TechSpot

Malwarebytes protection logs show IP block for skype, what does this mean?

By mdw90
Sep 8, 2011
  1. There are protection logs practically every day from 8/22-9/8 all involving an outgoing IP block against skype. I figured I'd just post logs of the first day and the last day, but if it'd be better help for me to post logs of every day let me know. I ran a malware scan (Malwarebytes) and a scan for viruses (used CC Cleaner, MSE, and Super). There appears to be no harmful threat. If anyone could help me get this message to stop showing up (aside from hiding the notifications) it'd help me out a lot. Thanks.

    8-22's log of Malwarebytes.
    02:31:51 Marc MESSAGE Protection started successfully
    02:31:54 Marc MESSAGE IP Protection started successfully
    02:36:26 Marc MESSAGE IP Protection stopped
    02:36:27 Marc MESSAGE Database updated successfully
    02:36:28 Marc MESSAGE IP Protection started successfully
    08:37:29 Marc MESSAGE Protection started successfully
    08:37:32 Marc MESSAGE IP Protection started successfully
    19:04:48 Marc MESSAGE Scheduled update executed successfully
    19:05:01 Marc MESSAGE IP Protection stopped
    19:05:02 Marc MESSAGE Database updated successfully
    19:05:02 Marc MESSAGE IP Protection started successfully
    20:08:57 Marc IP-BLOCK 83.128.77.9 (Type: outgoing, Port: 1571, Process: skype.exe)
    20:08:57 Marc IP-BLOCK 83.128.77.9 (Type: outgoing, Port: 1571, Process: skype.exe)
    21:53:42 Marc IP-BLOCK 89.28.26.184 (Type: outgoing, Port: 1571, Process: skype.exe)
    21:53:42 Marc IP-BLOCK 89.28.26.184 (Type: outgoing, Port: 1571, Process: skype.exe)
    21:53:50 Marc IP-BLOCK 89.28.26.184 (Type: outgoing, Port: 1571, Process: skype.exe)
    21:56:54 Marc IP-BLOCK 98.126.189.98 (Type: outgoing, Port: 1571, Process: skype.exe)
    21:57:10 Marc IP-BLOCK 77.78.240.56 (Type: outgoing, Port: 1571, Process: skype.exe)
    22:09:51 Marc IP-BLOCK 77.78.240.56 (Type: outgoing, Port: 1571, Process: skype.exe)

    9-8's log
    00:06:50 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:06:50 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:06:58 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:09:14 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:09:22 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:09:22 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:09:54 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:10:02 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:10:02 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:12:42 Marc IP-BLOCK 91.188.56.58 (Type: incoming, Port: 1571, Process: skype.exe)
    00:12:42 Marc IP-BLOCK 91.188.56.58 (Type: incoming, Port: 1571, Process: skype.exe)
    00:12:42 Marc IP-BLOCK 91.188.56.58 (Type: incoming, Port: 1571, Process: skype.exe)
    00:12:58 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:12:58 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:06 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:30 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:30 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:30 Marc IP-BLOCK 83.128.77.9 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:46 Marc IP-BLOCK 89.28.80.178 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:46 Marc IP-BLOCK 89.28.80.178 (Type: incoming, Port: 1571, Process: skype.exe)
    00:13:47 Marc IP-BLOCK 89.28.80.178 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:03 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:03 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:03 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:03 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:03 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:11 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:27 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:27 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    00:14:35 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    00:26:03 Marc IP-BLOCK 98.142.251.199 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:26:11 Marc IP-BLOCK 98.142.251.199 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:26:11 Marc IP-BLOCK 98.142.251.199 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:29:07 Marc IP-BLOCK 213.155.21.224 (Type: incoming, Port: 1571, Process: skype.exe)
    00:29:07 Marc IP-BLOCK 213.155.21.224 (Type: incoming, Port: 1571, Process: skype.exe)
    00:29:07 Marc IP-BLOCK 213.155.21.224 (Type: incoming, Port: 1571, Process: skype.exe)
    00:30:19 Marc IP-BLOCK 59.34.197.5 (Type: incoming, Port: 1571, Process: skype.exe)
    00:30:27 Marc IP-BLOCK 59.34.197.5 (Type: incoming, Port: 1571, Process: skype.exe)
    00:30:35 Marc IP-BLOCK 59.34.197.5 (Type: incoming, Port: 1571, Process: skype.exe)
    00:31:47 Marc IP-BLOCK 222.65.170.55 (Type: incoming, Port: 1571, Process: skype.exe)
    00:31:47 Marc IP-BLOCK 222.65.170.55 (Type: incoming, Port: 1571, Process: skype.exe)
    00:31:55 Marc IP-BLOCK 222.65.170.55 (Type: incoming, Port: 1571, Process: skype.exe)
    00:32:27 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:27 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:35 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:51 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:51 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:51 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:52 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:52 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:32:52 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:34:12 Marc IP-BLOCK 213.226.196.105 (Type: incoming, Port: 1571, Process: skype.exe)
    00:34:20 Marc IP-BLOCK 213.226.196.105 (Type: incoming, Port: 1571, Process: skype.exe)
    00:34:20 Marc IP-BLOCK 213.226.196.105 (Type: incoming, Port: 1571, Process: skype.exe)
    00:34:36 Marc IP-BLOCK 89.209.91.54 (Type: incoming, Port: 1571, Process: skype.exe)
    00:34:36 Marc IP-BLOCK 89.209.91.54 (Type: incoming, Port: 1571, Process: skype.exe)
    00:34:36 Marc IP-BLOCK 195.244.128.36 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:34:44 Marc IP-BLOCK 195.244.128.36 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:34:44 Marc IP-BLOCK 89.209.91.54 (Type: incoming, Port: 1571, Process: skype.exe)
    00:34:44 Marc IP-BLOCK 195.244.128.36 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:36:28 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:36:28 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:36:36 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:36:52 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:36:52 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:37:00 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:37:16 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:37:16 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:37:16 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:37:16 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:37:16 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:37:16 Marc IP-BLOCK 93.174.95.218 (Type: incoming, Port: 1571, Process: skype.exe)
    00:39:40 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:39:40 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:39:40 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:41:56 Marc IP-BLOCK 89.28.82.152 (Type: incoming, Port: 1571, Process: skype.exe)
    00:41:56 Marc IP-BLOCK 89.28.82.152 (Type: incoming, Port: 1571, Process: skype.exe)
    00:41:56 Marc IP-BLOCK 89.28.82.152 (Type: incoming, Port: 1571, Process: skype.exe)
    00:43:24 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 443, Process: skype.exe)
    00:43:24 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 1571, Process: skype.exe)
    00:43:32 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 1571, Process: skype.exe)
    00:43:32 Marc IP-BLOCK 222.76.149.2 (Type: incoming, Port: 1571, Process: skype.exe)
    00:43:40 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    00:43:48 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    00:43:48 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    00:44:20 Marc IP-BLOCK 77.78.250.217 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:44:20 Marc IP-BLOCK 77.78.250.217 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:44:20 Marc IP-BLOCK 77.78.250.217 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:44:20 Marc IP-BLOCK 77.78.250.217 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:44:28 Marc IP-BLOCK 77.78.250.217 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:44:28 Marc IP-BLOCK 77.78.250.217 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:50:53 Marc IP-BLOCK 91.188.41.70 (Type: incoming, Port: 1571, Process: skype.exe)
    00:50:53 Marc IP-BLOCK 91.188.41.70 (Type: incoming, Port: 1571, Process: skype.exe)
    00:51:01 Marc IP-BLOCK 91.188.41.70 (Type: incoming, Port: 1571, Process: skype.exe)
    00:51:41 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:51:41 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:51:49 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:52:29 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:52:29 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:52:37 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:52:53 Marc IP-BLOCK 195.234.5.194 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:52:53 Marc IP-BLOCK 195.234.5.194 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:53:01 Marc IP-BLOCK 195.234.5.194 (Type: outgoing, Port: 1571, Process: skype.exe)
    00:53:09 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:53:09 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:53:09 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:53:41 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:53:41 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:53:49 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:54:21 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:54:21 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:54:29 Marc IP-BLOCK 62.45.145.217 (Type: incoming, Port: 1571, Process: skype.exe)
    00:57:49 Marc IP-BLOCK 89.28.19.196 (Type: incoming, Port: 1571, Process: skype.exe)
    00:57:49 Marc IP-BLOCK 89.28.19.196 (Type: incoming, Port: 1571, Process: skype.exe)
    00:57:49 Marc IP-BLOCK 89.28.19.196 (Type: incoming, Port: 1571, Process: skype.exe)
    00:59:41 Marc IP-BLOCK 87.248.173.31 (Type: incoming, Port: 1571, Process: skype.exe)
    00:59:41 Marc IP-BLOCK 87.248.173.31 (Type: incoming, Port: 1571, Process: skype.exe)
    00:59:49 Marc IP-BLOCK 87.248.173.31 (Type: incoming, Port: 1571, Process: skype.exe)
    01:04:13 Marc IP-BLOCK 83.128.105.172 (Type: incoming, Port: 1571, Process: skype.exe)
    01:04:21 Marc IP-BLOCK 83.128.105.172 (Type: incoming, Port: 1571, Process: skype.exe)
    01:04:21 Marc IP-BLOCK 83.128.105.172 (Type: incoming, Port: 1571, Process: skype.exe)
    01:05:25 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    01:05:25 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    01:05:33 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    01:05:33 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    01:05:33 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    01:05:34 Marc IP-BLOCK 212.116.122.130 (Type: incoming, Port: 1571, Process: skype.exe)
    01:06:30 Marc IP-BLOCK 193.169.40.7 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:06:30 Marc IP-BLOCK 193.169.40.7 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:06:30 Marc IP-BLOCK 193.169.40.7 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:11:34 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    01:11:34 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    01:11:42 Marc IP-BLOCK 195.244.128.36 (Type: incoming, Port: 1571, Process: skype.exe)
    01:11:50 Marc IP-BLOCK 89.28.98.21 (Type: incoming, Port: 1571, Process: skype.exe)
    01:11:50 Marc IP-BLOCK 89.28.98.21 (Type: incoming, Port: 1571, Process: skype.exe)
    01:11:58 Marc IP-BLOCK 89.28.98.21 (Type: incoming, Port: 1571, Process: skype.exe)
    01:13:10 Marc IP-BLOCK 89.28.82.146 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:13:10 Marc IP-BLOCK 89.28.82.146 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:13:10 Marc IP-BLOCK 89.28.82.146 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:14:30 Marc IP-BLOCK 77.78.242.74 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:14:30 Marc IP-BLOCK 77.78.242.74 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:14:30 Marc IP-BLOCK 77.78.242.74 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:15:18 Marc IP-BLOCK 62.45.208.218 (Type: incoming, Port: 1571, Process: skype.exe)
    01:15:18 Marc IP-BLOCK 62.45.208.218 (Type: incoming, Port: 1571, Process: skype.exe)
    01:15:26 Marc IP-BLOCK 62.45.208.218 (Type: incoming, Port: 1571, Process: skype.exe)
    01:18:22 Marc IP-BLOCK 195.234.5.194 (Type: incoming, Port: 1571, Process: skype.exe)
    01:18:22 Marc IP-BLOCK 195.234.5.194 (Type: incoming, Port: 1571, Process: skype.exe)
    01:18:22 Marc IP-BLOCK 195.234.5.194 (Type: incoming, Port: 1571, Process: skype.exe)
    01:18:46 Marc IP-BLOCK 77.74.36.107 (Type: incoming, Port: 1571, Process: skype.exe)
    01:18:46 Marc IP-BLOCK 77.74.36.107 (Type: incoming, Port: 1571, Process: skype.exe)
    01:18:54 Marc IP-BLOCK 77.74.36.107 (Type: incoming, Port: 1571, Process: skype.exe)
    01:20:14 Marc IP-BLOCK 62.45.177.3 (Type: incoming, Port: 1571, Process: skype.exe)
    01:20:14 Marc IP-BLOCK 62.45.177.3 (Type: incoming, Port: 1571, Process: skype.exe)
    01:20:22 Marc IP-BLOCK 62.45.177.3 (Type: incoming, Port: 1571, Process: skype.exe)
    01:21:18 Marc IP-BLOCK 62.45.198.82 (Type: incoming, Port: 1571, Process: skype.exe)
    01:21:18 Marc IP-BLOCK 62.45.198.82 (Type: incoming, Port: 1571, Process: skype.exe)
    01:21:26 Marc IP-BLOCK 62.45.198.82 (Type: incoming, Port: 1571, Process: skype.exe)
    01:22:06 Marc IP-BLOCK 62.45.194.36 (Type: incoming, Port: 1571, Process: skype.exe)
    01:22:06 Marc IP-BLOCK 62.45.194.36 (Type: incoming, Port: 1571, Process: skype.exe)
    01:22:14 Marc IP-BLOCK 62.45.194.36 (Type: incoming, Port: 1571, Process: skype.exe)
    01:23:03 Marc IP-BLOCK 89.149.233.144 (Type: incoming, Port: 443, Process: skype.exe)
    01:23:43 Marc IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:23:43 Marc IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:23:43 Marc IP-BLOCK 89.28.50.227 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:24:55 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:24:55 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:24:55 Marc IP-BLOCK 109.230.246.139 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:26:23 Marc IP-BLOCK 87.248.174.153 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:26:23 Marc IP-BLOCK 87.248.174.153 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:26:23 Marc IP-BLOCK 87.248.174.153 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:26:23 Marc IP-BLOCK 87.248.174.153 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:26:31 Marc IP-BLOCK 87.248.174.153 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:26:31 Marc IP-BLOCK 87.248.174.153 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:27:03 Marc IP-BLOCK 222.65.140.199 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:11 Marc IP-BLOCK 222.65.140.199 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:11 Marc IP-BLOCK 222.65.140.199 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:19 Marc IP-BLOCK 121.10.0.14 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:27 Marc IP-BLOCK 121.10.0.14 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:27 Marc IP-BLOCK 121.10.0.14 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:51 Marc IP-BLOCK 89.28.120.189 (Type: incoming, Port: 1571, Process: skype.exe)
    01:27:51 Marc IP-BLOCK 89.28.120.189 (Type: incoming, Port: 1571, Process: skype.exe)
    01:28:23 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:28:23 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:28:23 Marc IP-BLOCK 98.142.247.78 (Type: outgoing, Port: 1571, Process: skype.exe)
    01:32:56 Marc IP-BLOCK 91.188.63.144 (Type: incoming, Port: 1571, Process: skype.exe)
    01:33:04 Marc IP-BLOCK 91.188.63.144 (Type: incoming, Port: 1571, Process: skype.exe)
    01:33:04 Marc IP-BLOCK 91.188.63.144 (Type: incoming, Port: 1571, Process: skype.exe)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    Virus Scan MSE, Super
    There was nothing found.

    Malwarebytes
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7680

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/9/2011 5:23:50 PM
    mbam-log-2011-09-09 (17-23-50).txt

    Scan type: Quick scan
    Objects scanned: 186057
    Time elapsed: 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    I couldn't open GMER. I did the steps in the guide (turned off real time protection, disabled the internet). I also tried both mirrors, these were the results:

    "C:\Windows\system32\config\system: The system cannot find the file specified."
    "C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process
    C:\Users\Marc\ntuser.dat: The process cannot access the file because it is being used by another process
    GMER hasn't found any system modification

    Malwarebytes:
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7680

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    9/9/2011 5:23:50 PM
    mbam-log-2011-09-09 (17-23-50).txt

    Scan type: Quick scan
    Objects scanned: 186057
    Time elapsed: 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
    Run by Marc at 17:28:26 on 2011-09-09
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4078.2901 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe
    I:\Program Files\DisplayFusion\DisplayFusion.exe
    C:\Program Files (x86)\SafeConnect\scManager.sys
    I:\Program Files\Auto Clicker\AutoClicker.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    I:\Program Files\RainMeter\Rainmeter.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\SafeConnect\scClient.exe
    C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    I:\Graphics Card\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    I:\Graphics Card\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = google.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [F.lux] "C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [DisplayFusion] "I:\Program Files\DisplayFusion\DisplayFusion.exe"
    uRun: [MurGee.com Auto Clicker] I:\Program Files\Auto Clicker\AutoClicker.exe :silent
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [StartCCC] "I:\Graphics Card\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Marc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - I:\Program Files\RainMeter\Rainmeter.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
    TCP: DhcpNameServer = 137.99.25.14 137.99.203.20
    TCP: Interfaces\{25446B41-60E0-4B2E-B37D-0A85E0AD997F} : DhcpNameServer = 137.99.25.14 137.99.203.20
    TCP: Interfaces\{25446B41-60E0-4B2E-B37D-0A85E0AD997F}\541474C454F4E45423 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{C36A398D-1FBB-4A84-BCF3-F07430401293} : DhcpNameServer = 137.99.25.14 137.99.203.20
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [StartCCC] "I:\Graphics Card\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-7-12 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-5-4 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-3-5 235752]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-30 366640]
    R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-3-15 71168]
    R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
    R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-30 2337144]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-30 2656280]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-09-09 02:08:13 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFC14739-DDF0-4C49-B369-FD6C1128A574}\mpengine.dll
    2011-09-08 05:03:42 -------- d-----w- C:\ProgramData\RegCure
    2011-09-08 01:10:53 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0CD411B-B777-46C3-8ACF-CF1AC088677B}\gapaengine.dll
    2011-09-05 17:19:55 -------- d-----w- C:\Users\Marc\AppData\Roaming\.anki
    2011-09-05 05:15:22 -------- d-----w- C:\Windows\SysWow64\directx
    2011-09-03 15:29:16 -------- d-----w- C:\Program Files (x86)\SafeConnect
    2011-08-25 01:55:04 -------- d-----w- C:\Users\Marc\AppData\Roaming\AnvSoft
    2011-08-25 01:43:32 -------- d-----w- C:\Program Files (x86)\eRightSoft
    2011-08-25 01:41:10 -------- d-----w- C:\Users\Marc\AppData\Roaming\HPPlay
    2011-08-25 01:41:10 -------- d-----w- C:\Users\Marc\AppData\Local\HPPlay
    2011-08-25 00:12:26 -------- d-----w- C:\Users\Marc\AppData\Roaming\Jason Robitaille
    2011-08-24 23:47:46 -------- d-----w- C:\Program Files\Palm, Inc
    2011-08-24 20:35:10 -------- d-----w- C:\Program Files (x86)\MSECache
    2011-08-24 07:17:28 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-08-24 07:17:28 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-08-22 06:31:33 -------- d-----w- C:\Users\Marc\AppData\Roaming\Malwarebytes
    2011-08-16 18:44:19 -------- d-----w- C:\Users\Marc\AppData\Roaming\TeamViewer
    2011-08-15 10:27:58 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-08-15 10:27:58 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-08-15 10:27:58 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-08-15 10:27:58 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-08-15 10:27:58 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-08-14 14:50:58 -------- d-----w- C:\Users\Marc\AppData\Roaming\Mipony
    2011-08-14 14:30:12 -------- d-----w- C:\Users\Marc\AppData\Roaming\DisplayFusion
    2011-08-14 00:25:51 -------- d-----w- C:\Users\Marc\AppData\Roaming\Rainmeter
    2011-08-13 23:38:58 -------- d-----w- C:\Users\Marc\AppData\Local\gizmorip
    2011-08-13 23:19:25 -------- d-----w- C:\Users\Marc\AppData\Roaming\rinsebyreal
    2011-08-11 07:29:56 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-08-11 04:51:58 5120 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    .
    ==================== Find3M ====================
    .
    2011-08-18 23:04:59 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-06 12:51:10 0 ----a-w- C:\Windows\ativpsrm.bin
    2011-07-30 19:13:38 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
    2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
    2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
    2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
    2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
    2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
    2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
    .
    ============= FINISH: 17:28:37.69 ===============

    DDS Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/30/2011 2:48:37 PM
    System Uptime: 9/9/2011 2:05:32 AM (15 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P8H61-M
    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 30 GiB total, 3.727 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is FIXED (NTFS) - 932 GiB total, 851.057 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP47: 9/9/2011 12:21:13 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.6
    AIM 7
    Anki
    Any Video Converter 3.2.7
    Apple Application Support
    Apple Software Update
    Application Profiles
    Auto Clicker v1.1
    AutoHotkey 1.1.02.00
    Browser Configuration Utility
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    DisplayFusion 3.2.0
    DivX Web Player
    Download Updater (AOL LLC)
    Dropbox
    F.lux
    FitDay
    Fractal Dragon Screensaver 1.0
    GizmoRip version 3.007
    GizmoTrim version 0.402
    Holdem Manager
    HP Play [beta]
    HydraVision
    ImgBurn
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 7
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Easy Assist v2
    Microsoft Office Live Meeting 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MiPony 1.5.0
    Mozilla Firefox 6.0.2 (x86 en-US)
    Nintendo (NES)
    Nintendo 64
    OpenOffice.org 3.3
    PokerStove version 1.23
    PostgreSQL 8.4
    QuickTime
    Rainmeter
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    SafeConnect
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Sega Genesis Mega Drive
    Skype™ 5.5
    Steam
    Super Nintendo (SNES)
    TeamViewer 6
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VC80CRTRedist - 8.0.50727.762
    VLC media player 1.1.11
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/9/2011 10:09:30 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
    9/8/2011 3:15:28 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    9/7/2011 9:00:15 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR7.
    9/2/2011 8:42:52 AM, Error: NetBT [4321] - The name "ZEUS :20" could not be registered on the interface with IP address 137.99.242.185. The computer with the IP address 10.4.40.7 did not allow the name to be claimed by this computer.
    9/2/2011 8:42:52 AM, Error: NetBT [4321] - The name "ZEUS :0" could not be registered on the interface with IP address 137.99.242.185. The computer with the IP address 10.4.40.7 did not allow the name to be claimed by this computer.
    9/2/2011 3:03:44 PM, Error: NetBT [4321] - The name "ZEUS :0" could not be registered on the interface with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not allow the name to be claimed by this computer.
    9/2/2011 2:39:42 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{25446B41-60E0-4B2E-B37D-0A85E0AD997F} because another computer on the network has the same name. The server could not start.
    9/2/2011 2:39:42 PM, Error: NetBT [4321] - The name "ZEUS :20" could not be registered on the interface with IP address 67.221.68.156. The computer with the IP address 10.4.40.7 did not allow the name to be claimed by this computer.
    9/2/2011 2:39:42 PM, Error: NetBT [4321] - The name "ZEUS :0" could not be registered on the interface with IP address 67.221.68.156. The computer with the IP address 10.4.40.7 did not allow the name to be claimed by this computer.
    9/2/2011 2:28:22 PM, Error: NetBT [4321] - The name "ZEUS :0" could not be registered on the interface with IP address 67.221.68.156. The computer with the IP address 10.4.40.135 did not allow the name to be claimed by this computer.
    9/2/2011 2:13:07 PM, Error: NetBT [4321] - The name "ZEUS :20" could not be registered on the interface with IP address 67.221.68.156. The computer with the IP address 10.4.40.135 did not allow the name to be claimed by this computer.
    9/2/2011 11:22:00 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{C36A398D-1FBB-4A84-BCF3-F07430401293} because another computer on the network has the same name. The server could not start.
    9/2/2011 11:22:00 AM, Error: NetBT [4321] - The name "ZEUS :20" could not be registered on the interface with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =======================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    aswMBR
    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-12 20:01:27
    -----------------------------
    20:01:27.411 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:01:27.411 Number of processors: 8 586 0x2A07
    20:01:27.411 ComputerName: ZEUS UserName: Marc
    20:01:27.441 Initialze error 1
    20:02:25.077 AVAST engine defs: 11091201
    20:02:58.210 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    20:02:58.213 Disk 0 Vendor: OCZ-VERTEX 1.6 Size: 30533MB BusType: 3
    20:02:58.216 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
    20:02:58.219 Disk 1 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
    20:02:58.222 Disk 0 MBR read successfully
    20:02:58.225 Disk 0 MBR scan
    20:02:58.231 Disk 0 unknown MBR code
    20:02:58.235 Service scanning
    20:02:59.508 Modules scanning
    20:02:59.512 Disk 0 trace - called modules:
    20:02:59.518 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    20:02:59.523 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004542790]
    20:02:59.528 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004346520]
    20:02:59.533 5 ACPI.sys[fffff88000f7d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004342680]
    20:02:59.536 AVAST engine scan C:\Windows
    20:02:59.539 AVAST engine scan C:\Windows\system32
    20:02:59.542 AVAST engine scan C:\Windows\system32\drivers
    20:02:59.546 AVAST engine scan C:\Users\Marc
    20:02:59.549 AVAST engine scan C:\ProgramData
    20:02:59.552 Scan finished successfully
    20:03:35.240 Disk 0 MBR has been saved successfully to "I:\School\Text files\MBR.dat"
    20:03:35.283 The log file has been saved successfully to "I:\School\Text files\aswMBR.txt"


    Combofix
    ComboFix 11-09-12.04 - Marc 09/12/2011 20:06:29.1.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4078.3049 [GMT -4:00]
    Running from: i:\program files\Miscellaneous Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Marc\AppData\Roaming\Roaming
    c:\users\Marc\AppData\Roaming\Roaming\HoldemManager\config\FTPRushTables.xml
    c:\users\Marc\AppData\Roaming\Roaming\HoldemManager\Importing\Work Folder\Thumbs.db
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-13 to 2011-09-13 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-12 14:59 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB753519-2C0E-4796-8C85-276D9C015AE5}\mpengine.dll
    2011-09-08 05:03 . 2011-09-08 05:04 -------- d-----w- c:\programdata\RegCure
    2011-09-08 01:10 . 2011-07-30 19:40 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CD411B-B777-46C3-8ACF-CF1AC088677B}\gapaengine.dll
    2011-09-05 17:19 . 2011-09-05 19:32 -------- d-----w- c:\users\Marc\AppData\Roaming\.anki
    2011-09-03 15:29 . 2011-09-13 00:09 -------- d-----w- c:\program files (x86)\SafeConnect
    2011-09-02 14:47 . 2011-09-02 14:48 -------- d-----w- c:\users\Marc\AppData\Roaming\ImgBurn
    2011-08-25 01:55 . 2011-08-25 01:55 -------- d-----w- c:\users\Marc\AppData\Roaming\AnvSoft
    2011-08-25 01:43 . 2011-08-25 01:43 -------- d-----w- c:\program files (x86)\eRightSoft
    2011-08-25 01:41 . 2011-08-25 01:41 -------- d-----w- c:\users\Marc\AppData\Roaming\HPPlay
    2011-08-25 01:41 . 2011-08-25 01:41 -------- d-----w- c:\users\Marc\AppData\Local\HPPlay
    2011-08-25 01:41 . 2011-08-25 01:41 -------- d-----w- c:\program files (x86)\Hewlett-Packard
    2011-08-25 00:12 . 2011-08-25 00:12 -------- d-----w- c:\users\Marc\AppData\Roaming\Jason Robitaille
    2011-08-24 23:47 . 2011-08-24 23:47 -------- d-----w- c:\program files\DIFX
    2011-08-24 23:47 . 2011-08-24 23:47 -------- d-----w- c:\program files\Palm, Inc
    2011-08-24 22:17 . 2011-08-24 22:17 -------- d-----w- c:\windows\Sun
    2011-08-24 20:35 . 2011-08-24 20:35 -------- d-----w- c:\program files (x86)\MSECache
    2011-08-24 07:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 07:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-08-22 06:31 . 2011-08-22 06:31 -------- d-----w- c:\users\Marc\AppData\Roaming\Malwarebytes
    2011-08-16 18:44 . 2011-08-16 18:48 -------- d-----w- c:\users\Marc\AppData\Roaming\TeamViewer
    2011-08-15 10:27 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-08-15 10:27 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-08-15 10:27 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-08-15 10:27 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-08-15 10:27 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-08-14 14:50 . 2011-09-12 23:47 -------- d-----w- c:\users\Marc\AppData\Roaming\Mipony
    2011-08-14 14:30 . 2011-09-13 00:06 -------- d-----w- c:\users\Marc\AppData\Roaming\DisplayFusion
    2011-08-14 00:25 . 2011-08-15 17:12 -------- d-----w- c:\users\Marc\AppData\Roaming\Rainmeter
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-18 23:04 . 2011-07-30 19:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-12 04:10 . 2011-07-31 20:53 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-08-08 19:30 . 2011-08-08 19:30 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-07-30 19:40 . 2011-08-11 07:29 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-07-30 19:13 . 2011-07-30 19:13 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-07-16 05:41 . 2011-08-11 04:51 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-11 04:51 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-11 04:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-11 04:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-16 05:37 . 2011-08-11 04:51 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-11 04:51 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26 . 2011-08-11 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-11 04:51 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-11 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-11 04:51 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-11 04:51 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-11 04:51 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-11 04:51 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-12 15:34 . 2011-07-12 15:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-07-12 15:34 . 2011-07-12 15:34 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-07-12 15:34 . 2011-07-12 15:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
    2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-07-12 15:20 . 2011-07-12 15:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-07-09 02:46 . 2011-08-11 04:52 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-07-06 23:52 . 2011-07-30 19:30 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-06 23:52 . 2011-07-30 19:30 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-24 05:34 . 2011-08-11 04:51 214528 ----a-w- c:\windows\system32\winsrv.dll
    2011-06-24 05:25 . 2011-08-11 04:51 338432 ----a-w- c:\windows\system32\conhost.exe
    2011-06-23 05:43 . 2011-08-11 04:51 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-23 04:33 . 2011-08-11 04:51 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-06-23 04:33 . 2011-08-11 04:51 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-06-21 06:34 . 2011-08-11 04:51 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 10:02 . 2011-08-11 04:52 212992 ----a-w- c:\windows\system32\odbctrac.dll
    2011-06-15 10:02 . 2011-08-11 04:52 163840 ----a-w- c:\windows\system32\odbccp32.dll
    2011-06-15 10:02 . 2011-08-11 04:52 106496 ----a-w- c:\windows\system32\odbccu32.dll
    2011-06-15 10:02 . 2011-08-11 04:52 106496 ----a-w- c:\windows\system32\odbccr32.dll
    2011-06-15 08:55 . 2011-08-11 04:52 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
    2011-06-15 08:55 . 2011-08-11 04:52 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
    2011-06-15 08:55 . 2011-08-11 04:52 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
    2011-06-15 08:55 . 2011-08-11 04:52 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
    2011-06-15 08:55 . 2011-08-11 04:52 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Marc\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "DisplayFusion"="i:\program files\DisplayFusion\DisplayFusion.exe" [2010-09-14 1275624]
    "MurGee.com Auto Clicker"="i:\program files\Auto Clicker\AutoClicker.exe" [2011-05-05 40960]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-22 5471104]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "StartCCC"="i:\graphics card\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - i:\program files\RainMeter\Rainmeter.exe [2011-8-7 102912]
    SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-22 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
    S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
    S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 137.99.25.14 137.99.203.20
    FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: browser.search.selectedEngine - Amazon.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    c:\program files (x86)\SafeConnect\scManager.sys
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-12 20:10:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-13 00:10
    .
    Pre-Run: 3,864,207,360 bytes free
    Post-Run: 3,814,977,536 bytes free
    .
    - - End Of File - - 2FACB54C4D7A9EFB1ED36A1E6A9FBB1E
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good now.

    How are the issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    It seems the IP block for skype went away for Malwarebytes. Here's my protection log for Malwarebytes from 9/12/11 (I ran OTL today 9/13/11):

    10:50:43 Marc MESSAGE Protection started successfully
    10:50:47 Marc MESSAGE IP Protection started successfully
    10:51:50 Marc MESSAGE Scheduled update executed successfully
    10:52:09 Marc MESSAGE IP Protection stopped
    10:52:11 Marc MESSAGE Database updated successfully
    10:52:11 Marc MESSAGE IP Protection started successfully
    11:32:04 Marc IP-BLOCK 217.23.7.103 (Type: outgoing, Port: 1571, Process: skype.exe)
    11:32:12 Marc IP-BLOCK 217.23.7.103 (Type: outgoing, Port: 1571, Process: skype.exe)
    11:32:12 Marc IP-BLOCK 217.23.7.103 (Type: outgoing, Port: 1571, Process: skype.exe)
    18:12:23 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 61724, Process: firefox.exe)
    18:12:31 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 61732, Process: firefox.exe)
    18:12:39 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 61739, Process: firefox.exe)
    18:12:47 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 61747, Process: firefox.exe)
    18:12:55 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 61754, Process: firefox.exe)
    18:13:03 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 61763, Process: firefox.exe)
    18:19:19 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 62047, Process: firefox.exe)
    18:19:27 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 62054, Process: firefox.exe)
    18:19:35 Marc IP-BLOCK 78.140.143.49 (Type: outgoing, Port: 62061, Process: firefox.exe)
    19:01:33 Marc MESSAGE Scheduled update executed successfully
    19:01:36 Marc MESSAGE IP Protection stopped
    19:01:38 Marc MESSAGE Database updated successfully
    19:01:38 Marc MESSAGE IP Protection started successfully
    20:11:44 Marc MESSAGE Protection started successfully
    20:11:48 Marc MESSAGE IP Protection started successfully
    20:18:17 Marc MESSAGE IP Protection stopped
    20:18:18 Marc MESSAGE Database updated successfully
    20:18:18 Marc MESSAGE IP Protection started successfully
    22:24:29 Marc MESSAGE IP Protection stopped

    OTL
    OTL logfile created on: 9/13/2011 12:54:17 AM - Run 1
    OTL by OldTimer - Version 3.2.28.0 Folder = K:\
    64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.98 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 64.59% Memory free
    7.96 Gb Paging File | 6.04 Gb Available in Paging File | 75.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 29.59 Gb Total Space | 3.97 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 851.15 Gb Free Space | 91.37% Space Free | Partition Type: NTFS
    Drive K: | 931.51 Gb Total Space | 633.62 Gb Free Space | 68.02% Space Free | Partition Type: NTFS

    Computer Name: ZEUS | User Name: Marc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/13 00:34:49 | 000,581,632 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
    PRC - [2011/09/12 10:48:55 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
    PRC - [2011/09/12 10:48:53 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/01/28 01:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    PRC - [2011/01/28 01:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/03/05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2010/03/05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe
    MOD - [2009/07/31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/22 08:34:30 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/09/12 10:48:53 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/07/30 15:35:09 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/01/28 01:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
    SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/08/22 08:34:30 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 05:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/08/16 06:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 CE 64 FD E9 4E CC 01 [binary data]
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.10.2065
    FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.9.5
    FF - prefs.js..extensions.enabledItems: hpPlay-feather@hp.com:999.999.999.999.8
    FF - prefs.js..extensions.enabledItems: hpPlayUI@hp.com:1.0.69.195.10
    FF - prefs.js..extensions.enabledItems: langpack-de@songbirdnest.com:1.9.5.1309780384
    FF - prefs.js..extensions.enabledItems: langpack-es-ES@songbirdnest.com:1.9.5.1307962821
    FF - prefs.js..extensions.enabledItems: langpack-fr@songbirdnest.com:1.9.5.1310986815
    FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.6.2065
    FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.9.5
    FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.9.2065
    FF - prefs.js..extensions.enabledItems: webOS-Device-Settings@hp.com:1.0.75.195
    FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.9.2065

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/08 10:32:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/08 23:23:11 | 000,000,000 | ---D | M]

    [2011/08/24 21:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Extensions
    [2011/08/24 21:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2011/09/08 10:32:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\extensions
    [2011/09/08 10:32:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/07/30 15:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/07/30 15:13:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\GONZO@SONGBIRDNEST.COM
    [2011/08/24 21:41:04 | 000,000,000 | ---D | M] (hpPlay-feather) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\HPPLAY-FEATHER@HP.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] (HP Play UI) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\HPPLAYUI@HP.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] ("German (de) Language Pack") -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\LANGPACK-DE@SONGBIRDNEST.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] ("Spanish (Spain) (es-ES) Language Pack") -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\LANGPACK-ES-ES@SONGBIRDNEST.COM
    [2011/08/24 21:41:07 | 000,000,000 | ---D | M] ("French (fr) Language Pack") -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\LANGPACK-FR@SONGBIRDNEST.COM
    [2011/08/24 21:41:04 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\MSC@SONGBIRDNEST.COM
    [2011/08/24 21:41:07 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
    [2011/08/24 21:41:05 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM
    [2011/08/24 21:41:05 | 000,000,000 | ---D | M] (webOS Device Settings Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\WEBOS-DEVICE-SETTINGS@HP.COM
    [2011/08/24 21:41:03 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM
    [2011/09/08 10:32:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/12 20:09:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] I:\Graphics Card\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [DisplayFusion] I:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [F.lux] C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [MurGee.com Auto Clicker] I:\Program Files\Auto Clicker\AutoClicker.exe (MurGee.com)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2239900851-650497478-327460002-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2239900851-650497478-327460002-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.99.25.14 137.99.203.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25446B41-60E0-4B2E-B37D-0A85E0AD997F}: DhcpNameServer = 137.99.25.14 137.99.203.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36A398D-1FBB-4A84-BCF3-F07430401293}: DhcpNameServer = 137.99.25.14 137.99.203.20
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/13 16:24:35 | 000,000,000 | RH-D | M] - K:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - K:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/12 20:11:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/09/12 20:09:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/09/12 20:06:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/12 20:06:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/12 20:06:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/12 20:06:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/12 20:06:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/09 17:25:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marc\Desktop\dds.scr
    [2011/09/08 17:08:35 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
    [2011/09/08 01:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2011/09/07 01:48:47 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Identifier
    [2011/09/07 01:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Identifier
    [2011/09/05 13:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FitDay
    [2011/09/05 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Anki
    [2011/09/05 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\.anki
    [2011/09/05 01:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2011/09/03 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafeConnect
    [2011/09/02 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\ImgBurn
    [2011/09/01 10:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nintendo 64
    [2011/09/01 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sega Genesis Mega Drive
    [2011/09/01 10:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nintendo (NES)
    [2011/09/01 10:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Nintendo (SNES)
    [2011/08/24 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Any Video Converter
    [2011/08/24 21:55:04 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\AnvSoft
    [2011/08/24 21:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2011/08/24 21:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
    [2011/08/24 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\HPPlay
    [2011/08/24 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\HPPlay
    [2011/08/24 21:41:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Play
    [2011/08/24 21:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2011/08/24 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Jason Robitaille
    [2011/08/24 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2011/08/24 19:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
    [2011/08/24 18:17:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/08/24 16:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
    [2011/08/22 02:31:33 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Malwarebytes
    [2011/08/17 23:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
    [2011/08/16 14:44:19 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\TeamViewer
    [2011/08/14 14:30:40 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Mipony
    [2011/08/14 12:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaversPlanet.com
    [2011/08/14 10:50:58 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Mipony
    [2011/08/14 10:50:54 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiPony
    [2011/08/14 10:50:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
    [2011/08/14 10:30:12 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\DisplayFusion
    [2011/08/14 10:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion

    ========== Files - Modified Within 30 Days ==========

    [2011/09/13 00:54:57 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/13 00:54:57 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/13 00:52:47 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/09/13 00:52:47 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/09/13 00:52:47 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/09/13 00:47:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/13 00:47:47 | 3207,315,456 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/12 20:09:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/09/09 17:30:32 | 000,302,592 | ---- | M] () -- C:\Users\Marc\Desktop\i9noelp6.exe
    [2011/09/09 17:25:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marc\Desktop\dds.scr
    [2011/09/08 17:08:35 | 000,000,652 | ---- | M] () -- C:\Users\Marc\Desktop\PokerStove.lnk
    [2011/09/08 17:08:35 | 000,000,652 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStove.lnk
    [2011/09/08 15:27:16 | 650,127,108 | R--- | M] () -- C:\Users\Marc\Desktop\10NLLive.avi
    [2011/09/08 11:05:08 | 000,669,762 | ---- | M] () -- C:\Users\Marc\Desktop\RelativeResourceManager.pdf
    [2011/09/05 13:19:17 | 000,000,473 | ---- | M] () -- C:\Users\Marc\Desktop\Anki.lnk
    [2011/09/03 11:29:17 | 000,000,770 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
    [2011/09/01 11:29:33 | 000,000,923 | ---- | M] () -- C:\Users\Marc\Desktop\ePSXe - Shortcut.lnk
    [2011/09/01 10:54:23 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\Super Nintendo (SNES).lnk
    [2011/09/01 10:41:37 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Nintendo 64.lnk
    [2011/09/01 10:39:09 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Sega Genesis Mega Drive.lnk
    [2011/09/01 10:36:52 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\Nintendo (NES).lnk
    [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/08/30 10:55:30 | 000,001,014 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/08/24 20:24:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2011/08/15 14:03:54 | 000,001,437 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/08/15 14:01:51 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/08/15 14:01:51 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/08/14 10:50:54 | 000,000,672 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk

    ========== Files Created - No Company Name ==========

    [2011/09/12 20:06:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/12 20:06:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/12 20:06:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/12 20:06:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/12 20:06:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/09 17:30:29 | 000,302,592 | ---- | C] () -- C:\Users\Marc\Desktop\i9noelp6.exe
    [2011/09/08 17:08:35 | 000,000,652 | ---- | C] () -- C:\Users\Marc\Desktop\PokerStove.lnk
    [2011/09/08 17:08:35 | 000,000,652 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStove.lnk
    [2011/09/08 15:11:24 | 650,127,108 | R--- | C] () -- C:\Users\Marc\Desktop\10NLLive.avi
    [2011/09/05 13:19:17 | 000,000,473 | ---- | C] () -- C:\Users\Marc\Desktop\Anki.lnk
    [2011/09/05 13:19:17 | 000,000,473 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
    [2011/09/05 13:12:25 | 000,669,762 | ---- | C] () -- C:\Users\Marc\Desktop\RelativeResourceManager.pdf
    [2011/09/03 11:29:17 | 000,000,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
    [2011/09/02 10:44:12 | 185,401,344 | ---- | C] () -- C:\Users\Marc\Desktop\XP.PE.iso
    [2011/09/01 11:29:33 | 000,000,923 | ---- | C] () -- C:\Users\Marc\Desktop\ePSXe - Shortcut.lnk
    [2011/09/01 10:54:23 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\Super Nintendo (SNES).lnk
    [2011/09/01 10:41:37 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\Nintendo 64.lnk
    [2011/09/01 10:39:09 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Sega Genesis Mega Drive.lnk
    [2011/09/01 10:36:52 | 000,000,827 | ---- | C] () -- C:\Users\Public\Desktop\Nintendo (NES).lnk
    [2011/08/30 10:55:30 | 000,001,014 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/08/24 20:24:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2011/08/15 14:01:51 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/08/15 14:01:51 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/08/14 10:50:54 | 000,000,672 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
    [2011/08/10 15:40:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/08/08 17:01:42 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
    [2011/08/06 08:51:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/07/30 15:31:18 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/30 14:59:12 | 000,034,655 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2011/07/30 14:58:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/07/30 14:58:15 | 000,023,381 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2011/03/26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/03/26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/03/26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2011/09/05 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.anki
    [2011/08/08 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\acccore
    [2011/08/24 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\AnvSoft
    [2011/07/30 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DeviceVm
    [2011/09/13 00:53:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DisplayFusion
    [2011/09/13 00:48:02 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox
    [2011/08/08 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\HEM Data
    [2011/08/08 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\HoldemManager
    [2011/09/02 10:48:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ImgBurn
    [2011/08/24 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Jason Robitaille
    [2011/09/13 00:48:28 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Mipony
    [2011/08/08 16:02:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OpenOffice.org
    [2011/08/15 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Rainmeter
    [2011/08/13 19:19:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\rinsebyreal
    [2011/08/16 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer
    [2011/09/13 00:43:08 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeraCopy
    [2009/07/14 01:08:49 | 000,017,878 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/09/12 20:10:59 | 000,028,910 | ---- | M] () -- C:\ComboFix.txt
    [2011/09/13 00:47:47 | 3207,315,456 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/08 16:37:12 | 000,000,371 | -H-- | M] () -- C:\IPH.PH
    [2011/09/13 00:47:48 | 4276,424,704 | -HS- | M] () -- C:\pagefile.sys
    [2011/07/30 15:00:28 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011/08/08 16:38:11 | 000,068,126 | ---- | M] () -- C:\Program Files (x86)\hminstalllog.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/15 14:03:54 | 000,000,221 | -HS- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/09 17:30:32 | 000,302,592 | ---- | M] () -- C:\Users\Marc\Desktop\i9noelp6.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/07/30 14:48:59 | 000,000,402 | -HS- | M] () -- C:\Users\Marc\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    Extras
    OTL Extras logfile created on: 9/13/2011 12:54:17 AM - Run 1
    OTL by OldTimer - Version 3.2.28.0 Folder = K:\
    64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.98 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 64.59% Memory free
    7.96 Gb Paging File | 6.04 Gb Available in Paging File | 75.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 29.59 Gb Total Space | 3.97 Gb Free Space | 13.41% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 851.15 Gb Free Space | 91.37% Space Free | Partition Type: NTFS
    Drive K: | 931.51 Gb Total Space | 633.62 Gb Free Space | 68.02% Space Free | Partition Type: NTFS

    Computer Name: ZEUS | User Name: Marc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
    "{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
    "{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
    "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    "CCleaner" = CCleaner
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "Defraggler" = Defraggler
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "TeraCopy_is1" = TeraCopy 2.2
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{039D5969-38EE-D83C-4009-6D4202602665}" = Application Profiles
    "{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
    "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
    "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
    "{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
    "{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
    "{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1" = Auto Clicker v1.1
    "{DE5438FB-7DB6-4693-B7F2-1222C5FA18A8}" = HP Play [beta]
    "{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
    "{E31E8CDA-7D26-4ec1-9862-5780AF65DA65}_is1" = GizmoRip version 3.007
    "{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1ABF9E0-CB10-4b06-8164-BFEB7E2ABEE6}_is1" = GizmoTrim version 0.402
    "{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.5
    "{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
    "{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
    "{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AIM_7" = AIM 7
    "Anki" = Anki
    "Any Video Converter_is1" = Any Video Converter 3.2.7
    "AutoHotkey" = AutoHotkey 1.1.02.00
    "B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.2.0
    "FitDay_is1" = FitDay
    "Fractal Dragon Screensaver_is1" = Fractal Dragon Screensaver 1.0
    "HoldemManager" = Holdem Manager
    "ImgBurn" = ImgBurn
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MiPony" = MiPony 1.5.0
    "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
    "Nintendo (NES)" = Nintendo (NES)
    "Nintendo 64" = Nintendo 64
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "Rainmeter" = Rainmeter
    "SafeConnect" = SafeConnect
    "Sega Genesis Mega Drive" = Sega Genesis Mega Drive
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Super Nintendo (SNES)" = Super Nintendo (SNES)
    "TeamViewer 6" = TeamViewer 6
    "VLC media player" = VLC media player 1.1.11

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Flux" = F.lux

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/4/2011 3:13:29 AM | Computer Name = Zeus | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/4/2011 12:54:52 PM | Computer Name = Zeus | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/4/2011 1:29:46 PM | Computer Name = Zeus | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/5/2011 1:10:34 AM | Computer Name = Zeus | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "I:\Program Files\Miscellaneous
    Downloads\SoftonicDownloader_for_f-lux.exe".Error in manifest or policy file ""
    on line . A component version required by the application conflicts with another
    component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

    Error - 9/5/2011 1:57:35 AM | Computer Name = Zeus | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/5/2011 1:03:43 PM | Computer Name = Zeus | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 9/5/2011 1:03:43 PM | Computer Name = Zeus | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 9/5/2011 1:32:28 PM | Computer Name = Zeus | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/5/2011 4:09:52 PM | Computer Name = Zeus | Source = Application Error | ID = 1000
    Description = Faulting application name: Rainmeter.exe, version: 2.1.0.895, time
    stamp: 0x4e3e7f9b Faulting module name: NowPlaying.dll, version: 1.1.3.4, time stamp:
    0x4e36dc79 Exception code: 0xc0000005 Fault offset: 0x00000000000156ab Faulting process
    id: 0xa84 Faulting application start time: 0x01cc6acb3c2c6f62 Faulting application
    path: I:\Program Files\RainMeter\Rainmeter.exe Faulting module path: I:\Program
    Files\RainMeter\Plugins\NowPlaying.dll Report Id: 03501d65-d7fb-11e0-8fef-bcaec570d710

    Error - 9/6/2011 12:07:55 PM | Computer Name = Zeus | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    [ System Events ]
    Error - 9/9/2011 2:04:39 AM | Computer Name = Zeus | Source = DCOM | ID = 10010
    Description =

    Error - 9/9/2011 10:09:30 AM | Computer Name = Zeus | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 9/9/2011 5:37:50 PM | Computer Name = Zeus | Source = DCOM | ID = 10010
    Description =

    Error - 9/9/2011 8:46:32 PM | Computer Name = Zeus | Source = DCOM | ID = 10010
    Description =

    Error - 9/12/2011 8:07:34 PM | Computer Name = Zeus | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/12/2011 8:08:40 PM | Computer Name = Zeus | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 9/12/2011 8:08:52 PM | Computer Name = Zeus | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 9/12/2011 8:09:04 PM | Computer Name = Zeus | Source = DCOM | ID = 10010
    Description =

    Error - 9/12/2011 10:26:24 PM | Computer Name = Zeus | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 9/13/2011 12:47:03 AM | Computer Name = Zeus | Source = DCOM | ID = 10010
    Description =


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    OTL log looks perfectly clean :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    I did step 1 and it said I had the recommended version of Java so I proceeded to step 2. Is the Java Removal Log okay so that I can reinstall Java now? Also is there anything that I downloaded that I absolutely should not delete? My desktop looks a little messy and I like to have nothing on my desktop. Thanks! =D

    Java

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Sep 13 16:11:57 2011

    Found and removed: Applications\java.exe

    Found and removed: Applications\javaw.exe

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: JavaScript

    Found and removed: JavaScript Author

    Found and removed: JavaScript1.1

    Found and removed: JavaScript1.1 Author

    Found and removed: JavaScript1.2

    Found and removed: JavaScript1.2 Author

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

    Found and removed: Software\JavaSoft\Java Update

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\JavaPlugin

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.2

    Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

    ------------------------------------

    Finished reporting.



    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Tue Sep 13 16:12:05 2011

    Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

    Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

    ------------------------------------

    Finished reporting.

    Temp file cleaner
    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 7
    Adobe Flash Player 10.3.183.5
    Adobe Reader X (10.1.0)
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    ESET Online Scanner
    I:\Program Files\Miscellaneous Downloads\cnet_AudioIdentifier_setup_exe.exe a variant of Win32/InstallCore.C application cleaned by deleting - quarantined
    K:\my computer 8-3\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application deleted - quarantined
    K:\my computer 8-3\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
    K:\my computer 8-3\Documents and Settings\hp\My Documents\Downloads\toolbar.exe Win32/Toolbar.MegaUpload application deleted - quarantined
    K:\my computer 8-3\Program Files\Common Files\AOL\Backup\ACS\Rollback\Suite\comps\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
    K:\my computer 8-3\Program Files\Common Files\AOL\Backup\ACS\Rollback\US\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
    K:\my computer 8-3\Program Files\Common Files\AOL\Backup\ACS\Rollback\US\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan deleted - quarantined
    K:\my computer 8-3\Program Files\MegauploadToolbar\megauploadtoolbar.dll Win32/Toolbar.MegaUpload application cleaned by deleting - quarantined
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  12. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    Windows updates are current. WOT is downloaded. Malwarebytes's quick scan produced no sign of malicious content. I ran TFC and I'll continue to do it weekly. I ran PSI and only had to patch Adobe Flash Player 10.0. I downloaded FileHippo to keep up to date with programs. I already do custom installations (accidentally had chrome get downloaded with something on another computer once, man did I learn my lesson after that). I read the steps and that seemed really helpful, thanks for that. My computer seems to be doing really well... although I shouldn't have run into any problems since I just built it last month. The only annoyance after all this is that my boot time has gone up by 16 seconds (was 30 seconds hooray for SSDs). Small price to pay though for a clean computer I guess (soluto.com shows you your boot time and ways to reduce it etc). If I run into any more issues (although I really really hope I don't), I'll be sure to make a new thread. Thanks a ton for all the help you've given me with cleaning up my computer. Take it easy.

    OTL LOG
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Marc
    ->Temp folder emptied: 3280190 bytes
    ->Temporary Internet Files folder emptied: 3116435 bytes
    ->Java cache emptied: 3341724 bytes
    ->FireFox cache emptied: 43706132 bytes
    ->Flash cache emptied: 57177 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 22676 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 51.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Marc
    ->Flash cache emptied: 0 bytes

    User: postgres
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.28.0 log created on 09142011_033236

    Files\Folders moved on Reboot...
    C:\Users\Marc\AppData\Local\Temp\ammemb.dll moved successfully.
    C:\Users\Marc\AppData\Local\Temp\ammemb64.dll moved successfully.
    C:\Users\Marc\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\e-cs[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\like[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\like[2].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\like[3].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\like[4].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\like[5].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\st[1] moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W7O57A5L\u_9[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70FP29AG\follow_button[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70FP29AG\like[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70FP29AG\like[2].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70FP29AG\st[1] moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70FP29AG\st[2] moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70FP29AG\tweet_button[3].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MN1HDXG\blog[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MN1HDXG\cs[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MN1HDXG\like[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MN1HDXG\like[2].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\am[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\blank[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[10].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[2].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[3].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[4].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[5].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[6].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[7].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[8].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\fastbutton[9].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\iframe3[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\iu3[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\like[1].htm moved successfully.
    C:\Users\Marc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I43W4JS\x113[1].htm moved successfully.

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  14. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    It looks like I'm getting the IP block again....

    This is the protection log from Malwarebytes on 9/19/11. What do you want me to do? Should I just ignore these IP blocks or...? I've been staying in the green with WOT and can't think of anything I've done that could cause this.

    08:42:27 Marc MESSAGE Protection started successfully
    08:42:31 Marc MESSAGE IP Protection started successfully
    08:43:28 Marc ERROR Scheduled update failed: SSL Exception failed with error code 0
    10:51:48 Marc IP-BLOCK 200.63.44.100 (Type: outgoing, Port: 1571, Process: skype.exe)
    10:51:48 Marc IP-BLOCK 200.63.44.100 (Type: outgoing, Port: 1571, Process: skype.exe)
    10:51:56 Marc IP-BLOCK 200.63.44.100 (Type: outgoing, Port: 1571, Process: skype.exe)
    11:32:38 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:38 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:38 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:38 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: svchost.exe)
    11:32:38 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 443, Process: skype.exe)
    11:32:38 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 80, Process: skype.exe)
    11:32:46 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:46 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:46 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 443, Process: skype.exe)
    11:32:46 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 80, Process: skype.exe)
    11:32:46 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:46 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 1571, Process: skype.exe)
    11:32:54 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 443, Process: skype.exe)
    11:32:54 Marc IP-BLOCK 98.142.245.108 (Type: incoming, Port: 80, Process: skype.exe)
    11:51:44 Marc IP-BLOCK 193.169.40.7 (Type: outgoing, Port: 1571, Process: skype.exe)
    11:51:44 Marc IP-BLOCK 193.169.40.7 (Type: outgoing, Port: 1571, Process: skype.exe)
    11:51:52 Marc IP-BLOCK 193.169.40.7 (Type: outgoing, Port: 1571, Process: skype.exe)
    15:26:52 Marc IP-BLOCK 212.117.176.81 (Type: outgoing, Port: 60965, Process: skype.exe)
    15:26:52 Marc IP-BLOCK 212.117.176.81 (Type: outgoing, Port: 60966, Process: skype.exe)
    15:26:52 Marc IP-BLOCK 212.117.176.81 (Type: outgoing, Port: 60967, Process: skype.exe)
    15:26:52 Marc IP-BLOCK 212.117.176.81 (Type: outgoing, Port: 60968, Process: skype.exe)
    15:27:08 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 1571, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 1571, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 1571, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 443, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 1571, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 80, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 443, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 80, Process: skype.exe)
    15:27:16 Marc IP-BLOCK 89.28.2.222 (Type: incoming, Port: 1571, Process: skype.exe)
    15:47:00 Marc MESSAGE Scheduled scan executed successfully
    17:37:27 Marc IP-BLOCK 217.23.7.103 (Type: outgoing, Port: 1571, Process: skype.exe)
    17:37:35 Marc IP-BLOCK 217.23.7.103 (Type: outgoing, Port: 1571, Process: skype.exe)
    17:49:20 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 1571, Process: skype.exe)
    17:49:20 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 1571, Process: skype.exe)
    17:49:28 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 443, Process: skype.exe)
    17:49:28 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 80, Process: skype.exe)
    17:49:28 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 1571, Process: skype.exe)
    17:49:28 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 1571, Process: skype.exe)
    17:49:28 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 443, Process: skype.exe)
    17:49:28 Marc IP-BLOCK 195.216.162.133 (Type: incoming, Port: 80, Process: skype.exe)
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    2011/09/20 20:58:42.0020 5924 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
    2011/09/20 20:58:42.0237 5924 ================================================================================
    2011/09/20 20:58:42.0237 5924 SystemInfo:
    2011/09/20 20:58:42.0237 5924
    2011/09/20 20:58:42.0237 5924 OS Version: 6.1.7601 ServicePack: 1.0
    2011/09/20 20:58:42.0237 5924 Product type: Workstation
    2011/09/20 20:58:42.0237 5924 ComputerName: ZEUS
    2011/09/20 20:58:42.0237 5924 UserName: Marc
    2011/09/20 20:58:42.0237 5924 Windows directory: C:\Windows
    2011/09/20 20:58:42.0237 5924 System windows directory: C:\Windows
    2011/09/20 20:58:42.0237 5924 Running under WOW64
    2011/09/20 20:58:42.0238 5924 Processor architecture: Intel x64
    2011/09/20 20:58:42.0238 5924 Number of processors: 8
    2011/09/20 20:58:42.0238 5924 Page size: 0x1000
    2011/09/20 20:58:42.0238 5924 Boot type: Normal boot
    2011/09/20 20:58:42.0238 5924 ================================================================================
    2011/09/20 20:58:43.0027 5924 Initialize success
    2011/09/20 20:58:47.0815 5888 ================================================================================
    2011/09/20 20:58:47.0815 5888 Scan started
    2011/09/20 20:58:47.0815 5888 Mode: Manual;
    2011/09/20 20:58:47.0815 5888 ================================================================================
    2011/09/20 20:58:48.0002 5888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/20 20:58:48.0015 5888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/20 20:58:48.0026 5888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/20 20:58:48.0050 5888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    2011/09/20 20:58:48.0066 5888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    2011/09/20 20:58:48.0079 5888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    2011/09/20 20:58:48.0125 5888 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/20 20:58:48.0138 5888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/20 20:58:48.0150 5888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/20 20:58:48.0168 5888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/20 20:58:48.0178 5888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    2011/09/20 20:58:48.0289 5888 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/20 20:58:48.0403 5888 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/09/20 20:58:48.0413 5888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    2011/09/20 20:58:48.0424 5888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/20 20:58:48.0440 5888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    2011/09/20 20:58:48.0450 5888 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/20 20:58:48.0461 5888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/20 20:58:48.0489 5888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    2011/09/20 20:58:48.0500 5888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    2011/09/20 20:58:48.0510 5888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/20 20:58:48.0524 5888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/20 20:58:48.0539 5888 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
    2011/09/20 20:58:48.0561 5888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    2011/09/20 20:58:48.0584 5888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/20 20:58:48.0602 5888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/20 20:58:48.0617 5888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/20 20:58:48.0639 5888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/20 20:58:48.0648 5888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    2011/09/20 20:58:48.0658 5888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    2011/09/20 20:58:48.0680 5888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/20 20:58:48.0691 5888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/20 20:58:48.0701 5888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/20 20:58:48.0719 5888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/20 20:58:48.0729 5888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    2011/09/20 20:58:48.0745 5888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/20 20:58:48.0763 5888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/20 20:58:48.0799 5888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    2011/09/20 20:58:48.0812 5888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/20 20:58:48.0840 5888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    2011/09/20 20:58:48.0850 5888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/20 20:58:48.0865 5888 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/20 20:58:48.0886 5888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    2011/09/20 20:58:48.0897 5888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/09/20 20:58:48.0910 5888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    2011/09/20 20:58:48.0937 5888 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    2011/09/20 20:58:48.0960 5888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/20 20:58:48.0970 5888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/20 20:58:48.0990 5888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    2011/09/20 20:58:49.0000 5888 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    2011/09/20 20:58:49.0017 5888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/20 20:58:49.0044 5888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/20 20:58:49.0089 5888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    2011/09/20 20:58:49.0142 5888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    2011/09/20 20:58:49.0156 5888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/20 20:58:49.0175 5888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/20 20:58:49.0195 5888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/20 20:58:49.0207 5888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    2011/09/20 20:58:49.0224 5888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/20 20:58:49.0242 5888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/20 20:58:49.0252 5888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    2011/09/20 20:58:49.0265 5888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/20 20:58:49.0289 5888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/20 20:58:49.0299 5888 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/20 20:58:49.0311 5888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/20 20:58:49.0330 5888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    2011/09/20 20:58:49.0341 5888 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/20 20:58:49.0354 5888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/20 20:58:49.0398 5888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/20 20:58:49.0417 5888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/20 20:58:49.0430 5888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    2011/09/20 20:58:49.0451 5888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    2011/09/20 20:58:49.0462 5888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    2011/09/20 20:58:49.0477 5888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/20 20:58:49.0502 5888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/20 20:58:49.0520 5888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/20 20:58:49.0536 5888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/20 20:58:49.0557 5888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/20 20:58:49.0574 5888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/20 20:58:49.0714 5888 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/20 20:58:49.0862 5888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    2011/09/20 20:58:49.0902 5888 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/09/20 20:58:49.0920 5888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/20 20:58:49.0938 5888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/20 20:58:49.0950 5888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/20 20:58:49.0963 5888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/20 20:58:49.0974 5888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/20 20:58:49.0995 5888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/20 20:58:50.0006 5888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/20 20:58:50.0018 5888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/20 20:58:50.0038 5888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/20 20:58:50.0048 5888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/20 20:58:50.0062 5888 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/20 20:58:50.0071 5888 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/20 20:58:50.0089 5888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/20 20:58:50.0109 5888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/20 20:58:50.0162 5888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    2011/09/20 20:58:50.0179 5888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    2011/09/20 20:58:50.0189 5888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    2011/09/20 20:58:50.0201 5888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/09/20 20:58:50.0221 5888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/20 20:58:50.0231 5888 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
    2011/09/20 20:58:50.0246 5888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    2011/09/20 20:58:50.0273 5888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    2011/09/20 20:58:50.0290 5888 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/09/20 20:58:50.0316 5888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/20 20:58:50.0331 5888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/20 20:58:50.0349 5888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/20 20:58:50.0385 5888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/20 20:58:50.0395 5888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/20 20:58:50.0417 5888 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/20 20:58:50.0444 5888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/20 20:58:50.0461 5888 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/20 20:58:50.0480 5888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/20 20:58:50.0493 5888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/20 20:58:50.0505 5888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/20 20:58:50.0527 5888 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/20 20:58:50.0540 5888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/20 20:58:50.0550 5888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/20 20:58:50.0571 5888 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/20 20:58:50.0589 5888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/20 20:58:50.0600 5888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/20 20:58:50.0617 5888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/20 20:58:50.0633 5888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/20 20:58:50.0646 5888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/20 20:58:50.0664 5888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/20 20:58:50.0678 5888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/20 20:58:50.0693 5888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/20 20:58:50.0711 5888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/20 20:58:50.0722 5888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    2011/09/20 20:58:50.0733 5888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/20 20:58:50.0757 5888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/20 20:58:50.0779 5888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/20 20:58:50.0798 5888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/20 20:58:50.0815 5888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/20 20:58:50.0826 5888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/20 20:58:50.0838 5888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/20 20:58:50.0857 5888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/20 20:58:50.0867 5888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/20 20:58:50.0880 5888 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/20 20:58:50.0916 5888 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
    2011/09/20 20:58:50.0935 5888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    2011/09/20 20:58:50.0948 5888 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/20 20:58:50.0971 5888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/20 20:58:50.0984 5888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/20 20:58:51.0012 5888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/20 20:58:51.0044 5888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/20 20:58:51.0056 5888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/20 20:58:51.0068 5888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/20 20:58:51.0086 5888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/20 20:58:51.0097 5888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/20 20:58:51.0113 5888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/20 20:58:51.0130 5888 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/20 20:58:51.0160 5888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/20 20:58:51.0175 5888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/20 20:58:51.0195 5888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    2011/09/20 20:58:51.0208 5888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/20 20:58:51.0225 5888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/20 20:58:51.0279 5888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/20 20:58:51.0290 5888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    2011/09/20 20:58:51.0307 5888 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/20 20:58:51.0325 5888 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    2011/09/20 20:58:51.0354 5888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    2011/09/20 20:58:51.0388 5888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    2011/09/20 20:58:51.0408 5888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/20 20:58:51.0418 5888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/20 20:58:51.0429 5888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/20 20:58:51.0449 5888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/20 20:58:51.0462 5888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/20 20:58:51.0473 5888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/20 20:58:51.0494 5888 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/20 20:58:51.0506 5888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/20 20:58:51.0517 5888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/20 20:58:51.0540 5888 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/20 20:58:51.0551 5888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/20 20:58:51.0566 5888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/20 20:58:51.0585 5888 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/20 20:58:51.0599 5888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/20 20:58:51.0623 5888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/20 20:58:51.0645 5888 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/20 20:58:51.0657 5888 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/20 20:58:51.0666 5888 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    2011/09/20 20:58:51.0673 5888 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    2011/09/20 20:58:51.0692 5888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/20 20:58:51.0711 5888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/20 20:58:51.0731 5888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/20 20:58:51.0753 5888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/20 20:58:51.0771 5888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/20 20:58:51.0782 5888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    2011/09/20 20:58:51.0802 5888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/20 20:58:51.0821 5888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/20 20:58:51.0832 5888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/20 20:58:51.0842 5888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    2011/09/20 20:58:51.0866 5888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    2011/09/20 20:58:51.0878 5888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    2011/09/20 20:58:51.0889 5888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/20 20:58:51.0916 5888 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys
    2011/09/20 20:58:51.0928 5888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/20 20:58:51.0951 5888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/20 20:58:51.0975 5888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/20 20:58:51.0990 5888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/20 20:58:52.0007 5888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    2011/09/20 20:58:52.0028 5888 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/20 20:58:52.0041 5888 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    2011/09/20 20:58:52.0052 5888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/20 20:58:52.0098 5888 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/20 20:58:52.0138 5888 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/20 20:58:52.0172 5888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/20 20:58:52.0191 5888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/20 20:58:52.0208 5888 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/20 20:58:52.0220 5888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/20 20:58:52.0241 5888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/20 20:58:52.0265 5888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/20 20:58:52.0275 5888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/20 20:58:52.0292 5888 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    2011/09/20 20:58:52.0305 5888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/20 20:58:52.0316 5888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    2011/09/20 20:58:52.0338 5888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/20 20:58:52.0362 5888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/20 20:58:52.0388 5888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/20 20:58:52.0406 5888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    2011/09/20 20:58:52.0424 5888 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/09/20 20:58:52.0436 5888 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/20 20:58:52.0462 5888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/20 20:58:52.0474 5888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/20 20:58:52.0484 5888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    2011/09/20 20:58:52.0498 5888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/20 20:58:52.0518 5888 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/20 20:58:52.0529 5888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    2011/09/20 20:58:52.0540 5888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/20 20:58:52.0552 5888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    2011/09/20 20:58:52.0574 5888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/20 20:58:52.0588 5888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/20 20:58:52.0598 5888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/20 20:58:52.0610 5888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/20 20:58:52.0629 5888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/20 20:58:52.0642 5888 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    2011/09/20 20:58:52.0653 5888 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/20 20:58:52.0672 5888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/20 20:58:52.0687 5888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/20 20:58:52.0702 5888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/20 20:58:52.0735 5888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    2011/09/20 20:58:52.0748 5888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/20 20:58:52.0760 5888 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/20 20:58:52.0783 5888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    2011/09/20 20:58:52.0795 5888 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/20 20:58:52.0801 5888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/20 20:58:52.0824 5888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    2011/09/20 20:58:52.0848 5888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/20 20:58:52.0876 5888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/20 20:58:52.0888 5888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/20 20:58:52.0922 5888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/09/20 20:58:52.0935 5888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/09/20 20:58:52.0957 5888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/20 20:58:52.0977 5888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/20 20:58:52.0997 5888 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/20 20:58:53.0014 5888 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
    2011/09/20 20:58:53.0043 5888 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    2011/09/20 20:58:53.0049 5888 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
    2011/09/20 20:58:53.0055 5888 Boot (0x1200) (31b43812ffedf610b05851467bac4067) \Device\Harddisk0\DR0\Partition0
    2011/09/20 20:58:53.0061 5888 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition1
    2011/09/20 20:58:53.0066 5888 Boot (0x1200) (5df01cefcf2815fbd1e0ea2dbcbabc28) \Device\Harddisk0\DR0\Partition2
    2011/09/20 20:58:53.0072 5888 Boot (0x1200) (a2486048e77b76e8aedd43eeab673f55) \Device\Harddisk1\DR1\Partition0
    2011/09/20 20:58:53.0079 5888 Boot (0x1200) (4903d2ffea42255708eb75526050eb16) \Device\Harddisk6\DR6\Partition0
    2011/09/20 20:58:53.0082 5888
     
  17. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    ================================================================================
    2011/09/20 20:58:53.0082 5888 Scan finished
    2011/09/20 20:58:53.0082 5888 ================================================================================
    2011/09/20 20:58:53.0089 3752 Detected object count: 0
    2011/09/20 20:58:53.0089 3752 Actual detected object count: 0
    2011/09/20 20:59:16.0019 3112 ================================================================================
    2011/09/20 20:59:16.0019 3112 Scan started
    2011/09/20 20:59:16.0019 3112 Mode: Manual;
    2011/09/20 20:59:16.0019 3112 ================================================================================
    2011/09/20 20:59:16.0143 3112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/20 20:59:16.0157 3112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/20 20:59:16.0167 3112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/20 20:59:16.0190 3112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    2011/09/20 20:59:16.0209 3112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    2011/09/20 20:59:16.0220 3112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    2011/09/20 20:59:16.0243 3112 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/20 20:59:16.0259 3112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/20 20:59:16.0272 3112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/20 20:59:16.0284 3112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/20 20:59:16.0297 3112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    2011/09/20 20:59:16.0432 3112 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/20 20:59:16.0481 3112 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
    2011/09/20 20:59:16.0492 3112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    2011/09/20 20:59:16.0502 3112 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/20 20:59:16.0515 3112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    2011/09/20 20:59:16.0531 3112 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/20 20:59:16.0542 3112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/20 20:59:16.0562 3112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    2011/09/20 20:59:16.0573 3112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    2011/09/20 20:59:16.0619 3112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/20 20:59:16.0629 3112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/20 20:59:16.0644 3112 AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
    2011/09/20 20:59:16.0666 3112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    2011/09/20 20:59:16.0687 3112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/20 20:59:16.0704 3112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/20 20:59:16.0717 3112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/20 20:59:16.0730 3112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/20 20:59:16.0747 3112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    2011/09/20 20:59:16.0757 3112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    2011/09/20 20:59:16.0773 3112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/20 20:59:16.0783 3112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/20 20:59:16.0798 3112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/20 20:59:16.0808 3112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/20 20:59:16.0819 3112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    2011/09/20 20:59:16.0835 3112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/20 20:59:16.0854 3112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/09/20 20:59:16.0865 3112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    2011/09/20 20:59:16.0878 3112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/20 20:59:16.0898 3112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    2011/09/20 20:59:16.0914 3112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/20 20:59:16.0930 3112 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/20 20:59:16.0942 3112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    2011/09/20 20:59:16.0953 3112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/09/20 20:59:16.0973 3112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    2011/09/20 20:59:16.0993 3112 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
    2011/09/20 20:59:17.0014 3112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/20 20:59:17.0027 3112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/20 20:59:17.0045 3112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    2011/09/20 20:59:17.0055 3112 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
    2011/09/20 20:59:17.0071 3112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/20 20:59:17.0092 3112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/20 20:59:17.0145 3112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    2011/09/20 20:59:17.0178 3112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    2011/09/20 20:59:17.0188 3112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/20 20:59:17.0215 3112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/20 20:59:17.0227 3112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/20 20:59:17.0240 3112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    2011/09/20 20:59:17.0256 3112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/20 20:59:17.0274 3112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/20 20:59:17.0284 3112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    2011/09/20 20:59:17.0298 3112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/20 20:59:17.0313 3112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/20 20:59:17.0329 3112 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/20 20:59:17.0342 3112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/20 20:59:17.0352 3112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    2011/09/20 20:59:17.0392 3112 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/09/20 20:59:17.0404 3112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/20 20:59:17.0418 3112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/20 20:59:17.0429 3112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/09/20 20:59:17.0448 3112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    2011/09/20 20:59:17.0460 3112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    2011/09/20 20:59:17.0471 3112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    2011/09/20 20:59:17.0483 3112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/09/20 20:59:17.0509 3112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/20 20:59:17.0527 3112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/20 20:59:17.0539 3112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/20 20:59:17.0558 3112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/20 20:59:17.0574 3112 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/20 20:59:17.0703 3112 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/20 20:59:17.0761 3112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    2011/09/20 20:59:17.0800 3112 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
    2011/09/20 20:59:17.0819 3112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/20 20:59:17.0838 3112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/20 20:59:17.0850 3112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/20 20:59:17.0863 3112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/20 20:59:17.0874 3112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/20 20:59:17.0894 3112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/20 20:59:17.0905 3112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/20 20:59:17.0918 3112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/20 20:59:17.0928 3112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/09/20 20:59:17.0945 3112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/09/20 20:59:17.0958 3112 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/20 20:59:17.0969 3112 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/20 20:59:17.0978 3112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/20 20:59:18.0004 3112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/20 20:59:18.0024 3112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    2011/09/20 20:59:18.0034 3112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    2011/09/20 20:59:18.0044 3112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    2011/09/20 20:59:18.0061 3112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/09/20 20:59:18.0071 3112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/20 20:59:18.0080 3112 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
    2011/09/20 20:59:18.0095 3112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    2011/09/20 20:59:18.0113 3112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    2011/09/20 20:59:18.0123 3112 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/09/20 20:59:18.0135 3112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/20 20:59:18.0160 3112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/20 20:59:18.0175 3112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/09/20 20:59:18.0197 3112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/20 20:59:18.0209 3112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/20 20:59:18.0222 3112 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    2011/09/20 20:59:18.0232 3112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/20 20:59:18.0261 3112 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    2011/09/20 20:59:18.0270 3112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/20 20:59:18.0284 3112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/20 20:59:18.0301 3112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/20 20:59:18.0314 3112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/20 20:59:18.0325 3112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/20 20:59:18.0335 3112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/20 20:59:18.0356 3112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/20 20:59:18.0381 3112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/20 20:59:18.0392 3112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/20 20:59:18.0408 3112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/20 20:59:18.0424 3112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/20 20:59:18.0436 3112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/20 20:59:18.0446 3112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/20 20:59:18.0464 3112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/20 20:59:18.0479 3112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/09/20 20:59:18.0489 3112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/20 20:59:18.0501 3112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    2011/09/20 20:59:18.0519 3112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/20 20:59:18.0535 3112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/20 20:59:18.0555 3112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/20 20:59:18.0575 3112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/20 20:59:18.0586 3112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/20 20:59:18.0597 3112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/20 20:59:18.0609 3112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/20 20:59:18.0625 3112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/20 20:59:18.0648 3112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/20 20:59:18.0661 3112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/20 20:59:18.0685 3112 netr28x (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
    2011/09/20 20:59:18.0709 3112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    2011/09/20 20:59:18.0721 3112 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    2011/09/20 20:59:18.0739 3112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/20 20:59:18.0753 3112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/20 20:59:18.0790 3112 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/20 20:59:18.0805 3112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/20 20:59:18.0817 3112 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/20 20:59:18.0835 3112 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/20 20:59:18.0847 3112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/20 20:59:18.0858 3112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/20 20:59:18.0874 3112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/20 20:59:18.0893 3112 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/20 20:59:18.0906 3112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/20 20:59:18.0916 3112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/20 20:59:18.0930 3112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    2011/09/20 20:59:18.0947 3112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/20 20:59:18.0964 3112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/20 20:59:19.0007 3112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/20 20:59:19.0025 3112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    2011/09/20 20:59:19.0042 3112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/20 20:59:19.0051 3112 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
    2011/09/20 20:59:19.0077 3112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    2011/09/20 20:59:19.0101 3112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    2011/09/20 20:59:19.0114 3112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/20 20:59:19.0125 3112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/20 20:59:19.0136 3112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/20 20:59:19.0157 3112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/20 20:59:19.0171 3112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/20 20:59:19.0183 3112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/20 20:59:19.0198 3112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/20 20:59:19.0216 3112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/20 20:59:19.0227 3112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/20 20:59:19.0243 3112 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
    2011/09/20 20:59:19.0252 3112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/20 20:59:19.0274 3112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/20 20:59:19.0287 3112 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/20 20:59:19.0299 3112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/20 20:59:19.0322 3112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/20 20:59:19.0345 3112 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/20 20:59:19.0356 3112 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
    2011/09/20 20:59:19.0376 3112 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    2011/09/20 20:59:19.0383 3112 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    2011/09/20 20:59:19.0395 3112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/20 20:59:19.0415 3112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/20 20:59:19.0436 3112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/20 20:59:19.0457 3112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/20 20:59:19.0469 3112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/20 20:59:19.0488 3112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    2011/09/20 20:59:19.0507 3112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/20 20:59:19.0518 3112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/20 20:59:19.0529 3112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/20 20:59:19.0548 3112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    2011/09/20 20:59:19.0564 3112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    2011/09/20 20:59:19.0576 3112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    2011/09/20 20:59:19.0587 3112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/20 20:59:19.0612 3112 Soluto (f9369327409492097b0bb7ce86bd29de) C:\Windows\system32\DRIVERS\Soluto.sys
    2011/09/20 20:59:19.0625 3112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/20 20:59:19.0665 3112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/20 20:59:19.0680 3112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/20 20:59:19.0700 3112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/20 20:59:19.0717 3112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    2011/09/20 20:59:19.0731 3112 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
    2011/09/20 20:59:19.0744 3112 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
    2011/09/20 20:59:19.0763 3112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/09/20 20:59:19.0803 3112 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/20 20:59:19.0833 3112 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/20 20:59:19.0859 3112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/20 20:59:19.0872 3112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/20 20:59:19.0884 3112 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/20 20:59:19.0897 3112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/20 20:59:19.0916 3112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/09/20 20:59:19.0941 3112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/20 20:59:19.0952 3112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/20 20:59:19.0961 3112 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    2011/09/20 20:59:19.0981 3112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/20 20:59:19.0991 3112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    2011/09/20 20:59:20.0002 3112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/20 20:59:20.0020 3112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/20 20:59:20.0038 3112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    2011/09/20 20:59:20.0048 3112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    2011/09/20 20:59:20.0067 3112 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/09/20 20:59:20.0079 3112 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    2011/09/20 20:59:20.0098 3112 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/20 20:59:20.0109 3112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/20 20:59:20.0120 3112 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    2011/09/20 20:59:20.0133 3112 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/20 20:59:20.0152 3112 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/20 20:59:20.0163 3112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    2011/09/20 20:59:20.0176 3112 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/20 20:59:20.0187 3112 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    2011/09/20 20:59:20.0227 3112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/20 20:59:20.0242 3112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/20 20:59:20.0254 3112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/20 20:59:20.0274 3112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/20 20:59:20.0286 3112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/20 20:59:20.0298 3112 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
    2011/09/20 20:59:20.0309 3112 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
    2011/09/20 20:59:20.0329 3112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/20 20:59:20.0343 3112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/20 20:59:20.0357 3112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/20 20:59:20.0389 3112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    2011/09/20 20:59:20.0401 3112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/20 20:59:20.0412 3112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/20 20:59:20.0427 3112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    2011/09/20 20:59:20.0444 3112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/20 20:59:20.0451 3112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/20 20:59:20.0472 3112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    2011/09/20 20:59:20.0490 3112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/20 20:59:20.0522 3112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/20 20:59:20.0533 3112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/20 20:59:20.0559 3112 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/09/20 20:59:20.0572 3112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/09/20 20:59:20.0602 3112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/20 20:59:20.0624 3112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/20 20:59:20.0636 3112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/20 20:59:20.0653 3112 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
    2011/09/20 20:59:20.0695 3112 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    2011/09/20 20:59:20.0703 3112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk6\DR6
    2011/09/20 20:59:20.0719 3112 Boot (0x1200) (7e55f13058faa8910367633badc64474) \Device\Harddisk0\DR0\Partition0
    2011/09/20 20:59:20.0726 3112 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition1
    2011/09/20 20:59:20.0741 3112 Boot (0x1200) (5df01cefcf2815fbd1e0ea2dbcbabc28) \Device\Harddisk0\DR0\Partition2
    2011/09/20 20:59:20.0747 3112 Boot (0x1200) (a2486048e77b76e8aedd43eeab673f55) \Device\Harddisk1\DR1\Partition0
    2011/09/20 20:59:20.0754 3112 Boot (0x1200) (4903d2ffea42255708eb75526050eb16) \Device\Harddisk6\DR6\Partition0
    2011/09/20 20:59:20.0757 3112 ================================================================================
    2011/09/20 20:59:20.0757 3112 Scan finished
    2011/09/20 20:59:20.0757 3112 ================================================================================
    2011/09/20 20:59:20.0764 5436 Detected object count: 0
    2011/09/20 20:59:20.0764 5436 Actual detected object count: 0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Nothing there.

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  19. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-09-21 01:16:56
    -----------------------------
    01:16:56.863 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:16:56.864 Number of processors: 8 586 0x2A07
    01:16:56.864 ComputerName: ZEUS UserName: Marc
    01:16:56.887 Initialze error 1
    01:17:49.678 AVAST engine defs: 11092001
    01:18:21.324 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    01:18:21.327 Disk 0 Vendor: OCZ-VERTEX 1.6 Size: 30533MB BusType: 3
    01:18:21.331 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4
    01:18:21.334 Disk 1 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
    01:18:23.338 Disk 0 MBR read successfully
    01:18:23.342 Disk 0 MBR scan
    01:18:23.348 Disk 0 unknown MBR code
    01:18:23.353 Service scanning
    01:18:24.585 Modules scanning
    01:18:24.591 Disk 0 trace - called modules:
    01:18:24.600 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    01:18:24.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004543790]
    01:18:24.609 3 CLASSPNP.SYS[fffff8800199e43f] -> nt!IofCallDriver -> [0xfffffa8003fb3580]
    01:18:24.613 5 ACPI.sys[fffff88000f8a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004344060]
    01:18:24.616 AVAST engine scan C:\Windows
    01:18:24.619 AVAST engine scan C:\Windows\system32
    01:18:24.622 AVAST engine scan C:\Windows\system32\drivers
    01:18:24.625 AVAST engine scan C:\Users\Marc
    01:18:24.628 AVAST engine scan C:\ProgramData
    01:18:24.631 Scan finished successfully
    01:18:49.040 Disk 0 MBR has been saved successfully to "C:\Users\Marc\Desktop\MBR.dat"
    01:18:49.043 The log file has been saved successfully to "C:\Users\Marc\Desktop\aswMBR921.txt"
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  21. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    ComboFix 11-09-21.04 - Marc 09/22/2011 9:49.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4078.2705 [GMT -4:00]
    Running from: c:\users\Marc\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Marc\AppData\Local\Temp\ammemb.dll
    c:\users\Marc\AppData\Local\Temp\ammemb64.dll
    K:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-21 21:31 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{381E016A-DAFF-484F-9B03-75ABC0D47AC9}\mpengine.dll
    2011-09-16 14:04 . 2011-09-16 14:04 -------- d-----w- C:\THM
    2011-09-14 07:43 . 2011-09-14 07:43 -------- d-----w- c:\users\Marc\AppData\Local\Secunia PSI
    2011-09-14 05:37 . 2011-08-31 23:45 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
    2011-09-14 05:37 . 2011-09-14 05:37 -------- d-----w- c:\program files\Soluto
    2011-09-14 05:35 . 2011-09-14 05:35 -------- d-----w- c:\windows\system32\appmgmt
    2011-09-14 02:23 . 2011-09-14 07:37 -------- d-----w- c:\programdata\Soluto
    2011-09-14 01:34 . 2011-09-14 01:34 -------- d-----w- c:\users\Marc\AppData\Roaming\Actual Tools
    2011-09-14 01:34 . 2011-09-14 01:38 -------- d-----w- c:\program files (x86)\Actual Multiple Monitors
    2011-09-13 20:20 . 2011-09-13 20:20 -------- d-----w- c:\program files (x86)\ESET
    2011-09-08 05:03 . 2011-09-08 05:04 -------- d-----w- c:\programdata\RegCure
    2011-09-08 01:10 . 2011-07-30 19:40 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CD411B-B777-46C3-8ACF-CF1AC088677B}\gapaengine.dll
    2011-09-05 17:19 . 2011-09-05 19:32 -------- d-----w- c:\users\Marc\AppData\Roaming\.anki
    2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-09-03 15:29 . 2011-09-21 21:20 -------- d-----w- c:\program files (x86)\SafeConnect
    2011-09-02 14:47 . 2011-09-02 14:48 -------- d-----w- c:\users\Marc\AppData\Roaming\ImgBurn
    2011-08-25 01:55 . 2011-08-25 01:55 -------- d-----w- c:\users\Marc\AppData\Roaming\AnvSoft
    2011-08-25 01:43 . 2011-08-25 01:43 -------- d-----w- c:\program files (x86)\eRightSoft
    2011-08-25 01:41 . 2011-08-25 01:41 -------- d-----w- c:\users\Marc\AppData\Roaming\HPPlay
    2011-08-25 01:41 . 2011-08-25 01:41 -------- d-----w- c:\users\Marc\AppData\Local\HPPlay
    2011-08-25 01:41 . 2011-08-25 01:41 -------- d-----w- c:\program files (x86)\Hewlett-Packard
    2011-08-25 00:12 . 2011-08-25 00:12 -------- d-----w- c:\users\Marc\AppData\Roaming\Jason Robitaille
    2011-08-24 23:47 . 2011-08-24 23:47 -------- d-----w- c:\program files\DIFX
    2011-08-24 23:47 . 2011-08-24 23:47 -------- d-----w- c:\program files\Palm, Inc
    2011-08-24 22:17 . 2011-08-24 22:17 -------- d-----w- c:\windows\Sun
    2011-08-24 20:35 . 2011-08-24 20:35 -------- d-----w- c:\program files (x86)\MSECache
    2011-08-24 07:17 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-24 07:17 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-14 08:08 . 2011-07-30 19:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-31 21:00 . 2011-07-30 19:30 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-15 18:01 . 2011-08-15 18:01 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-08-15 18:01 . 2011-08-15 18:01 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-08-15 18:01 . 2011-08-15 18:01 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-08-15 18:01 . 2011-08-15 18:01 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-08-15 18:01 . 2011-08-15 18:01 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-08-15 18:01 . 2011-08-15 18:01 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-08-15 18:01 . 2011-08-15 18:01 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-08-15 18:01 . 2011-08-15 18:01 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-08-15 18:01 . 2011-08-15 18:01 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-08-15 18:01 . 2011-08-15 18:01 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-08-15 18:01 . 2011-08-15 18:01 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-08-15 18:01 . 2011-08-15 18:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-08-15 18:01 . 2011-08-15 18:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-08-15 18:01 . 2011-08-15 18:01 448512 ----a-w- c:\windows\system32\html.iec
    2011-08-15 18:01 . 2011-08-15 18:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-08-15 18:01 . 2011-08-15 18:01 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-08-15 18:01 . 2011-08-15 18:01 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-08-15 18:01 . 2011-08-15 18:01 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-15 18:01 . 2011-08-15 18:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-08-15 18:01 . 2011-08-15 18:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-15 18:01 . 2011-08-15 18:01 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-08-15 18:01 . 2011-08-15 18:01 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-08-15 18:01 . 2011-08-15 18:01 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-08-15 18:01 . 2011-08-15 18:01 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-08-15 18:01 . 2011-08-15 18:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-08-15 18:01 . 2011-08-15 18:01 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-08-15 18:01 . 2011-08-15 18:01 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-08-15 18:01 . 2011-08-15 18:01 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-08-15 18:01 . 2011-08-15 18:01 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-08-15 18:01 . 2011-08-15 18:01 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-08-15 18:01 . 2011-08-15 18:01 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-08-15 18:01 . 2011-08-15 18:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-08-15 18:01 . 2011-08-15 18:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-08-15 18:01 . 2011-08-15 18:01 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-08-15 18:01 . 2011-08-15 18:01 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-08-15 18:01 . 2011-08-15 18:01 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-08-15 18:01 . 2011-08-15 18:01 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-08-15 18:01 . 2011-08-15 18:01 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-08-15 18:01 . 2011-08-15 18:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-08-15 18:01 . 2011-08-15 18:01 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-08-15 18:01 . 2011-08-15 18:01 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-08-15 18:01 . 2011-08-15 18:01 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-08-12 04:10 . 2011-07-31 20:53 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-08-08 19:30 . 2011-08-08 19:30 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-07-30 19:40 . 2011-08-11 07:29 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2011-07-30 19:13 . 2011-07-30 19:13 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-07-16 05:41 . 2011-08-11 04:51 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-11 04:51 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-11 04:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-11 04:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-16 05:37 . 2011-08-11 04:51 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-11 04:51 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26 . 2011-08-11 04:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-11 04:51 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-11 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-11 04:51 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-11 04:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Marc\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-22 5471104]
    "Actual Multiple Monitors"="c:\program files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe" [2011-09-14 1585992]
    "FileHippo.com"="i:\program files\Security Stuff\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "StartCCC"="i:\graphics card\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-01 98304]
    "Malwarebytes' Anti-Malware"="i:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    .
    c:\users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - i:\program files\RainMeter\Rainmeter.exe [2011-8-7 102912]
    SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
    Secunia PSI Tray.lnk - i:\program files\Security Stuff\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;i:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-08-31 396320]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-22 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
    S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-03-15 71168]
    S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
    S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;i:\program files\Security Stuff\PSI\PSIA.exe [2011-04-19 993848]
    S2 Secunia Update Agent;Secunia Update Agent;i:\program files\Security Stuff\PSI\sua.exe [2011-04-19 399416]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Marc\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 137.99.25.14 137.99.203.20
    FF - ProfilePath - c:\users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: browser.search.selectedEngine - Amazon.com
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    c:\program files (x86)\SafeConnect\scManager.sys
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
    c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    .
    **************************************************************************
    .
    Completion time: 2011-09-22 09:53:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-09-22 13:53
    .
    Pre-Run: 3,621,826,560 bytes free
    Post-Run: 3,643,572,224 bytes free
    .
    - - End Of File - - 4B5CB97F6AD39D3FCD8EF82B74CA149A
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good now.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    OTL
    OTL logfile created on: 9/23/2011 10:42:22 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Marc\Desktop
    64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.98 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 71.70% Memory free
    7.96 Gb Paging File | 5.80 Gb Available in Paging File | 72.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 29.59 Gb Total Space | 2.96 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 848.79 Gb Free Space | 91.12% Space Free | Partition Type: NTFS
    Drive K: | 931.51 Gb Total Space | 522.84 Gb Free Space | 56.13% Space Free | Partition Type: NTFS

    Computer Name: ZEUS | User Name: Marc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/09/23 10:38:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
    PRC - [2011/09/13 21:38:20 | 001,585,992 | ---- | M] (Actual Tools) -- C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
    PRC - [2011/09/12 10:48:55 | 000,296,088 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\SCClient.exe
    PRC - [2011/09/12 10:48:53 | 000,175,968 | ---- | M] (Impulse Point, LLC) -- C:\Program Files (x86)\SafeConnect\scManager.sys
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) -- I:\Program Files\Security Stuff\PSI\psia.exe
    PRC - [2011/04/19 02:44:40 | 000,291,896 | ---- | M] (Secunia) -- I:\Program Files\Security Stuff\PSI\psi_tray.exe
    PRC - [2011/01/28 01:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
    PRC - [2011/01/28 01:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
    PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2010/03/05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
    PRC - [2010/03/05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
    PRC - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/08/29 02:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe
    MOD - [2009/07/31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/31 19:57:18 | 000,396,320 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
    SRV:64bit: - [2011/08/22 08:34:30 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/03/15 16:35:18 | 000,071,168 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe -- (NovacomD)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2011/09/12 10:48:53 | 000,175,968 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files (x86)\SafeConnect\scManager.sys -- (SCManager)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/07/30 15:35:09 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- I:\Program Files\Security Stuff\PSI\PSIA.exe -- (Secunia PSI Agent)
    SRV - [2011/04/19 02:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- I:\Program Files\Security Stuff\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2011/01/28 01:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
    SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/08/31 19:45:22 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
    DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/08/22 08:34:30 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/09/01 04:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
    DRV:64bit: - [2010/08/16 06:42:00 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/19 07:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 CE 64 FD E9 4E CC 01 [binary data]
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2239900851-650497478-327460002-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.10.2065
    FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.9.5
    FF - prefs.js..extensions.enabledItems: hpPlay-feather@hp.com:999.999.999.999.8
    FF - prefs.js..extensions.enabledItems: hpPlayUI@hp.com:1.0.69.195.10
    FF - prefs.js..extensions.enabledItems: langpack-de@songbirdnest.com:1.9.5.1309780384
    FF - prefs.js..extensions.enabledItems: langpack-es-ES@songbirdnest.com:1.9.5.1307962821
    FF - prefs.js..extensions.enabledItems: langpack-fr@songbirdnest.com:1.9.5.1310986815
    FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.6.2065
    FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.9.5
    FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.9.2065
    FF - prefs.js..extensions.enabledItems: webOS-Device-Settings@hp.com:1.0.75.195
    FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.9.2065

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/14 03:47:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/16 10:23:47 | 000,000,000 | ---D | M]

    [2011/08/24 21:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Extensions
    [2011/08/24 21:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
    [2011/09/22 10:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\extensions
    [2011/09/14 03:40:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/09/08 10:32:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marc\AppData\Roaming\Mozilla\Firefox\Profiles\7qgux9nr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/07/30 15:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/07/30 15:13:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\GONZO@SONGBIRDNEST.COM
    [2011/08/24 21:41:04 | 000,000,000 | ---D | M] (hpPlay-feather) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\HPPLAY-FEATHER@HP.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] (HP Play UI) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\HPPLAYUI@HP.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] ("German (de) Language Pack") -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\LANGPACK-DE@SONGBIRDNEST.COM
    [2011/08/24 21:41:06 | 000,000,000 | ---D | M] ("Spanish (Spain) (es-ES) Language Pack") -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\LANGPACK-ES-ES@SONGBIRDNEST.COM
    [2011/08/24 21:41:07 | 000,000,000 | ---D | M] ("French (fr) Language Pack") -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\LANGPACK-FR@SONGBIRDNEST.COM
    [2011/08/24 21:41:04 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\MSC@SONGBIRDNEST.COM
    [2011/08/24 21:41:07 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
    [2011/08/24 21:41:05 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM
    [2011/08/24 21:41:05 | 000,000,000 | ---D | M] (webOS Device Settings Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\WEBOS-DEVICE-SETTINGS@HP.COM
    [2011/08/24 21:41:03 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PLAY\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM
    [2011/09/08 10:32:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/09/22 09:52:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] I:\Graphics Card\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [Actual Multiple Monitors] C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe (Actual Tools)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [F.lux] C:\Users\Marc\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [FileHippo.com] I:\Program Files\Security Stuff\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2239900851-650497478-327460002-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Marc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2239900851-650497478-327460002-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2239900851-650497478-327460002-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.99.25.14 137.99.203.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25446B41-60E0-4B2E-B37D-0A85E0AD997F}: DhcpNameServer = 137.99.25.14 137.99.203.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36A398D-1FBB-4A84-BCF3-F07430401293}: DhcpNameServer = 137.99.25.14 137.99.203.20
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/05/13 16:24:35 | 000,000,000 | R--D | M] - K:\autorun -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/09/23 10:38:29 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
    [2011/09/22 23:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/09/22 23:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/09/22 23:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/09/22 23:17:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/09/22 22:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/09/22 10:56:24 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\Remixes[v0]
    [2011/09/22 10:56:11 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\Emancipator - Safe In The Steep Cliffs (2010) [V0]
    [2011/09/22 10:55:45 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\Soon It Will Be Cold Enough
    [2011/09/22 10:54:41 | 000,000,000 | ---D | C] -- C:\Users\Marc\Desktop\Trifonic - Emergence
    [2011/09/22 09:53:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/09/22 09:52:30 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/09/22 09:49:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/09/22 09:49:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/09/22 09:49:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/09/22 09:48:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/09/22 09:45:23 | 004,223,304 | R--- | C] (Swearware) -- C:\Users\Marc\Desktop\ComboFix.exe
    [2011/09/21 01:16:34 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Marc\Desktop\aswMBR.exe
    [2011/09/20 20:58:11 | 001,403,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marc\Desktop\tdsskiller.exe
    [2011/09/16 10:04:35 | 000,000,000 | ---D | C] -- C:\THM
    [2011/09/16 10:03:47 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winnydows
    [2011/09/16 10:03:45 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Winnydows
    [2011/09/14 03:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/09/14 03:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/09/14 03:43:53 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\Secunia PSI
    [2011/09/14 01:37:20 | 000,054,728 | ---- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
    [2011/09/14 01:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soluto
    [2011/09/14 01:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
    [2011/09/14 01:35:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2011/09/13 22:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto
    [2011/09/13 21:34:45 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Actual Tools
    [2011/09/13 21:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Actual Multiple Monitors
    [2011/09/13 16:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2011/09/12 20:06:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/09/08 17:08:35 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStove
    [2011/09/08 01:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2011/09/07 01:48:47 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Identifier
    [2011/09/07 01:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Identifier
    [2011/09/05 13:53:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FitDay
    [2011/09/05 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Anki
    [2011/09/05 13:19:55 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\.anki
    [2011/09/05 01:15:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
    [2011/09/03 11:29:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafeConnect
    [2011/09/02 10:47:30 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\ImgBurn
    [2011/09/01 10:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nintendo 64
    [2011/09/01 10:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sega Genesis Mega Drive
    [2011/09/01 10:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nintendo (NES)
    [2011/09/01 10:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Nintendo (SNES)
    [2011/08/24 21:55:06 | 000,000,000 | ---D | C] -- C:\Users\Marc\Documents\Any Video Converter
    [2011/08/24 21:55:04 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\AnvSoft
    [2011/08/24 21:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2011/08/24 21:43:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
    [2011/08/24 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\HPPlay
    [2011/08/24 21:41:10 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Local\HPPlay
    [2011/08/24 21:41:07 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Play
    [2011/08/24 21:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
    [2011/08/24 20:12:26 | 000,000,000 | ---D | C] -- C:\Users\Marc\AppData\Roaming\Jason Robitaille
    [2011/08/24 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2011/08/24 19:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
    [2011/08/24 18:17:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/08/24 16:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache

    ========== Files - Modified Within 30 Days ==========

    [2011/09/23 10:38:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
    [2011/09/23 09:56:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/09/23 08:17:50 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/09/23 08:17:50 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/09/23 08:15:10 | 000,729,752 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/09/23 08:15:10 | 000,626,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/09/23 08:15:10 | 000,107,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/09/23 08:10:36 | 3207,315,456 | -HS- | M] () -- C:\hiberfil.sys
    [2011/09/22 23:18:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/09/22 23:17:13 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf
    [2011/09/22 09:52:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/09/22 09:45:26 | 004,223,304 | R--- | M] (Swearware) -- C:\Users\Marc\Desktop\ComboFix.exe
    [2011/09/21 01:18:49 | 000,000,512 | ---- | M] () -- C:\Users\Marc\Desktop\MBR.dat
    [2011/09/21 01:16:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Marc\Desktop\aswMBR.exe
    [2011/09/20 20:58:19 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marc\Desktop\tdsskiller.exe
    [2011/09/20 15:25:56 | 000,003,772 | ---- | M] () -- C:\Windows\SysNative\.rsp
    [2011/09/20 15:25:56 | 000,002,011 | ---- | M] () -- C:\Windows\SysNative\.lck
    [2011/09/14 03:56:27 | 000,000,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2011/09/14 01:35:04 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/09/08 17:08:35 | 000,000,652 | ---- | M] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStove.lnk
    [2011/09/03 11:29:17 | 000,000,770 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
    [2011/08/31 19:45:22 | 000,054,728 | ---- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\Soluto.sys
    [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/08/30 10:55:30 | 000,001,014 | ---- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/08/24 20:24:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf

    ========== Files Created - No Company Name ==========

    [2011/09/22 23:18:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/09/22 23:17:13 | 000,000,629 | ---- | C] () -- C:\Windows\SysNative\mapisvc.inf
    [2011/09/22 09:49:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/09/22 09:49:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/09/22 09:49:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/09/22 09:49:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/09/22 09:49:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/09/21 01:18:49 | 000,000,512 | ---- | C] () -- C:\Users\Marc\Desktop\MBR.dat
    [2011/09/14 03:56:27 | 000,000,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2011/09/14 03:56:27 | 000,000,783 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2011/09/13 22:43:42 | 000,003,772 | ---- | C] () -- C:\Windows\SysNative\.rsp
    [2011/09/13 22:43:42 | 000,002,011 | ---- | C] () -- C:\Windows\SysNative\.lck
    [2011/09/13 22:24:46 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2011/09/08 17:08:35 | 000,000,652 | ---- | C] () -- C:\Users\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStove.lnk
    [2011/09/05 13:19:17 | 000,000,473 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
    [2011/09/03 11:29:17 | 000,000,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk
    [2011/08/30 10:55:30 | 000,001,014 | ---- | C] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2011/08/24 20:24:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2011/08/10 15:40:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/08/08 17:01:42 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
    [2011/08/06 08:51:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/07/30 15:31:18 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/07/30 14:59:12 | 000,034,655 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2011/07/30 14:58:21 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/07/30 14:58:15 | 000,023,381 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2011/03/26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/03/26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/03/26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

    ========== LOP Check ==========

    [2011/09/05 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\.anki
    [2011/08/08 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\acccore
    [2011/09/13 21:34:45 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Actual Tools
    [2011/08/24 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\AnvSoft
    [2011/07/30 15:01:38 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DeviceVm
    [2011/09/13 21:31:20 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\DisplayFusion
    [2011/09/23 08:11:34 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Dropbox
    [2011/08/08 16:38:42 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\HEM Data
    [2011/08/08 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\HoldemManager
    [2011/09/02 10:48:30 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\ImgBurn
    [2011/08/24 20:12:26 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Jason Robitaille
    [2011/09/20 14:35:09 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Mipony
    [2011/08/08 16:02:32 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\OpenOffice.org
    [2011/08/15 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\Rainmeter
    [2011/08/13 19:19:25 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\rinsebyreal
    [2011/08/16 14:48:33 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeamViewer
    [2011/09/23 10:38:39 | 000,000,000 | ---D | M] -- C:\Users\Marc\AppData\Roaming\TeraCopy
    [2009/07/14 01:08:49 | 000,020,884 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/09/22 09:53:25 | 000,029,355 | ---- | M] () -- C:\ComboFix.txt
    [2011/09/23 08:10:36 | 3207,315,456 | -HS- | M] () -- C:\hiberfil.sys
    [2011/08/08 16:37:12 | 000,000,371 | -H-- | M] () -- C:\IPH.PH
    [2011/09/13 16:12:06 | 000,040,830 | ---- | M] () -- C:\JavaRa.log
    [2011/09/23 08:10:38 | 4276,424,704 | -HS- | M] () -- C:\pagefile.sys
    [2011/07/30 15:00:28 | 000,002,142 | ---- | M] () -- C:\RHDSetup.log
    [2011/09/20 21:12:12 | 000,133,054 | ---- | M] () -- C:\TDSSKiller.2.5.23.0_20.09.2011_20.58.42_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011/08/08 16:38:11 | 000,068,126 | ---- | M] () -- C:\Program Files (x86)\hminstalllog.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/08/15 14:03:54 | 000,000,221 | -HS- | M] () -- C:\Users\Marc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/21 01:16:37 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Marc\Desktop\aswMBR.exe
    [2011/09/22 09:45:26 | 004,223,304 | R--- | M] (Swearware) -- C:\Users\Marc\Desktop\ComboFix.exe
    [2011/09/23 10:38:30 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Marc\Desktop\OTL.exe
    [2011/09/20 20:58:19 | 001,403,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marc\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/07/30 14:48:59 | 000,000,402 | -HS- | M] () -- C:\Users\Marc\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/09/14 01:35:04 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  24. mdw90

    mdw90 TS Rookie Topic Starter Posts: 44

    I'm still getting the IP Block for skype but other than that my computer has had no issues with anything. I have had this skype IP block from Malwarebytes for a while though (8-22 til now aside from 9-14 where there was a firefox.exe IP protection log).


    Extras
    OTL Extras logfile created on: 9/23/2011 10:42:22 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Marc\Desktop
    64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.98 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 71.70% Memory free
    7.96 Gb Paging File | 5.80 Gb Available in Paging File | 72.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 29.59 Gb Total Space | 2.96 Gb Free Space | 10.02% Space Free | Partition Type: NTFS
    Drive I: | 931.51 Gb Total Space | 848.79 Gb Free Space | 91.12% Space Free | Partition Type: NTFS
    Drive K: | 931.51 Gb Total Space | 522.84 Gb Free Space | 56.13% Space Free | Partition Type: NTFS

    Computer Name: ZEUS | User Name: Marc | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
    "{5F4EB37F-1CA8-4A95-AD62-ED3D61A8E67E}" = Soluto
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
    "{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
    "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
    "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
    "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "332CCC08910F1AE2E4D90D25DEDE87E3EF797832" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)
    "CCleaner" = CCleaner
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "Defraggler" = Defraggler
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "TeraCopy_is1" = TeraCopy 2.2
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{039D5969-38EE-D83C-4009-6D4202602665}" = Application Profiles
    "{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
    "{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
    "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
    "{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
    "{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{DE5438FB-7DB6-4693-B7F2-1222C5FA18A8}" = HP Play [beta]
    "{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
    "{E31E8CDA-7D26-4ec1-9862-5780AF65DA65}_is1" = GizmoRip version 3.007
    "{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1ABF9E0-CB10-4b06-8164-BFEB7E2ABEE6}_is1" = GizmoTrim version 0.402
    "{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
    "{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
    "{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6
    "Actual Multiple Monitors_is1" = Actual Multiple Monitors 3.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AIM_7" = AIM 7
    "Anki" = Anki
    "Any Video Converter_is1" = Any Video Converter 3.2.7
    "AutoHotkey" = AutoHotkey 1.1.02.00
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileHippo.com" = FileHippo.com Update Checker
    "FitDay_is1" = FitDay
    "Fractal Dragon Screensaver_is1" = Fractal Dragon Screensaver 1.0
    "HoldemManager" = Holdem Manager
    "ImgBurn" = ImgBurn
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MiPony" = MiPony 1.5.0
    "Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
    "Nintendo (NES)" = Nintendo (NES)
    "Nintendo 64" = Nintendo 64
    "PostgreSQL 8.4" = PostgreSQL 8.4
    "Rainmeter" = Rainmeter
    "SafeConnect" = SafeConnect
    "Secunia PSI" = Secunia PSI (2.0.0.3003)
    "Sega Genesis Mega Drive" = Sega Genesis Mega Drive
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Super Nintendo (SNES)" = Super Nintendo (SNES)
    "TeamViewer 6" = TeamViewer 6
    "VLC media player" = VLC media player 1.1.11
    "XviD4PSP60" = XviD4PSP 6.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2239900851-650497478-327460002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Flux" = F.lux

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 9/20/2011 9:34:16 AM | Computer Name = Zeus | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/20/2011 2:25:12 PM | Computer Name = Zeus | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 6d8 Start
    Time: 01cc76c94b4dde17 Termination Time: 16655 Application Path: C:\Windows\Explorer.EXE

    Report
    Id: d56251db-e3b5-11e0-96b1-bcaec570d710

    Error - 9/20/2011 3:07:56 PM | Computer Name = Zeus | Source = Application Hang | ID = 1002
    Description = The program Explorer.exe version 6.1.7601.17567 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 15f4 Start
    Time: 01cc77c2a2b2125f Termination Time: 60000 Application Path: C:\Windows\Explorer.exe

    Report
    Id: ad19d7c7-e3bb-11e0-96b1-bcaec570d710

    Error - 9/20/2011 3:25:22 PM | Computer Name = Zeus | Source = WinMgmt | ID = 10
    Description =

    Error - 9/20/2011 8:56:55 PM | Computer Name = Zeus | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) !=
    mDNS_reentrancy (0)

    Error - 9/20/2011 8:56:55 PM | Computer Name = Zeus | Source = Bonjour Service | ID = 100
    Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1)
    != mDNS_reentrancy (0)

    Error - 9/21/2011 3:06:52 AM | Computer Name = Zeus | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/21/2011 4:51:26 AM | Computer Name = Zeus | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 9/21/2011 7:13:35 AM | Computer Name = Zeus | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 9/21/2011 7:13:53 AM | Computer Name = Zeus | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
    online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
    . A component version required by the application conflicts with another component
    version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    [ System Events ]
    Error - 9/20/2011 8:56:57 PM | Computer Name = Zeus | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk6\DR6.

    Error - 9/20/2011 8:57:05 PM | Computer Name = Zeus | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C36A398D-1FBB-4A84-BCF3-F07430401293}
    because another computer on the network has the same name. The server could not
    start.

    Error - 9/20/2011 8:57:05 PM | Computer Name = Zeus | Source = NetBT | ID = 4321
    Description = The name "ZEUS :0" could not be registered on the interface
    with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not
    allow the name to be claimed by this computer.

    Error - 9/20/2011 8:57:05 PM | Computer Name = Zeus | Source = NetBT | ID = 4321
    Description = The name "ZEUS :20" could not be registered on the interface
    with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not
    allow the name to be claimed by this computer.

    Error - 9/21/2011 1:06:48 AM | Computer Name = Zeus | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{C36A398D-1FBB-4A84-BCF3-F07430401293}
    because another computer on the network has the same name. The server could not
    start.

    Error - 9/21/2011 1:06:48 AM | Computer Name = Zeus | Source = NetBT | ID = 4321
    Description = The name "ZEUS :0" could not be registered on the interface
    with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not
    allow the name to be claimed by this computer.

    Error - 9/21/2011 1:06:48 AM | Computer Name = Zeus | Source = NetBT | ID = 4321
    Description = The name "ZEUS :20" could not be registered on the interface
    with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not
    allow the name to be claimed by this computer.

    Error - 9/21/2011 1:18:04 AM | Computer Name = Zeus | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 9/21/2011 1:18:40 AM | Computer Name = Zeus | Source = NetBT | ID = 4321
    Description = The name "ZEUS :0" could not be registered on the interface
    with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not
    allow the name to be claimed by this computer.

    Error - 9/21/2011 1:18:47 AM | Computer Name = Zeus | Source = NetBT | ID = 4321
    Description = The name "ZEUS :0" could not be registered on the interface
    with IP address 137.99.173.241. The computer with the IP address 10.4.40.7 did not
    allow the name to be claimed by this computer.


    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Try to reinstall Skype.

    OTL log looks clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...