447 | ---- | C] () -- C:\Users\DaeDae\Desktop\Internet Explorer.lnk
[2011/01/29 16:59:47 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/29 16:58:26 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/29 16:58:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/01/29 16:27:52 | 000,001,165 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/01/29 16:27:52 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/01/29 16:15:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/29 16:13:32 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/01/28 21:09:22 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
[2011/01/28 16:59:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
[2011/01/28 16:41:37 | 000,002,368 | ---- | C] () -- C:\Users\DaeDae\Desktop\Google Chrome.lnk
[2011/01/28 16:40:09 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000UA.job
[2011/01/28 16:40:07 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000Core.job
[2011/01/27 20:36:46 | 000,001,441 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/27 20:14:30 | 000,001,413 | ---- | C] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/01/27 20:14:22 | 000,001,447 | ---- | C] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/01/27 20:00:40 | 000,002,306 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2011/01/27 20:00:40 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2011/01/27 20:00:40 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
[2011/01/27 19:58:37 | 000,001,974 | ---- | C] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
[2011/01/27 19:58:37 | 000,000,290 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/01/27 19:58:37 | 000,000,272 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/01/27 11:53:45 | 000,000,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoJack Pro for HP ProtectTools.url
[2010/11/15 22:30:07 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010/11/15 22:29:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/11/15 22:29:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/11/15 22:29:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/11/15 22:28:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/11/15 22:01:35 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/15 22:01:35 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/02 21:19:38 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/02 20:17:53 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/09/02 20:06:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/09/02 20:00:47 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/09/02 19:59:28 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/09/02 19:58:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/02/09 15:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 11:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2011/01/27 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\DigitalPersona
[2011/01/31 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\ICAClient
[2011/02/13 23:05:06 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\SoftGrid Client
[2011/02/05 13:46:41 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\TP
[2009/07/13 19:08:49 | 000,014,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
 
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 15:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/02/13 18:58:01 | 000,019,932 | ---- | M] () -- C:\ComboFix.txt
[2011/02/14 21:54:54 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/14 21:54:57 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/13 19:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 19:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 19:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 19:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 10:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/16 21:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 18:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/27 20:36:46 | 000,000,221 | -HS- | M] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/13 18:09:59 | 004,267,704 | R--- | M] () -- C:\Users\DaeDae\Desktop\ComboFix.exe
[2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
[2011/02/13 18:10:42 | 000,721,199 | ---- | M] () -- C:\Users\DaeDae\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 11:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/01/27 20:14:28 | 000,000,402 | -HS- | M] () -- C:\Users\DaeDae\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/15 22:29:59 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/09/02 20:06:59 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/11/15 22:29:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/09/02 20:00:37 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/11/15 22:28:37 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/11/15 22:29:44 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/09/02 19:59:19 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/09/02 20:06:11 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/11/15 22:30:16 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 2/14/2011 10:06:49 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\DaeDae\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.06 Gb Total Space | 532.43 Gb Free Space | 92.43% Space Free | Partition Type: NTFS
Drive D: | 19.82 Gb Total Space | 2.88 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

Computer Name: DAEDAE-HP | User Name: DaeDae | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}" = ATI Catalyst Install Manager
"{1F6B7CB0-66D8-4B31-BF1F-D2318E58080E}" = HP SimplePass Identity Protection
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{E2BDBC42-A7F5-BE3C-CAE7-672461BADFBB}" = ccc-utility64
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{06C75F9A-97AD-5248-E32E-DF614E74CB30}" = CCC Help English
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17AAFDC8-0126-8325-99C3-BA94ECC88719}" = CCC Help Chinese Standard
"{1C7D54A1-3EAF-1FA6-865A-5BD68563978F}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2469F651-772F-53D7-66D6-EC065F786E38}" = CCC Help French
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E228408-8C07-BF2B-E3BE-6FE3226D0557}" = Catalyst Control Center Graphics Full Existing
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3418A50C-5B73-420F-A617-B680D778573C}" = CCC Help Greek
"{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3CE8DBEF-2A88-F180-F62C-43AA930D6D47}" = CCC Help Korean
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43C189A4-D61F-F7C7-F4BC-C3FE800FF7BB}" = ccc-core-static
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{527B2D1F-0129-70C1-3D8E-D7C13994F3D8}" = Catalyst Control Center Graphics Previews Common
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5911C3EB-2E4F-80CC-4A1F-65DD5BFFEA0D}" = CCC Help German
"{639BDAFA-4A48-62A1-E2D9-13A84E9582FE}" = CCC Help Polish
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6B6A1FFD-AF4B-2348-1854-1BBDD6A4E852}" = CCC Help Chinese Traditional
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{705893E4-960A-E551-4825-B63B7BE8959A}" = CCC Help Czech
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{766BF6D1-A746-9B26-EC0B-E76DF6D5DE07}" = CCC Help Norwegian
"{783C5B03-DF9C-30B0-BC32-066150B77F19}" = CCC Help Japanese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83853D8B-E9F1-1E35-2F1B-4210D2875A8C}" = CCC Help Spanish
"{845E9545-2A7F-FFCB-D2FA-A292B0137325}" = CCC Help Hungarian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6E13F3-44FB-A8A6-D9F5-2AF030A47F2C}" = CCC Help Portuguese
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{996FF46F-797F-AFE4-2932-3F391B5BB4A5}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AA11D798-A4C3-F2BF-E9C8-584D1AA7C891}" = Catalyst Control Center Graphics Full New
"{AB14AFDF-990F-C0FD-DDDF-6113BD111593}" = Catalyst Control Center Localization All
"{AEBFE622-2807-E0D5-E7E2-0D5AA4977B48}" = CCC Help Danish
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2C904FA-DB34-47A3-B8D6-50F4E7AC5808}" = Virgin Mobile Broadband Modem Drivers
"{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BFC1210F-19B0-A7F0-B027-82AD610DA5B7}" = CCC Help Italian
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = Broadband2Go
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8871195-1265-0859-CC55-ADE112EEF7D3}" = Times Reader
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D2D49B64-FBC1-15EE-5734-97BB457F197E}" = Catalyst Control Center Core Implementation
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5EA734C-2DEC-76F6-9D98-97D57A6F61CE}" = CCC Help Swedish
"{DB6A09A0-34B0-BFE5-7026-C91829ED879D}" = CCC Help Turkish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E1600759-7AB3-A146-5ED4-4A50E743D3D3}" = CCC Help Russian
"{E22B38FA-7A08-3CEE-EB31-970C4CF2AA54}" = CCC Help Dutch
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5AE53A7-1A79-4840-998F-A18042A2F568}" = HP Documentation
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
"{F55BB217-BB0F-4A7A-A499-8A0C34D842E2}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE39FB6F-05FB-4B09-4DE7-6E2BEC08427D}" = CCC Help Finnish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadband2Go" = Broadband2Go
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2011 10:26:57 AM | Computer Name = DaeDae-HP | Source = Application Error | ID = 1000
Description = Faulting application name: hpqwmiex.exe, version: 4.0.39.1, time stamp:
0x4c24f856 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdaca Exception code: 0xc0000005 Fault offset: 0x00004660 Faulting process id:
0xbf0 Faulting application start time: 0x01cbbeb24f84bc6e Faulting application path:
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe Faulting module path:
C:\Windows\syswow64\OLEAUT32.dll Report Id: a8b819ff-2aea-11e0-a168-8b022bd9d7f1

Error - 1/29/2011 3:11:22 AM | Computer Name = DaeDae-HP | Source = RasClient | ID = 20227
Description =

Error - 1/29/2011 4:54:24 AM | Computer Name = DaeDae-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 1/29/2011 4:55:26 AM | Computer Name = DaeDae-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 1/29/2011 9:45:30 PM | Computer Name = DaeDae-HP | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Bing Bar' could not be shut down.

Error - 1/29/2011 10:20:33 PM | Computer Name = DaeDae-HP | Source = MsiInstaller | ID = 10005
Description =

Error - 1/30/2011 4:23:57 PM | Computer Name = DaeDae-HP | Source = RasClient | ID = 20227
Description =

Error - 1/31/2011 4:45:52 AM | Computer Name = DaeDae-HP | Source = Windows Backup | ID = 4103
Description =

Error - 2/4/2011 11:17:22 PM | Computer Name = DaeDae-HP | Source = RasClient | ID = 20227
Description =

Error - 2/6/2011 4:32:58 AM | Computer Name = DaeDae-HP | Source = Application Error | ID = 1000
Description = Faulting application name: mDNSResponder.exe, version: 2.0.4.0, time
stamp: 0x4cae1be1 Faulting module name: mDNSResponder.exe, version: 2.0.4.0, time
stamp: 0x4cae1be1 Exception code: 0xc0000005 Fault offset: 0x0000110a Faulting process
id: 0x770 Faulting application start time: 0x01cbc58cadf0fe13 Faulting application
path: C:\Program Files (x86)\Bonjour\mDNSResponder.exe Faulting module path: C:\Program
Files (x86)\Bonjour\mDNSResponder.exe Report Id: b33a7ea4-31cb-11e0-8770-96bfd5187a8c

[ HP Wireless Assistant Events ]
Error - 1/28/2011 1:59:07 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:00:15 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:01:22 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:02:30 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:03:38 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:04:46 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:05:51 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 1/28/2011 2:06:51 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 1/29/2011 9:32:01 PM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7000
Description = The HP Wireless Assistant Service service failed to start due to the
following error: %%1053

Error - 1/31/2011 4:08:48 PM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 2/3/2011 5:27:44 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the CinemaNow Service service.

Error - 2/3/2011 5:28:28 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 2/3/2011 8:05:45 PM | Computer Name = DaeDae-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \...\DR2.

Error - 2/6/2011 4:33:01 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 2/6/2011 2:17:57 PM | Computer Name = DaeDae-HP | Source = DCOM | ID = 10010
Description =

Error - 2/8/2011 6:10:18 AM | Computer Name = DaeDae-HP | Source = DCOM | ID = 10010
Description =

Error - 2/10/2011 1:36:13 AM | Computer Name = DaeDae-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/12/2011 4:45:27 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7034
Description = The HP Software Framework Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
PRC - File not found -- 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I've been trying to get back to the thread from my comp but it wasn't working. Also I noticed that the finger print indetifying system on my laptop is gone. Anyway I'll try to get back on the thread from my laptop. I'm on my phone right now. Thanks again for all your help.
 
Ok disabled the antivirus, tried to run OTL again. No go.

Started & running it in safe mode, but it's been running for about 15-20 mins. & I can't tell if it's working or not.

I'm on my phone.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back