Need help with malware removal, Followed the 7 steps

Solved
By chrisserra92
Jun 11, 2011
Topic Status:
Not open for further replies.
  1. I'm having a whole bunch of problems with my Dell Studio 1558 laptop running Windows 7. An extra iexplore.exe keeps popping up whenever I open up Internet Explorer, and sometimes a process named 'pcdrcui.exe' shows up and takes up the most memory out of all my processes.

    I've ran into some situations where even explorer.exe takes up a lot more memory than usual, and ends up taking up the most memory as well. I also get a lot of glitchy playback in iTunes, and always have trouble watching videos online, such as on Youtube or Facebook, I'm assuming these issues are probably also related to whatever virus or malware I have in my system.

    Anyway, I followed the seven steps given in the boards, and have the files for the logs attached to this post. Malwarebytes didn't find anything when I scanned it today; the only time it found something was when I first downloaded it in March, so I figured I'd attach that log instead of the one from today, hopefully that'll help somewhat more. Any help is greatly appreciated!

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Please, follow posting rules.
    All logs have to be pasted, not attached.
  3. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6175

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    3/26/2011 1:07:22 PM
    mbam-log-2011-03-26 (13-07-22).txt

    Scan type: Quick scan
    Objects scanned: 169581
    Time elapsed: 4 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-11 14:53:14
    Windows 6.1.7600
    Running: 7meoo0gh.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ??????????????????????????????????????????X??????k???t??tunnel???????????????e???e???????????????????????????????????????B???????????z???e?????????????????? "??????????????????? ?????????????????????,?????????? ?&????????????????????1??@nettun.inf,%msft%;Microsoft?????????????????????????????m??e ??? ??????????????d?????????????????????????????N??????0?????D}"???????????????5????2Local Area Connection* 67????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????4Microsoft 6to4 Adapter #58????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ?????????????????????????????????????????????????-??????es???????????2??sg???????????????????????????????????????????????B??????????????????????? ????????????????????8??????9??????42??{4d36e972-e325-11ce-bfc1-08002be10318}\0377?Ne???????B??????????????16??????????????????????????in??????????13???????????????????_???????s??Type????????????????????????????????????? ???????U?????????????,????????$???<???????????????????????????????B2??? ?????????????????????,????????z?????#UNN??Microsoft 6to4 Adapter #358?un??? $??????????????????????????????????????????????3??}"????????????????????????????8?????????????IS????N????????????D24??????????????Microsoft???????????????? P???????????????????????????X??????????t????8??????F??????FF???????????}??*6to4mp???????????????`???????????????????`?????????????????????????????x???????????????????@nettun.inf,%msft%;Microsoft????Microsoft 6to4 Adapter #359??????????????_??????????????????????????FF??????????????9C??9C??? ???????U?????????????,????????$???<??????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ????????????????????????? ?????????????????????0?????????????????????????????????????????????????0????????(??????_??????????????4m???????????????B??? ???????c??????????*6to4mp?????6to4mp.ndi??????6to4mp.ndi???z??????1???? ??????????????????????????????????????????? ?????????????????????0?????????????????????????????????????4??????Type?????????????????????????????F??FF????.?????????????????????$????i??????????ROOT\*6TO4MP\0028???? ?????????????????????0????????????????????6.1.7600.16385???k??? ?????????????????????0?????????????????????????????2??0B??6.1.7600.16385??????? ????????????????????????????????????????????s?"???? ??????????????????????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0046?? ??? ?????????????????????0????????????&????????????????????4???????????A??????????????????????? ???????Z?????????????0????????????&???????????????????????? ?????????????????????0??????*?4??? ??????nel??????????????????????d ??????#????r????????????4?????????????Local Area Connection* 35??????
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619f299ef
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ? ???????m???????l?m?l??????? ???????j?????k?????k????????????<????????S????????????????????????? ???????k??????????????????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????????????????k?k?k?k?l???l???m?m???????????k?&????N?????????????????LegacyDriver?????????l????????????N??k????????D???????6?????????A8?????????????k?&??? ???????j?????k?????k????????????=????????L????11??13??????96??????? ???????k??????????????????????N???????????LegacyDriver????????????????????????????????????????? ???k???n??????????USB??????????????6?????????????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????????????????t???*6to4mp?????????????????t???????????????????tunnel???????k?k? ???k???????????????????k??????? ??????????? ???????????????????8???????y?????????????????s?????????????????????????u??????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ??k?????????dyB???l??????? r??????????????s???????????5????????????N??k????????DCC0??Storage volumes????????????????????? ????????h???????e??*6to4mp????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????????D?????s\M???????????????????????????????????????s???????????D?????s\n??3&4f11e61&0?????volume_install???????k?k?8???????k???????????k?k?????????k??????.N???????????D?????s\a???U?k?k?k?????-????N??m???0????De10??Network???????????????N??????D????DS\a??? V??????D?????S\q??VgaSave?-2???l?l?l???k?k?k?????????????????s?????????????e??T_???????????????????????????????t??????32???k?k?k???????u??volmgr????????N??m???6??????????????????????t???? B??s??????????????????????????????????? ???????j?????k?????k?????????????????????C?????????????????????5??? ???????k??????????????????????Z????????????????????????-???????j???????e?????k?&???????y??????????????????????Microsoft????????j?????g?????????????????????z?{?y?????????????????????????? ????r?????sE2????X??k???5???5????N??k???5??????????ms_pppoeminiport????WUDFRd???????????p??MBRES????k??????????????Network??????k??? ???????j?????k?????j???????????????????????E???????????????????????k??? ???????k???????????j??????????b???????????? ???????k???????????h?
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???????????????????????????????????????????????????????????????s?????k??????????????????&???LegacyDriver?????k???????????????????????????????5?????s? ???h?j?k?k?k?k?k???|???k???k???????????3??????ow??? V??l???????????????????j??????s???????AP??8&24b49707&0?h???????j???????????k???k???????????????????????????????????????h???-???e????X??????????????k???k??LegacyDriver??????N??k????????D??5??7&172aab4&0??6???????????????????B??????B)????N??k???????????????????1???????????????????????????k??????s????????????????????????k???S??se??{00000000-0000-0000-0000-000000000000}?781???l?l?1??????ut???|???k???k?k?????????????????????}?????sis??Broadcom????mfewfpk?????????????????????????? h??????????????????????k??????????????? j??n???6?????6?6??????????????????mfeavfk???????N??k????????D??5???h?h?j?j?k?k?i??MRxDAV???????k??????????nettun.inf???????k???????????g?k?k?k????s????h?i?k?k????????????????????t??????k?&??? ???????j?????k?????k?????????????? ???????????????????????????????? ???????k???????????j??????????Z??????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ? ???????n?n?n??????????? ???????????????????????????????????????f???n?n????? ?????????????n???????0??L????????? ??????????????n???n????? ???????n?????n???????0????????????&???????????????????????? ???????n?????n???????0????????????????????????????? ???????n???????????n?0?????????????????????????????????????????n??????????ksfilter.inf:Microsoft.NTamd64:MSPCLOCK:6.1.7600.16385:sw\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}?????n?n???????n????? ???????n?????n???????0?????????????????????n?n?????m??? ???????n???????????n?0?????????????????????????????????????????n?????????????????????n????? ???????n?????n???????0???????????????????????n???n???n????????? ???????n???????????n?0????????????????????????????????ms???????n???????????n?n???????n????? ???????n?????m???????0????????????&??????????????????????????n???n????? ???????n?????n???????0????????????????????? ???????n???????????n?0?????????????????????????????????????????n???????????????????n?n???????n????? ???????n?????n???????0????????????????????MSPCLOCK????? ?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????y??PNP_TDI???????X??????B???????z???y??????????? ????????????????????????????????N??k????????D?? ???????k???C??sr???? ??U???e???e???????k????????????4??o?????????e??????P??t?????????n?????k???????u??????S????????o??????????????????.N???????????????????8???1??????????????????????????????????t????????f??????p????k??*6to4mp??????????k???t??sr??WPD?????LegacyDriver? ????N??k????????D????????? ??????????sin??? ???????j?????k?????k?????????????????????P????usbaudio?l??text?e??? ???????k???????????k??????????V????????????????????????5????"??p??????p??????k?&???????????e?????sIN??????????????????tunnel???|??Type?????????????8??????v_???????k??????s????????k???_??s.?????????????????s?????????k??????????????????????????LegacyDriver?????????j????????????s??????k??????????????????BTHUSB??????? ???????j?????k?????k???????????????????????Y???????????,???????.??? ???????k???????????k??????????b???????????Broadcom???????????????????????????????k?&???? ??U???6???e??????????????t???t??????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ? ???????l?l? ????>????????g?????j?kHI???????Z???a????????N??????????????4??? ???j??????????8????????j???????3????N??k????????Dpor??mferkdet?????????k???????????k?k?????j?j?|??????s????|??? ???????????????????k?k?????????j??????????KSecDD???????k?k?k?????????????????s?????j?j?j??????????????????ROOT\vdrvroot??3?????????????l??? ???????k????????????????????????????????????s?????? ???????k???????????????????????????????f??? ???????k?????k???????0??L????????? ??????????????k???k???k????????? ???????k?????k???????0????????????&???????????????????????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????????????????compositebus.inf:Microsoft.NTamd64:CompositeBus_Device:6.1.7600.16385:root\compositebus?16???????k???3??????.NT????????k????? ???????k?????k???????0????????????????????????rd??????? ???????k???????????j?0?????????????????????????k???3????????2??k???????????k?k???????k????? ???????k?????k???????0???????????????????????k???k???k?????????k?k?????k??????????????? ???????k???????????k?
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ??????????:??????3?g33??? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????.?????????????????????nettun.inf?53???? ??????????????????6to4mp.ndi??????? ??????????????????tunnel????????????????????????????????????????????????`?????????????? ??????????????n???????????????? ?????????????????????,????????????&????????????????????1??? ????????????????????????????????????????4Local Area Connection* 173???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft 6to4 Adapter #163???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????????text????????? ?????????????????????????????????????????????(??????~?????????????x???? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????69????????????????? ??????????????w??lA??????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????.???????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ?????????????????????0?????????????????????????????? ??????9??5b???????????6?????e16??????????????*6to4mp?????????????? ?????????????????????,??????????7?&????????????????????&??? ???????e??????dn?????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ?????????????????0?????s?????????y???????????????}???????????????n??????????????????????????????????????????PCI\VEN_8086&CC_088000?PCI\VEN_8086&CC_0880?PCI\VEN_8086?PCI\CC_088000?PCI\CC_0880??-E??????????????????????????????????IDE Channel?????{4d36e972-e325-11ce-bfc1-08002be10318}\0028?????? ???y??????????????????????? f??????????????????????l??????????? <??????????????????????????;?????s?????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????????? ?????? ????????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ??????????????????????????????????????????????? ?????????????????????????????????????????????????IO:HAL,MBRES;MEM:HAL,MBRES??????Microsoft 6to4 Adapter #24?13???USB??????????p???????e??????????????????@nettun.inf,%msft%;
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????????????????????????????????? ???????9??????d8???????s??int?????????????????? ????????????????????????"?????p?Q?????????????????????@F???????????0??????????????? ???????????????????????????????????l??????? ?????????????????????????????????????????????d?d??? ??R????d???????d??? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????d?d?????????????????e?e??? ?????????????????????0????????????&???????????????????? ??? ?????????????????????0????????????????????? ?????????????????????0????????~???????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?URE??? ?????????????????????0????????????&????????????????????e??? ?????????????????????0????????????????????? ?????????????????????0????????????????????6.1.7600.16385??????????????? ?????????????????????,????????????&????????????????????0??? ???????F??????d3??????????-9??????Microsoft 6to4 Adapter #238???????8?????????????16??tunnel?e?e????8?????????????????????????????????????? .????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ?????????????????_??????????? ??{4d36e972-e325-11ce-bfc1-08002be10318}\0088??????j??????????????????????? ???????????????????j?0????????????????????? ?????????????????????0?????????????????????????????j??????????????????????????????????3???????????????????????????????????????????????????\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Apple&Prod_iPod&Rev_1.62#000A270013AE7551&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A270013AE7551&0#?????\\?\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A270013AE7551&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}??????????#???? ???????U?????????????,????????N???Q?????????????????????????????????????????}?????USB\VID_05AC&PID_1261\000A270013AE7551?rew??? ?????????????????????,???
    Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????????????t??????????? ??????????????????????????4???Net?????? ??????????????????????????????????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&???????????????????????? ??????????????????????? ????????????????????????V?????????&???????????????????????? ??????????????????????????????????+???????????????????????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&????????????????????F??????????? ?????e????? ???????m?????T\*???????????????????????????|???????|???????l???????k??????????{00000000-0000-0000-0000-000000000000}?n=A???? ??????????????????????y???????????????????????t??????B3??? ????????????????????????V?????????&???????????????????????? ??????????????????????????????????+??????????????????????0????? ?????????????????????,??????????A?&????????????????????e??? ?????????????????????,????????????&????????????????????C???????????r???????s????????N???????????D???????????????????`????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ????????text????????? ???????y??????????tunnel???e??? ?????????????????????0??????????????????????<??????r??????? ???????|???????????j?:????????????&????????????????????3??{4d36e972-e325-11ce-bfc1-08002be10318}??????{93BFC1DA-6F59-44E9-BE19-8DDA3931143D}???4????$?????????????????? ??????????????????????????????????????????????????Type????????? ?????????????????????0????????????&???????????????????????? ???????????????????k?0??????*?4??? ??????????????????????????d?????????????&??????????? ???????????????????p??????????<???????????? ???????????????????????????????????????6??? ??????????????????????????? ??????????6.1.7600.16385??????e????????????3???????????????T???????s??\Device\{E4520241-D9AE-450B-B01B-20F2E17FBAED}??M???? P??????F?????2E7??}???? ???????@????????????????????$?N?*???????????????????????????????N??????d??????????{93BFC1DA-6F59-44E9-BE19-8DDA3931143D}???4???????????????e??????????????????????????????11???????????e??????:????1???????~??? ???????U?????????????,????????$???<??????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????1F??????????tunnel??????? ???????N??????????????????????????????????????Net???????N??????y?????z?y???????y??????????? ??????????dr???????"??????????????????????????4 ??? ??????????????????????????????????????????????ew??? ???????????????????y?0????????????????????????????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????nettun.inf?|?5??????????????????????? ?????????????????????0????????????????????? ???????????????????y?0?????????????????????????????????????l??PI??????????????????Microsoft????????????0??????????????????? ??????????????????6-21-2006???????????????????? ?????????????????????0????????????????????????????????????????????????????? ???????????????????y?0????????????????????????????????????????????????????? ??????????????n???6.1.7600.16385??????? ?????????????????????0?????????????????????????????????????????-????,??????_??nn??????????? ?????????????????????0????????????????????????????????t??????????????????????????????????????????????????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????????? ????????????????????????"?????p?|?????????? ????????????????????????"?????p????????????????????:???????????????|???????????????????????????????????????????????B??????????? ????????????????????????"?????p?}?????\T??? ???????2??????????6-21-2006????????????c??{7??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp??h????????????????????????????1??????????????????????????????????????11???????????????????????????-???????.??????????????????int?46??????????*6to4mp?????????????????? ????????????????????????????????????????????sMFE??? ??~????O??????xL??? ???????????????????????????????????????f??? ?????????????????????0??L????????? ?????????????????????????FFFF??????????? ????????????????????????????????????????????s?????? ??}???????????x???? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????69?????????????????E579??? ?????????????????????0????????????&????????????????????6??? ?????????????????????0????????????????????? ?????????????????????0????????~??????????
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ?????????????????????}?}?}?}?}?}?}??????? ????????????????????????V?????????&????????????????????A??? ??????????????????????????????????+??????????????????????0? ??????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&???????????????????????? ??????????????d???? ?????????????????????,????????????&????????????????????i??? ??????????????d???? ?????????????????????,????????????&????????????????????T??? ??????????????d???????????????? p?????????????????????????????Microsoft????????????????????????????????????????????????????????????????????????B???????????&???????????????????????????????&???????E??????????????????????synpd.inf_amd64_neutral_de2c8943900c17e2?V??? ???????w??????????s????????y??? ???????_?????l????????? ??????? ????????????????????`?????????????? *????????????(?????????????????????????0???i??????tunnel??????????????? ???????|?????????????:????????????&????????????????????????????????o?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????????*6to4mp??????????????v???e????????????????????????????????????N??????d???????????????????????5?????e?????????y??????????????????? ???????|???????????s?:????????????&????????????????????-????????????????6?????????0-??????????????????????????????????????????????*6to4mp?????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????????????text????? ????????????????????????????????????????????s2}-??????????????????Local Area Connection* 132?p6_????????????????????????$?????????????????ROOT\*6TO4MP\0120??????????????????d????????? ???????????????????????????????????????f??? ?????????????????????0??L????????? ??????69??????????????????d?d??? ?????????????????????0????????????&????????????????????5??????????? ?????????????????????0????????????????????????????? ?????????????????????0????????~?????????????~??????D??-4??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?"{9??????????? ?????????????????????0????????????&???????????????????????? ?
    Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ????????????????????????????????????????????????????nt??@nettun.inf,%msft%;Microsoft?F??? ????????????????????N??????|?????{s?????N?????????????????tunnel?s?????????????????????????????????????????????s??? ???@???d??????????????????Microsoft 6to4 Adapter #144???????:??????a?g?&??*6to4mp?????? 0??????????????????????????????????????????????????1??A7??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????Microsoft 6to4 Adapter #181?????;M???????????????????????e??*6to4mp?????? ???@???c????????????????????X??????y??????????????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?-4????N??????_????Dl????????????????????????????Microsoft?????:????????g????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?819??? p??????e?????e?e???????}???????e???k?k????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0154?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?F-7??tunnel???f??????????????,-??,-??Type????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}????????N???????????D???????N??????|???????|??*6to4mp????????????
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ???/?@??? ???????/???????????/?,??????????????#5a1???????/???d??????-0????2??/???}???????????/???????????V??\\?\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}?????/??? ??????? ?????????????,??????????'?&???????????????????????? ???????2?????,?????2?,????????"???;??????????????????????????????}????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????0?????????????????H?????????????????????????????????????PxHlpa64????? ??????????????????????????????????????????et???&??{8ECC055D-047F-11D1-A537-0000F8753ED1}?D_1??msisadrv?F???/?/?/?/?/?/?4??? ???????/?????8???????0??L????????? ????????,?????/???.???/????????? ???????/?????/???????0????????????&???????????????????????? ???????/?????????????0?????????????????????5?5?5??????????? ???????,?????/?????/?,????????2???C??????????????????????????????????}?????/??? ???????/???????????/?,??????????????#-A5??ACPI\PNP0C0D\2&daba3ff&1?/???/???/???/??????????????? ???????/?????
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ???/?e????\??7??????????????@%SystemRoot%\system32\atimuixx.dll,-101,ATI PowerPlay Settings??????????????????????????????????????????????????????????/???;?????????????5?&???????/???????e???/???/???????????????????????????????m??pci?????*6to4mp?????Mouse???? ??????????????????? ???????????????????0??NDProxy?ag???????????/????????????????????????? ?,??????? ?????????????2?? ????,??????&??????????a??? ???????,?????????????,??????????????????????t?????? ???????/?????/???????,????????????????????pci??:??? ???????/?????/???????,????????????????D??????/????? ???????/???????????/?,?????? ??????????0?????/?????????????????????????/??? ???????/?????/???????,?????????????????E?????/???/????? ???????/???????????/?,?????? ??????????0???????????????????????/??????????????????? ?????????????????????2?/??????????????????8fabd06f????? ???????/???????????/?0????????H??????????l????? ???????????????????/?2?/??????????????1???8f2e862c????? ???/??????????????????????????? ???????????????????/?2?/?????????????G????49a29d9b3d??? ?
    Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???A???????????????8?????????????????????8??????????????????????????????1????????????????5???????Z?????????????????????8????hdc???????N??@??????????0 1 2 3 4???? ???????8?????????????0????????????????????? ???V??????????s???MEDIA??????????????????????_?[??IDT??0???????????`?`?`?????8????????p.??hdc??????????????8??????????????????1394????????????????1????????A??? ???????8?????????????0????????????????????hdc????????4????????>????4??????42??STHDA????????@??????????????????????????100?????? ??????????????s?????????????????????"??8??????????????????????????1???????????Root\SYSTEM\0000??????????????????????y??????????@???????????????????????@?A????pci?????64??????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ???????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ???????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ????????????????$???8?????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619f299ef (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ? ???????`??%SystemRoot%\System32\LogFiles\AIT\AitEventLog.etl?????????????????????r?????`?`?`?`?`?`?`?`?`?`?`????N??d???????????????:??????s??????? ????????x????b??`??????????%SystemRoot%\System32\LogFiles\SQM\SQMLogger.etl???????????????????e????????????????t???? ??@?????????????????????????????????????????????N??`??????????btwl2cap????????@???????????????? ?????????????????????????????e????Application????????????????????e??????????????????e??????????????????????`??{639eade2-9051-5ddc-d208-b51afd9e984b}??????? ???`??????????l????????????????????`??????@???????????????? ???????????????????????????*???*???`?????????????????r?????`?`?`?`?`?`?`?`?`?`?`????X??e???&???&???????0??????s????k?s?s????N??`??????????{22CE9747-3778-4811-841F-8361B920F596}??????%SystemRoot%\System32\WDI\LogFiles\WdiContextLog.etl?????????;????????????????????????t?????????????????t???????????????????????{00000000-0000-0000-ffff-ffffffffffff}??{3??? .??e???8?????e68??btwavdt??????$|??`??????????????????????????ACPI\FixedButton?*FixedButt
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s????\SystemRoot\system32\drivers\iaStorV.sys? ???????s??????p???????????al?????s?????s??SCSI Miniport?????V??????????????d???????????!???e????@??????8?????e?????????????t??t????????s???????:????????????????????????R??s????????h???????????????????????????????????????????????????N??s????????h?????? ???????s???????????r????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h?????"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPriv
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????t??t????????s???????:????????????????????????R??s????????h???????????????????????????????????????????????????N??s????????h?????? ???????s???????????r????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h?????"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?s???
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ? ??????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? <??????????????????????????i?????s?-????8??l???????????????????k????:????????g?????k?l?????????h???????????k?l?2??? ???????j?????k?????k????????????Q??????????G???????????????????????????U???e???e?????????????g?????k??? ???????j?????k?????k????????????1????????S????? \?????????????????? ???????k??????????????????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????{8ECC055D-047F-11D1-A537-0000F8753ED1}???5???k?????k?&???????k??????s????k???????k???5??sb??????????????????????LegacyDriver???????????????????s????*6to4mp?????? ???????j?????k?????k????????????2??????????V??cfwids?pip???k???k??? ???????k??????????????????????N???????????Net?????Sftredir?x?????????????????????????????k?&??LegacyDriver?l???k??RasPppoe?????????"???????u???k??????????MBRES????k??????????????? ???????j?????k?????k????????????F? ???????R???? ???????k???????????k??????????P???????????????????LegacyDriver????int?1??????k?&??? ???????j?????k?????k????????????3? ????????T?????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ??????????????????????????????????????????????N??s????????h?????? ???????s???????????r????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h?????"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?s????? ???????s???????????s??????????????????????????????0????????????????p?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ? ????????^??t?????????e?????????{??????os???????????????????????????????????????y???????????????????k??????p???????? ???????n?????s?????s????????$???????????????R??s?????????e????@%SystemRoot%\system32\iphlpsvc.dll,-500??????Z??s????????h?????%SystemRoot%\System32\svchost.exe -k NetSvcs??????R??s?????????n????@%SystemRoot%\system32\iphlpsvc.dll,-501????? ???s??????????????LocalSystem??????????????:??????????????????????????????????t???????????????t??????? ?????????????:??s???????????e??RpcSS?Tdx?winmgmt?tcpip?nsi???????,??s???????????????????????????????????????s??????????????????SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeLoadDriverPrivilege?????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s?????????????:????????????????????? ???????s?????????????:???????????? ???????????? ???????s?????p?????h?:??????,?F??? ???????????? F??s??????????????%SystemRoot%\System32\iphlpsvc.dll?????????????????????????????????s???s???s???s????? ???????s?????????????:?????????????????S??? ???????s?????k?????s?:???
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ?????t??USB??&??11?????????g???g??????N??????????????????????d???4?g?4??tunnel???????????f???????????g?g0???? ???h???1?????roo???????d??????s??????g?????g?g????? ???????f?????g?????????????????? ??????4??? ???????f?????g?????????????????????????9??? ???????g?????g??????????"?????????????????????*6to4mp?????tunnel?????????g????? X????????????~???????g????{00000000-0000-0000-ffff-ffffffffffff}?HUB??FltMgr?5?5??????? ??? ???h???2?????1?2????????????????????N??????t????D?????????????????????Volume?86&??Local???????????????????Channel 0, Target 0, Lun 0???5??tunnel???????????????-??57?????????????????s?????g?g?????g?g????????????????????????tunnel????????N??g???4???????????????????0??????? ???h???e?????325??? ^??h?????????5?????????g???D???e????p??????4????????|??????6??????????? ????:??????4?g?4???????????????????????????????t??? ???????g???????????g????????$???????????????s0.1???????????4??????????Vo??? ???????g???????????g????????"?h????????f????h??g ?????????????????h???????????????????????????b???b??????????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ??????????*??????2????d"{C??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter????????|??????????????????????X??????&???????????????4??6}??????????????????????????????????????????int?????????????????t????????????-?????e00??Microsoft 6to4 Adapter #110??2??Microsoft 6to4 Adapter #123??2??? ???????|???????????k?:????????????&????????????????????i???????????F?????e4}??\Device\{F0C9D886-FBEC-43AF-8705-0665C663793D}??-9??????????????????}???????????????????????Net??????????????????????????????}??????????????????????????????Net?????? ???????%?????oso???????????????e??{4d36e972-e325-11ce-bfc1-08002be10318}\0118?0#??@nettun.inf,%msft%;Microsoft????????????????????????*6to4mp?????11???????????????????e???????????????e??Microsoft???11??????????????11???????????????.???e????8?????????????_M???????????????s??Microsoft 6to4 Adapter #111??????????????????m??*6to4mp???????????????N???????????D???????????????????????N???????????D?????Net??????????????????????????????????????t??{4d36e972-e325-11ce-bfc1-08002be10318}?(???
    Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????????????????????? ????????????????????^????????????n????????????????????????????????????????????????????????????eN???m?n?????n??????????\Device\{9A00EA00-FA34-467A-A73F-3D3BB6898866}??os??? ????????????????????????V?????????&????????????????????a?????????{??????????????????N??????p?????D??????????????????????X??????e???t??? ??????????????????????????????<???????????? ???????E?????682??????????????????????????????????????????????? p?????????????????????????? ??????????????????????????????? ??????????????????????????????????+???????????????????????????{9A00EA00-FA34-467A-A73F-3D3BB6898866}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??#0??? ???????????????????????????????????????f????$??????5???????9??Root\*6TO4MP\0164???? ??????????????????????C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe?\??\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT26#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???????????????l??????????????????????? ??????????????????system32\DRIVERS\termdd.sys?\termdd.sys
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???kp???Microsoft???{00000000-0000-0000-0000-000000000000}?les??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? 6??????????????????????k???????5?????????????? ????????????????????k???????????k??? ??????????????????????S??????????????????????????? ????5?????s????PNP_TDI??????k???k??{8ECC055D-047F-11D1-A537-0000F8753ED1}?5?????????k????????????N??n?????????D?????k???????k??? ???????j?????k?????k???????????????????????_???????????????????k??? ???????k???????????j??????????N???????0c???k?k?k?k?????k???????????????????????????????????????0?????sus???i?j?k?k?k?k?j?????????????k?&?????k?&??? ???????k???????????j??????????\???????????????????????t????????y??PrinterBusEnumerator?????????k????????????<??l?????g????Sftredir?????k??? ???????j?????k?????k???????????????????????O???????????????????k??? ???????k???????????h??????????b???????????6to4mp.ndi?????????? ?????????????????X??t?????????e?????k???????y??Network?????????p??????????????k?&??NDProxy?????LegacyDriver?????k????N??n?????????D????LegacyDriver?S??? ???j???V?
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????????????????????????Net?????????????t???????????????????????????????15??????????????ge??????????????????????????????? ??????????????d?????????????????????????????????????????????????????6???????????h??????????????V??e0??????????????? ??????????????????????????????????????LegacyDriver?????????q??????????????ISATAP.ndi??????????????????????????????????VolumeSnapshot???????? ??????_??????????????????????sF???????????I???O??? ???????N??????dp??????????????????????????????????????*ISATAP?????Net???????????????????N??????????????????????????B???????????????????????????????????0??????Microsoft 6to4 Adapter Driver???? ??????????????????? "??????I???????????? ??????2???e??ROOT\*6TO4MP\0172???????????????????????????? ?????????????????????0????????????????????????????????????6.1.7600.16385??????? ???%,?????? ?????????????????????0????????????????????Microsoft 6to4 Adapter?????????????????????s????? P??????1???????&??tunnel??????? ????????????????????????????????????????????s?????? ?????????????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ????????????????? ??????????????d?????????????????????????????????????????????????????6???????????h??????????????V??e0??????????????? ??????????????????????????????????????LegacyDriver?????????q??????????????ISATAP.ndi??????????????????????????????????VolumeSnapshot???????? ??????_??????????????????????sF???????????I???O??? ???????N??????dp??????????????????????????????????????*ISATAP?????Net???????????????????N??????????????????????????B???????????????????????????????????0??????Microsoft 6to4 Adapter Driver???? ??????????????????? "??????I???????????? ??????2???e??ROOT\*6TO4MP\0172???????????????????????????? ?????????????????????0????????????????????????????????????6.1.7600.16385??????? ???%,?????? ?????????????????????0????????????????????Microsoft 6to4 Adapter?????????????????????s????? P??????1???????&??tunnel??????? ????????????????????????????????????????????s?????? ????????????????????????????????????????????X?????????????????????????????????11?? ???????????????????? ??????????????????int????????????
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???o?x??system32\DRIVERS\btwavdt.sys?????????o???p?????e????system32\DRIVERS\btwl2cap.sys????????????????????????????????????????????????o???????????????`???????????????????6??????-1????????????????????6??t????????h??????????z??????????????int???????<??o???S????hpip?????????????g????????????????????????????????*6to4mp??e???????????B??Microsoft????????p???p??????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501??????????????????????????&??????????????????????????????%SystemRoot%\System32\svchost.exe -k netsvcs????CD-ROM Driver????????????????????????o?????????????????????????????????????????#????????????????????@FirewallAPI.dll,-23501??????????????????????????????o???B??p9???o???o??CD/DVD File System Reader???system32\DRIVERS\cdrom.sys?S\cdrom.sys???????????????p?y????LocalSystem??????????????????n??????????????????????????ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)???????o??????????????????????????????????Microsoft????p?p?????&???o?????????????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???p?v??????????????????????????????Net??????????o???6???????y??System Bus Extender??????????????s??????????????????????????????t????????????????????????????????????????r?r???????p???p??????????????????????4??p???????????????????p????????????<??p????????h??????????????????????????r?r?p??????? ???????p???????????p?,????????8??? ?????????????8??p??????????????\SystemRoot\System32\config?????? ??????????????l???????????????????????? ???????p???????????p?????????????????????????????????t???(??????P???????W????????????????????? ??????????? ???????P???????W???????P???????W???????? ???????n???????????p????????$???N?????????????????????SeCreateGlobalPrivilege?SeChangeNotifyPrivilege?SeIncreaseBasePriorityPrivilege?SeIncreaseQuotaPrivilege????Microsoft .NET Framework NGEN v2.0.50727_X86??????z??p????????h???????<??p?????????n????? ???o????????????????????????????????????????????Z??p?????????e???????????p???p????%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe????Microsoft .NET Framework NGEN??????????????
    Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ?????x???????j???????????? ??A???????e??????????? ??????? ???????j?????j?????;????(???????????????????sort??volsnap?????????????????????????s???s???? ???????j?????j???????3????????????????????????????? ???????j???????????j?3?????????????????????y?????????????????????????j????? ???????j???????????i?,??????2??????????0?????? ???????????????????? ?????????????????????j??????????????????????????d?????????????????????????????????????????????*6to4mp????????j???j????? ???????j???????????????????????????????f??? ???????j?????????????0??L????????? ??????????????j???j???j????Mi??? ???????j?????j???????0????????????&???????????????????????? ???????j?????j???????0????????????????????ATA Channel 1??????j?????????j???????????j?j?????j??????????????? ???????j???????????f?0????????????????????internal_ide_channel?????????j??????????Microsoft???PCI\VEN_8086&DEV_2C9C&REV_04?PCI\VEN_8086&DEV_2C9C?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600????3???????d??????s???????????????????PNP_TDI????
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???q?y??11??????system32\DRIVERS\kbdhid.sys?\kbdhid.sys?????????????FSFilter Bottom??????????????????????????????????????????y??@%SystemRoot%\system32\drivers\fileinfo.sys,-100??????<??q??????????????Cryptography?????????y???????y???????q??????p????????q??????????????????system32\drivers\fltmgr.sys??????q???????y??*isatap?t???system32\drivers\fileinfo.sys?????b??r?????????n?????????????????????????????u???U?V?????????g???q?q????? ???????p???????????q?,?????? ?F????????????????????????????????????q????F??q??????????????%systemroot%\system32\sdengin2.dll???????q?q????? ???????p???????????q???????? ?<????????????????g????<??q??????????????%SystemRoot%\System32\wer.dll????????????????????????q?q????? ???????p???????????q?,??????&?N?????????????????????N??q??????????????{CA4E628D-8567-4896-AB6B-835B221F373F}???????????????????????????q?q?q??? ??????????????t?????B??q?????????????e????%systemroot%\system32\tquery.dll?????q?q?q?q?q????B??q??????????????%systemroot%\system32\tquery.dll????? ???????p???????????q?,???
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???b?u???????h???*??s4??11??????????58???????????????????????????????????????????????????????????????????????e???????????????????????????????????:???5??s5???????t???????????????????????????????t??????e???? ???????t???????????s???????????????????e??\Device\{9B4F5092-62CB-4FE4-B3A8-3B200F75FCA3}?\Device\{3B876CB9-E6CC-4EC6-BD51-D4500FBA599B}??057??"{9B4F5092-62CB-4FE4-B3A8-3B200F75FCA3}"?"{3B876CB9-E6CC-4EC6-BD51-D4500FBA599B}"??BD5???????????}?????????t????? ???????n?????t???????,????????R????????n??????????????p????????????????????v?v?v???????????????????????????????????????????????????????e??????????????????????????????????????????????????????????????d4??@%SystemRoot%\system32\drivers\partmgr.sys,-100???????:??????????????????_???z???????????????????t??????????? ???????t???????????s???????????????????e??\Device\{78032B7E-4968-42D3-9F37-287EA86C0AAA}?\Device\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}?\Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}?\Device\{E43D242B-9EAB-4626-A952-46649FBB939A}?\Device\{71F897D7-E
    Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???y?y??11???????{?{?{???y??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|?BT_??v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|???????????y???????????????????????y???;???????????P???????????????y?????????????????e??????4??y?????????e????tunnel???????????y???r?????P\M??????????????????????t????????????????????????e???{?{?{??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|
  5. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{671CCD3D-C59C-4EBE-AD44-C14A3F3AAA32}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{0A7B4F47-7D0C-446E-BE7E-D6AFFEAC41B1}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{5393BB87-5E9D-4C3A-936A-AD313BB41742}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{3A5E8611-6066-4980-9B8D-3A0F63EEF496}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{8AD92C75-604B-439D-BA27-2E09D0B406AB}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{D0A7C592-AED4-4F44-B630-E01B93217AAA}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{7433881E-BA69-4118-A0A6-28F52298B9AA}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{9B6D21CC-233C-41CA-A66A-CB17F151B6C0}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{6EEC6C21-DAD9-44A9-B19A-49EF1EF3B73E}.jpg 55363 bytes
    File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{D436E629-9A23-4C38-85A7-078C190AC488}.jpg 55363 bytes

    ---- EOF - GMER 1.0.15 ----
  6. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    .
    DDS (Ver_2011-06-11.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Chris at 14:55:16 on 2011-06-11
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8125.5626 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rpcnet.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\McAfee\VirusScan\mcods.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll
    BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun: [FAStartup]
    mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\05348553030303 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\0575E4 : DhcpNameServer = 172.26.27.11 172.26.27.10
    TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\540595A463 : DhcpNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\551475962756C65637378456C607 : DhcpNameServer = 169.226.1.100 169.226.1.103
    TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\75D2C416E64463640313 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    LSA: Notification Packages = scecli FAPassSync
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO-X64: Search Helper - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO-X64: FAIESSO Helper Object - No File
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [FAStartup]
    mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
    mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
    mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
    mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
    mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
    R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
    R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
    S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
    S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
    S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-11 15:48:45 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-10 20:03:31 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6982D6C-233D-460A-AF9E-34BD3C4FFFB5}\mpengine.dll
    2011-06-10 15:52:13 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-06-10 15:52:13 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-06-10 15:52:13 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-06-10 15:51:31 -------- d-----w- C:\Program Files\iPod
    2011-06-10 15:51:29 -------- d-----w- C:\Program Files\iTunes
    2011-06-10 15:07:51 -------- d-----w- C:\Users\Chris\AppData\Local\PackageAware
    2011-06-10 13:55:12 -------- d-----w- C:\ProgramData\iolo
    2011-06-10 02:48:21 -------- d-----w- C:\Program Files\Bonjour
    2011-06-10 02:48:21 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-05-25 20:12:38 -------- d-----w- C:\Program Files\Dell Support Center
    2011-05-25 20:09:00 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-05-21 22:38:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-21 22:38:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-15 05:22:30 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2011-06-11 16:34:11 52224 ----a-w- C:\Windows\SysWow64\rpcnet.dll
    2011-06-11 16:34:11 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
    2011-06-11 16:33:56 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
    2011-06-11 16:33:56 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
    2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 20:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-04-06 20:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 20:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-04-06 20:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    .
    ============= FINISH: 14:56:49.97 ===============
  7. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    .
    DDS (Ver_2011-06-11.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/4/2010 1:06:13 AM
    System Uptime: 6/11/2011 12:33:43 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0874P6
    Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 1600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 472.227 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    ==== System Restore Points ===================
    .
    RP166: 6/3/2011 11:13:24 AM - Windows Update
    RP167: 6/7/2011 9:34:57 PM - Windows Update
    RP168: 6/9/2011 12:51:41 PM - Removed Apple Mobile Device Support
    RP169: 6/10/2011 10:07:55 AM - Removed Dell DataSafe Local Backup - Support Software
    RP170: 6/10/2011 10:08:35 AM - Removed Dell DataSafe Local Backup
    RP171: 6/10/2011 10:09:01 AM - Removed Dell DataSafe Online.
    RP172: 6/10/2011 10:41:17 AM - Removed Accelerometer
    RP173: 6/10/2011 10:43:18 AM - Removed LoJack for Laptops Notifier.
    RP174: 6/10/2011 10:44:47 AM - Removed Apple Mobile Device Support
    RP175: 6/10/2011 10:46:22 AM - Removed Banctec Service Agreement
    RP176: 6/10/2011 10:47:24 AM - Removed PaperPort Image Printer 64-bit
    RP177: 6/10/2011 10:50:46 AM - Windows Live Essentials
    RP178: 6/10/2011 10:51:36 AM - WLSetup
    RP179: 6/10/2011 11:00:49 AM - Removed Windows Live Mesh ActiveX Control for Remote Connections
    RP180: 6/10/2011 11:02:11 AM - Removed Windows Live Sync
    RP181: 6/10/2011 11:03:33 AM - Removed Apple Application Support
    RP182: 6/10/2011 11:04:07 AM - Removed Apple Application Support
    RP183: 6/10/2011 11:18:00 AM - Removed Microsoft Office Outlook Connector
    RP184: 6/10/2011 11:18:30 AM - Removed Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    RP185: 6/10/2011 11:26:58 AM - Removed iTunes
    RP186: 6/10/2011 11:33:57 AM - Removed QuickTime
    RP187: 6/10/2011 11:50:41 AM - Installed iTunes
    RP188: 6/10/2011 11:56:32 AM - Removed Apple Mobile Device Support
    RP189: 6/10/2011 4:02:46 PM - Windows Update
    RP190: 6/11/2011 12:01:45 PM - Removed Adobe Reader 9.4.4.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    Advanced Audio FX Engine
    Apple Application Support
    Apple Software Update
    ATI Catalyst Control Center
    Audacity 1.2.6
    BitZipper 2010
    Brother MFL-Pro Suite MFC-J615W
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Webcam Central
    DirectXInstallService
    EMC 10 Content
    Intel(R) Management Engine Components
    Java Auto Updater
    Java(TM) 6 Update 24
    LAME v3.98.2 for Audacity
    Malwarebytes' Anti-Malware version 1.51.0.1200
    McAfee SecurityCenter
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PowerDVD DX
    QuickTime
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy CD and DVD Burning
    Roxio Express Labeler 3
    Roxio Update Manager
    ScanSoft PaperPort 11
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Excel 2010 (KB2466146)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Skins
    Skype™ 5.1
    Sonic CinePlayer Decoder Pack
    Sound Blaster X-Fi MB
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2441641)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2011 12:12:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    6/9/2011 12:12:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    6/9/2011 12:11:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/7/2011 11:18:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
    6/7/2011 11:17:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000117 (0xfffffa80077c9010, 0xfffff88001ccef68, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\060711-29889-01.dmp. Report Id: 060711-29889-01.
    6/7/2011 10:58:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    6/7/2011 10:57:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
    6/11/2011 12:34:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
    6/11/2011 12:34:11 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
    6/11/2011 12:34:09 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
    6/11/2011 12:31:50 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
    6/10/2011 3:38:49 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 11:56:55 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/10/2011 10:08:28 AM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
  8. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]
  9. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    2011/06/12 12:25:55.0276 3564 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
    2011/06/12 12:25:56.0424 3564 ================================================================================
    2011/06/12 12:25:56.0424 3564 SystemInfo:
    2011/06/12 12:25:56.0424 3564
    2011/06/12 12:25:56.0424 3564 OS Version: 6.1.7600 ServicePack: 0.0
    2011/06/12 12:25:56.0424 3564 Product type: Workstation
    2011/06/12 12:25:56.0424 3564 ComputerName: CHRIS-PC
    2011/06/12 12:25:56.0425 3564 UserName: Chris
    2011/06/12 12:25:56.0425 3564 Windows directory: C:\Windows
    2011/06/12 12:25:56.0425 3564 System windows directory: C:\Windows
    2011/06/12 12:25:56.0425 3564 Running under WOW64
    2011/06/12 12:25:56.0425 3564 Processor architecture: Intel x64
    2011/06/12 12:25:56.0425 3564 Number of processors: 8
    2011/06/12 12:25:56.0425 3564 Page size: 0x1000
    2011/06/12 12:25:56.0425 3564 Boot type: Normal boot
    2011/06/12 12:25:56.0425 3564 ================================================================================
    2011/06/12 12:25:57.0704 3564 Initialize success
    2011/06/12 12:26:11.0749 5796 ================================================================================
    2011/06/12 12:26:11.0749 5796 Scan started
    2011/06/12 12:26:11.0749 5796 Mode: Manual;
    2011/06/12 12:26:11.0749 5796 ================================================================================
    2011/06/12 12:26:13.0557 5796 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/06/12 12:26:13.0626 5796 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
    2011/06/12 12:26:13.0722 5796 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/06/12 12:26:13.0774 5796 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/06/12 12:26:13.0833 5796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/06/12 12:26:13.0864 5796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/06/12 12:26:13.0906 5796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/06/12 12:26:13.0997 5796 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/06/12 12:26:14.0055 5796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/06/12 12:26:14.0106 5796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/06/12 12:26:14.0166 5796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/06/12 12:26:14.0229 5796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/06/12 12:26:14.0252 5796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/06/12 12:26:14.0315 5796 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    2011/06/12 12:26:14.0401 5796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/06/12 12:26:14.0448 5796 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    2011/06/12 12:26:14.0541 5796 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/06/12 12:26:14.0598 5796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/06/12 12:26:14.0641 5796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/06/12 12:26:14.0708 5796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/06/12 12:26:14.0740 5796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/06/12 12:26:14.0805 5796 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/06/12 12:26:15.0284 5796 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/06/12 12:26:15.0862 5796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/06/12 12:26:15.0946 5796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/06/12 12:26:15.0998 5796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/06/12 12:26:16.0100 5796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/06/12 12:26:16.0169 5796 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    2011/06/12 12:26:16.0260 5796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/06/12 12:26:16.0304 5796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/06/12 12:26:16.0396 5796 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\Windows\system32\DRIVERS\BrSerIb.sys
    2011/06/12 12:26:16.0482 5796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/06/12 12:26:16.0510 5796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/06/12 12:26:16.0535 5796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/06/12 12:26:16.0554 5796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/06/12 12:26:16.0581 5796 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
    2011/06/12 12:26:16.0677 5796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    2011/06/12 12:26:16.0713 5796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/06/12 12:26:16.0745 5796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    2011/06/12 12:26:16.0777 5796 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
    2011/06/12 12:26:16.0819 5796 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
    2011/06/12 12:26:16.0881 5796 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
    2011/06/12 12:26:16.0982 5796 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
    2011/06/12 12:26:17.0055 5796 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
    2011/06/12 12:26:17.0163 5796 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
    2011/06/12 12:26:17.0240 5796 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
    2011/06/12 12:26:17.0334 5796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/06/12 12:26:17.0421 5796 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/06/12 12:26:17.0519 5796 cfwids (3b8a124d87ee9d229d1f07f518da9a4c) C:\Windows\system32\drivers\cfwids.sys
    2011/06/12 12:26:17.0539 5796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/06/12 12:26:17.0603 5796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/06/12 12:26:17.0757 5796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/06/12 12:26:17.0790 5796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/06/12 12:26:17.0850 5796 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/06/12 12:26:17.0909 5796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/06/12 12:26:17.0981 5796 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/06/12 12:26:18.0411 5796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/06/12 12:26:18.0529 5796 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    2011/06/12 12:26:18.0665 5796 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/06/12 12:26:18.0699 5796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/06/12 12:26:18.0761 5796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/06/12 12:26:18.0840 5796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/06/12 12:26:18.0938 5796 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/06/12 12:26:19.0178 5796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/06/12 12:26:19.0713 5796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/06/12 12:26:19.0806 5796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/06/12 12:26:19.0924 5796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/06/12 12:26:19.0976 5796 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
    2011/06/12 12:26:20.0116 5796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/06/12 12:26:20.0183 5796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/06/12 12:26:20.0246 5796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/06/12 12:26:20.0263 5796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/06/12 12:26:20.0287 5796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/06/12 12:26:20.0313 5796 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/06/12 12:26:20.0351 5796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/06/12 12:26:20.0377 5796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/06/12 12:26:20.0439 5796 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/06/12 12:26:20.0483 5796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/06/12 12:26:20.0577 5796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/12 12:26:20.0682 5796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/06/12 12:26:20.0744 5796 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/06/12 12:26:20.0782 5796 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    2011/06/12 12:26:20.0842 5796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/06/12 12:26:20.0873 5796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/06/12 12:26:20.0935 5796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/06/12 12:26:21.0012 5796 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/06/12 12:26:21.0063 5796 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/06/12 12:26:21.0102 5796 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/06/12 12:26:21.0134 5796 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/06/12 12:26:21.0202 5796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/06/12 12:26:21.0295 5796 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    2011/06/12 12:26:21.0378 5796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/06/12 12:26:21.0434 5796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/06/12 12:26:21.0480 5796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/06/12 12:26:21.0531 5796 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/06/12 12:26:21.0589 5796 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/06/12 12:26:21.0615 5796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/06/12 12:26:21.0683 5796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/06/12 12:26:21.0730 5796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/06/12 12:26:21.0801 5796 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/06/12 12:26:21.0863 5796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/06/12 12:26:21.0898 5796 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/06/12 12:26:21.0987 5796 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/06/12 12:26:22.0081 5796 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/06/12 12:26:22.0185 5796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/06/12 12:26:22.0265 5796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/06/12 12:26:22.0336 5796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/06/12 12:26:22.0367 5796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/06/12 12:26:22.0385 5796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/06/12 12:26:22.0418 5796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/06/12 12:26:22.0459 5796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/06/12 12:26:22.0554 5796 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
    2011/06/12 12:26:22.0725 5796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/06/12 12:26:22.0800 5796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/06/12 12:26:22.0891 5796 mfeapfk (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
    2011/06/12 12:26:22.0988 5796 mfeavfk (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
    2011/06/12 12:26:23.0136 5796 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
    2011/06/12 12:26:23.0259 5796 mfefirek (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
    2011/06/12 12:26:23.0329 5796 mfehidk (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
    2011/06/12 12:26:23.0458 5796 mfenlfk (27f5b2b6261d018cbce0f2250d812be5) C:\Windows\system32\DRIVERS\mfenlfk.sys
    2011/06/12 12:26:23.0572 5796 mferkdet (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
    2011/06/12 12:26:23.0667 5796 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
    2011/06/12 12:26:23.0758 5796 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
    2011/06/12 12:26:23.0872 5796 mfewfpk (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
    2011/06/12 12:26:24.0034 5796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/06/12 12:26:24.0105 5796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/06/12 12:26:24.0161 5796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/06/12 12:26:24.0217 5796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/06/12 12:26:24.0294 5796 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/06/12 12:26:24.0316 5796 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/06/12 12:26:24.0342 5796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/06/12 12:26:24.0414 5796 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/06/12 12:26:24.0461 5796 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/06/12 12:26:24.0515 5796 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/06/12 12:26:24.0577 5796 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/06/12 12:26:24.0649 5796 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
    2011/06/12 12:26:24.0741 5796 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/06/12 12:26:24.0803 5796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/06/12 12:26:24.0861 5796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/06/12 12:26:24.0894 5796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/06/12 12:26:24.0970 5796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/06/12 12:26:25.0004 5796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/06/12 12:26:25.0030 5796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/06/12 12:26:25.0056 5796 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/06/12 12:26:25.0096 5796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/06/12 12:26:25.0133 5796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/06/12 12:26:25.0177 5796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/06/12 12:26:25.0211 5796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/06/12 12:26:25.0379 5796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/06/12 12:26:25.0457 5796 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/06/12 12:26:25.0515 5796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/06/12 12:26:25.0593 5796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/06/12 12:26:25.0651 5796 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/06/12 12:26:25.0683 5796 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/06/12 12:26:25.0766 5796 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/06/12 12:26:25.0814 5796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/06/12 12:26:25.0846 5796 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/06/12 12:26:26.0301 5796 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
    2011/06/12 12:26:26.0618 5796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/06/12 12:26:26.0676 5796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/06/12 12:26:26.0697 5796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/06/12 12:26:26.0852 5796 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    2011/06/12 12:26:26.0935 5796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/06/12 12:26:27.0014 5796 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    2011/06/12 12:26:27.0108 5796 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    2011/06/12 12:26:27.0227 5796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/06/12 12:26:27.0273 5796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/06/12 12:26:27.0357 5796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/06/12 12:26:27.0395 5796 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/06/12 12:26:27.0536 5796 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
    2011/06/12 12:26:27.0600 5796 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/06/12 12:26:27.0639 5796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/06/12 12:26:27.0690 5796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/06/12 12:26:27.0721 5796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/06/12 12:26:27.0756 5796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/06/12 12:26:27.0903 5796 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/06/12 12:26:27.0944 5796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/06/12 12:26:28.0014 5796 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/06/12 12:26:28.0079 5796 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/06/12 12:26:28.0182 5796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/06/12 12:26:28.0253 5796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/06/12 12:26:28.0292 5796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/06/12 12:26:28.0355 5796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/06/12 12:26:28.0423 5796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/06/12 12:26:28.0460 5796 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/06/12 12:26:28.0493 5796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/06/12 12:26:28.0520 5796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/06/12 12:26:28.0551 5796 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/06/12 12:26:28.0587 5796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/06/12 12:26:28.0638 5796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/06/12 12:26:28.0663 5796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/06/12 12:26:28.0683 5796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/06/12 12:26:28.0750 5796 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/06/12 12:26:28.0852 5796 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/06/12 12:26:28.0941 5796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    2011/06/12 12:26:28.0985 5796 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
    2011/06/12 12:26:29.0090 5796 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
    2011/06/12 12:26:29.0398 5796 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
    2011/06/12 12:26:29.0749 5796 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
    2011/06/12 12:26:29.0877 5796 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
    2011/06/12 12:26:29.0950 5796 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
    2011/06/12 12:26:30.0070 5796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/06/12 12:26:30.0144 5796 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/06/12 12:26:30.0254 5796 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/06/12 12:26:30.0286 5796 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/06/12 12:26:30.0360 5796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/06/12 12:26:30.0420 5796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/06/12 12:26:30.0473 5796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/06/12 12:26:30.0524 5796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/06/12 12:26:30.0622 5796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/06/12 12:26:30.0692 5796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/06/12 12:26:30.0837 5796 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/06/12 12:26:30.0920 5796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/06/12 12:26:31.0173 5796 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
    2011/06/12 12:26:31.0464 5796 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    2011/06/12 12:26:31.0666 5796 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    2011/06/12 12:26:31.0880 5796 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
    2011/06/12 12:26:32.0011 5796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/06/12 12:26:32.0050 5796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/06/12 12:26:32.0093 5796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/06/12 12:26:32.0164 5796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/06/12 12:26:32.0224 5796 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
    2011/06/12 12:26:32.0303 5796 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
    2011/06/12 12:26:32.0375 5796 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/06/12 12:26:32.0495 5796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/06/12 12:26:32.0586 5796 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/06/12 12:26:32.0659 5796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/06/12 12:26:32.0764 5796 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/06/12 12:26:33.0116 5796 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/06/12 12:26:33.0523 5796 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/06/12 12:26:33.0700 5796 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/06/12 12:26:33.0764 5796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/06/12 12:26:33.0795 5796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/06/12 12:26:33.0841 5796 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/06/12 12:26:33.0873 5796 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/06/12 12:26:33.0920 5796 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/06/12 12:26:33.0985 5796 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/06/12 12:26:34.0049 5796 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
    2011/06/12 12:26:34.0381 5796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/06/12 12:26:34.0443 5796 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    2011/06/12 12:26:34.0554 5796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/06/12 12:26:34.0579 5796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/06/12 12:26:34.0614 5796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/06/12 12:26:34.0673 5796 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    2011/06/12 12:26:34.0781 5796 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/06/12 12:26:34.0878 5796 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/06/12 12:26:34.0927 5796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/06/12 12:26:35.0001 5796 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/06/12 12:26:35.0082 5796 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/06/12 12:26:35.0149 5796 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/06/12 12:26:35.0226 5796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/06/12 12:26:35.0296 5796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/06/12 12:26:35.0346 5796 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/06/12 12:26:35.0447 5796 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/06/12 12:26:35.0524 5796 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
    2011/06/12 12:26:35.0637 5796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/06/12 12:26:35.0718 5796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/06/12 12:26:35.0753 5796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/06/12 12:26:35.0787 5796 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/06/12 12:26:35.0828 5796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/06/12 12:26:35.0938 5796 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/06/12 12:26:35.0997 5796 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/06/12 12:26:36.0032 5796 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/06/12 12:26:36.0166 5796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/06/12 12:26:36.0308 5796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/06/12 12:26:36.0401 5796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/06/12 12:26:36.0460 5796 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/06/12 12:26:36.0498 5796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/06/12 12:26:36.0564 5796 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/12 12:26:36.0578 5796 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/06/12 12:26:36.0685 5796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/06/12 12:26:36.0745 5796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/06/12 12:26:37.0157 5796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/06/12 12:26:37.0215 5796 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    2011/06/12 12:26:37.0280 5796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/06/12 12:26:37.0390 5796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/06/12 12:26:37.0453 5796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/06/12 12:26:37.0528 5796 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    2011/06/12 12:26:37.0632 5796 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/06/12 12:26:37.0754 5796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    2011/06/12 12:26:37.0767 5796 ================================================================================
    2011/06/12 12:26:37.0767 5796 Scan finished
    2011/06/12 12:26:37.0767 5796 ================================================================================
    2011/06/12 12:26:37.0778 5668 Detected object count: 0
    2011/06/12 12:26:37.0778 5668 Actual detected object count: 0
  10. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-12 12:27:37
    -----------------------------
    12:27:37.274 OS Version: Windows x64 6.1.7600
    12:27:37.274 Number of processors: 8 586 0x1E05
    12:27:37.274 ComputerName: CHRIS-PC UserName: Chris
    12:27:38.678 Initialize success
    12:27:53.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    12:27:53.014 Disk 0 Vendor: SAMSUNG_HM641JI 2AJ10001 Size: 610480MB BusType: 11
    12:27:55.074 Disk 0 MBR read successfully
    12:27:55.074 Disk 0 MBR scan
    12:27:55.074 Disk 0 unknown MBR code
    12:27:55.074 Service scanning
    12:27:58.506 Disk 0 trace - called modules:
    12:27:58.521 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    12:27:58.521 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d4c790]
    12:27:58.537 3 CLASSPNP.SYS[fffff880015b043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007bb1060]
    12:27:58.537 Scan finished successfully
    12:28:16.474 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Documents\MBR.dat"
    12:28:16.474 The log file has been saved successfully to "C:\Users\Chris\Documents\aswMBR.txt"
  11. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  12. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    ComboFix 11-06-11.01 - Chris 06/12/2011 16:38:47.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8125.6290 [GMT -4:00]
    Running from: c:\users\Chris\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-12 20:37 . 2011-06-12 20:37 -------- d-----w- C:\32788R22FWJFW
    2011-06-11 15:48 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-10 20:03 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6982D6C-233D-460A-AF9E-34BD3C4FFFB5}\mpengine.dll
    2011-06-10 15:52 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-06-10 15:52 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2011-06-10 15:52 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2011-06-10 15:51 . 2011-06-10 15:51 -------- d-----w- c:\program files\iPod
    2011-06-10 15:51 . 2011-06-10 15:52 -------- d-----w- c:\program files\iTunes
    2011-06-10 15:49 . 2011-06-10 15:49 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-06-10 15:07 . 2011-06-10 15:07 -------- d-----w- c:\users\Chris\AppData\Local\PackageAware
    2011-06-10 13:55 . 2011-06-10 14:48 -------- d-----w- c:\programdata\iolo
    2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\program files\Bonjour
    2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\program files (x86)\Bonjour
    2011-05-25 20:12 . 2011-06-08 23:52 -------- d-----w- c:\program files\Dell Support Center
    2011-05-25 20:09 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-21 22:38 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-21 22:38 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-15 05:22 . 2011-06-01 18:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-12 20:52 . 2011-04-15 19:01 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2011-06-12 20:52 . 2010-08-07 17:33 52224 ----a-w- c:\windows\SysWow64\rpcnet.dll
    2011-06-12 20:52 . 2011-04-15 19:01 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2011-06-12 20:52 . 2011-04-15 19:01 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2011-05-29 13:11 . 2011-03-26 17:01 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-10 15:08 . 2011-05-10 15:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-05-10 15:08 . 2011-05-10 15:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-05-10 15:08 . 2011-05-10 15:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-05-10 15:08 . 2011-05-10 15:08 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-05-10 15:08 . 2011-05-10 15:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-05-10 15:08 . 2011-05-10 15:08 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-05-10 15:08 . 2011-05-10 15:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-05-10 15:08 . 2011-05-10 15:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-05-10 15:08 . 2011-05-10 15:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-05-10 15:08 . 2011-05-10 15:08 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-05-10 15:08 . 2011-05-10 15:08 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-05-10 15:08 . 2011-05-10 15:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-05-10 15:08 . 2011-05-10 15:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-05-10 15:08 . 2011-05-10 15:08 448512 ----a-w- c:\windows\system32\html.iec
    2011-05-10 15:08 . 2011-05-10 15:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-05-10 15:08 . 2011-05-10 15:08 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-05-10 15:08 . 2011-05-10 15:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-05-10 15:08 . 2011-05-10 15:08 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-05-10 15:08 . 2011-05-10 15:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-05-10 15:08 . 2011-05-10 15:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-05-10 15:08 . 2011-05-10 15:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-05-10 15:08 . 2011-05-10 15:08 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-05-10 15:08 . 2011-05-10 15:08 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-05-10 15:08 . 2011-05-10 15:08 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-05-10 15:08 . 2011-05-10 15:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-05-10 15:08 . 2011-05-10 15:08 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-05-10 15:08 . 2011-05-10 15:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-05-10 15:08 . 2011-05-10 15:08 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-05-10 15:08 . 2011-05-10 15:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-05-10 15:08 . 2011-05-10 15:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-05-10 15:08 . 2011-05-10 15:08 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-05-10 15:08 . 2011-05-10 15:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-05-10 15:08 . 2011-05-10 15:08 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-05-10 15:08 . 2011-05-10 15:08 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-05-10 15:08 . 2011-05-10 15:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-05-10 15:08 . 2011-05-10 15:08 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-05-10 15:08 . 2011-05-10 15:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-05-10 15:08 . 2011-05-10 15:08 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-05-10 15:08 . 2011-05-10 15:08 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-05-10 15:08 . 2011-05-10 15:08 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-05-10 15:08 . 2011-05-10 15:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-05-10 15:08 . 2011-05-10 15:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-04-09 06:45 . 2011-05-12 15:16 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-09 06:13 . 2011-05-12 15:16 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:13 . 2011-05-12 15:16 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
    "IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
    "PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2010-09-02 2045440]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-04-04 15:43 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
    R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
    R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
    R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-04 79360]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-21 79360]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
    R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-21 79360]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
    S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
    S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
    S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF7729.cfxxe" [X]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-FAStartup - (no file)
    Wow6432Node-HKLM-Run-dellsupportcenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\rpcnet.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-12 17:05:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-12 21:05
    .
    Pre-Run: 506,525,835,264 bytes free
    Post-Run: 506,598,920,192 bytes free
    .
    - - End Of File - - 88635814D21ABCA74D65583B8A775232
  13. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    OTL logfile created on: 6/12/2011 5:57:58 PM - Run 1
    OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Chris\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.96% Memory free
    15.87 Gb Paging File | 13.95 Gb Available in Paging File | 87.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 471.91 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/12 17:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
    PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/08/07 13:30:08 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
    PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    PRC - [2010/04/04 11:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
    PRC - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
    PRC - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/02/23 11:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/12 17:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
    MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
    MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/05/31 20:32:58 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV:64bit: - [2010/05/31 20:32:58 | 000,199,032 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2010/05/31 20:32:58 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2010/04/15 09:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/11/18 01:45:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/09/21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2009/09/21 16:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
    SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/08/07 13:30:08 | 000,052,224 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
    SRV - [2010/07/04 01:28:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2010/06/21 16:04:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/06/21 16:03:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
    SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/23 11:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/05/12 14:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
    DRV:64bit: - [2010/05/31 20:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
    DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
    DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/11/18 02:21:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/11/02 23:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
    DRV:64bit: - [2009/11/02 23:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
    DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/09/29 21:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/08/28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/24 02:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/07/04 07:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009/07/01 20:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/07/01 06:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009/07/01 00:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/01 00:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/01 00:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/06/25 05:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/25 04:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/06/25 04:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
    DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/07 03:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/24 15:18:12 | 000,000,000 | ---D | M]

    [2011/03/06 18:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
    [2010/08/23 00:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/03/06 18:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2o629txw.default\extensions
    [2011/05/10 11:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/03/22 11:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/05/24 15:18:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2011/03/22 21:37:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

    O1 HOSTS File: ([2011/06/12 16:53:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll (McAfee, Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll (McAfee, Inc.)
    O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/12 17:05:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/06/12 16:53:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/12 16:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/06/12 16:37:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/12 16:37:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/12 16:37:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/12 16:37:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/12 16:37:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/12 16:37:17 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/06/11 11:48:45 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/06/11 11:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/06/10 11:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/06/10 11:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/06/10 11:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/06/10 11:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/06/10 11:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/06/10 11:49:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/06/10 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PackageAware
    [2011/06/10 09:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
    [2011/06/09 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/06/09 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/05/25 16:13:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
    [2011/05/25 16:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
    [2010/08/07 13:29:16 | 011,376,088 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Chris\AppData\Roaming\LoJackSetup.exe
    [1 C:\Users\Chris\Documents\*.tmp files -> C:\Users\Chris\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/06/12 17:54:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/12 17:54:28 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
    [2011/06/12 17:01:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/12 17:01:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/12 16:53:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/06/12 16:52:19 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2011/06/12 16:52:18 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
    [2011/06/12 16:52:12 | 2094,424,063 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/12 16:52:03 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2011/06/12 12:28:16 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Documents\MBR.dat
    [2011/06/11 14:10:21 | 000,084,082 | ---- | M] () -- C:\Users\Chris\Documents\drawing board.rtf
    [2011/06/07 13:29:06 | 000,736,690 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/06/07 13:29:06 | 000,144,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/06/07 13:29:06 | 000,005,432 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/06/01 23:32:36 | 000,456,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/05/25 16:34:27 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [1 C:\Users\Chris\Documents\*.tmp files -> C:\Users\Chris\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/06/12 16:37:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/12 16:37:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/12 16:37:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/12 16:37:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/12 16:37:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/12 12:28:16 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Documents\MBR.dat
    [2011/05/25 16:13:39 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/04/15 15:01:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
    [2011/04/15 15:01:17 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
    [2011/03/06 18:52:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/02/14 21:19:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/09/20 11:49:52 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2010/09/20 11:49:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2010/09/20 11:46:47 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/09/20 11:44:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
    [2010/09/20 11:44:24 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2010/09/20 11:37:18 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2010/08/25 01:33:06 | 000,005,632 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/07 13:28:51 | 000,000,046 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\FactoryInstaller.xml
    [2010/07/04 01:34:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/06/21 17:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/06/21 16:05:34 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
    [2010/06/21 16:05:34 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
    [2010/06/21 16:05:34 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
    [2010/06/21 16:05:19 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/06/21 16:05:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2010/08/07 13:35:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Absolute
    [2010/12/16 15:14:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Absolute_Software
    [2010/07/04 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\acccore
    [2010/10/24 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitZipper
    [2010/10/29 01:22:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Hardcore
    [2011/03/03 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCDr
    [2010/07/14 00:10:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlayFirst
    [2011/06/10 11:19:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client
    [2011/06/01 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoundSpectrum
    [2010/07/04 01:35:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP
    [2011/05/25 16:34:27 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2011/06/09 12:10:13 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/06/12 17:05:16 | 000,023,080 | ---- | M] () -- C:\ComboFix.txt
    [2010/06/21 18:08:18 | 000,004,453 | RH-- | M] () -- C:\dell.sdr
    [2011/06/12 16:52:12 | 2094,424,063 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/04 15:53:13 | 000,000,346 | -H-- | M] () -- C:\IPH.PH
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/06/12 16:52:11 | 4224,225,279 | -HS- | M] () -- C:\pagefile.sys
    [2011/06/10 10:08:34 | 000,026,144 | ---- | M] () -- C:\RPSetup.exe.log
    [2011/06/12 12:27:07 | 000,071,754 | ---- | M] () -- C:\TDSSKiller.2.5.4.0_12.06.2011_12.25.55_log.txt
    [2011/04/17 10:57:09 | 000,001,094 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/02/20 01:17:55 | 000,001,622 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/10 11:14:09 | 000,000,221 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >
    [2010/10/21 00:23:26 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/06 10:23:29 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/12 15:40:52 | 000,000,003 | RH-- | M] () -- C:\ProgramData\LoJackNotifier.txt

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >
  15. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    ========== Files - Unicode (All) ==========
    [2010/07/23 20:44:50 | 000,119,479 | ---- | M] ()(C:\Users\Chris\Documents\pop?reggae?reggaeton?techno tracklist.docx) -- C:\Users\Chris\Documents\popreggaereggaetontechno tracklist.docx
    [2010/07/23 20:37:56 | 000,119,479 | ---- | C] ()(C:\Users\Chris\Documents\pop?reggae?reggaeton?techno tracklist.docx) -- C:\Users\Chris\Documents\popreggaereggaetontechno tracklist.docx
    [2010/07/23 20:33:47 | 000,128,139 | ---- | M] ()(C:\Users\Chris\Documents\country?dance?latin?oldies tracklist.docx) -- C:\Users\Chris\Documents\countrydancelatinoldies tracklist.docx
    [2010/07/23 20:33:45 | 000,128,139 | ---- | C] ()(C:\Users\Chris\Documents\country?dance?latin?oldies tracklist.docx) -- C:\Users\Chris\Documents\countrydancelatinoldies tracklist.docx

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 92 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.metadatakMDItemWhereFroms
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\what it's worth.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\to be or not to be.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\the pit.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\temptation.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\so serious.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\secret lovers.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rude girl.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #2 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #1 playlist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #2 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #1 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #3 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #2 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #1 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\pouring down.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\outta my business.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\ny girls.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\no games.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my style.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my chick bad.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\moment for life remix.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\mixed.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\make her say.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\latino.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\knockin boots.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\in the morning.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\im gettin it.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i need a beat.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i miss you.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\hypnotized.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\handle biz.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\guess who.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin uphill.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin down.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\gangsta party.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\down for whatever.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\deuces.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\darkness before dawn.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\close your eyes.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\call me savior.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\being myself.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\back to the boogie.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\amazing.rtf:AFP_AfpInfo
    @Alternate Data Stream - 11 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.TextEncoding

    < End of report >
  16. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    OTL Extras logfile created on: 6/12/2011 5:57:58 PM - Run 1
    OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Chris\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.93 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.96% Memory free
    15.87 Gb Paging File | 13.95 Gb Available in Paging File | 87.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 471.91 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

    Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{1336D61B-1D48-4E5C-9E39-35444B00EE3D}" = FastAccess
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
    "{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
    "{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
    "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
    "{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
    "{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
    "{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
    "{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
    "{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
    "{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
    "{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
    "{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
    "{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
    "{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
    "{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
    "{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
    "{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
    "{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Audacity_is1" = Audacity 1.2.6
    "BitZipper_is1" = BitZipper 2010
    "Dell Webcam Central" = Dell Webcam Central
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "MSC" = McAfee SecurityCenter
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.SingleImage" = Microsoft Office Home and Student 2010

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/10/2011 10:50:47 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary Disk Filter Driver for Accelerometer. System Error: The system cannot find
    the file specified. .

    Error - 6/10/2011 10:51:36 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
    Description = Cryptographic Services failed while processing the OnIdentity() call
    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
    of binary Disk Filter Driver for Accelerometer. System Error: The system cannot find
    the file specified. .

    Error - 6/10/2011 11:35:34 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: MsiExec.exe, version: 5.0.7600.16385, time
    stamp: 0x4a5bc3e6 Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0,
    time stamp: 0x4cf4536a Exception code: 0xc0000005 Fault offset: 0x67d8bb89 Faulting
    process id: 0x8a4 Faulting application start time: 0x01cc2784079d8ceb Faulting application
    path: C:\Windows\syswow64\MsiExec.exe Faulting module path: QuickTime.qts Report
    Id: 47f65bea-9377-11e0-8c4f-d8c1d8dffdf5

    Error - 6/10/2011 11:40:57 AM | Computer Name = Chris-PC | Source = MsiInstaller | ID = 10005
    Description =

    Error - 6/10/2011 2:23:45 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
    stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
    0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
    id: 0x734 Faulting application start time: 0x01cc2784fa23f4b9 Faulting application
    path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
    path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: c62b03a7-938e-11e0-9348-a5b2074425ef

    Error - 6/11/2011 3:34:04 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mcshield.exe, version: 14.2.0.723, time
    stamp: 0x4b437b54 Faulting module name: mcshield.exe, version: 14.2.0.723, time
    stamp: 0x4b437b54 Exception code: 0xc000041d Fault offset: 0x000000000000976a Faulting
    process id: 0xa9c Faulting application start time: 0x01cc2855653971e1 Faulting application
    path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Faulting module
    path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Report Id: c3b4173b-9461-11e0-90ab-be0154a50efa

    Error - 6/11/2011 4:13:50 PM | Computer Name = Chris-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 350 Start
    Time: 01cc287002ba6d55 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 6/11/2011 4:44:20 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
    stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
    0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
    id: 0x5a0 Faulting application start time: 0x01cc28770ff6ffa2 Faulting application
    path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
    path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: 943c346e-946b-11e0-8910-ddfacceaabf2

    Error - 6/12/2011 2:39:46 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
    stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
    0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
    id: 0x31c Faulting application start time: 0x01cc2890d6a58a2e Faulting application
    path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
    path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: c2a02e8d-94be-11e0-9603-d4e26e09fbf3

    Error - 6/12/2011 3:09:07 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
    stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
    0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
    id: 0x75c Faulting application start time: 0x01cc28ce1164f3ba Faulting application
    path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
    path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: dc516b2a-94c2-11e0-921f-b0c39bf750e7

    [ Dell Events ]
    Error - 9/30/2010 2:54:32 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/30/2010 2:54:32 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/29/2010 1:39:45 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/29/2010 1:39:45 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/7/2010 9:06:18 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/7/2010 9:06:18 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/16/2010 5:22:15 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ System Events ]
    Error - 6/12/2011 4:41:53 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/12/2011 4:50:58 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/12/2011 4:51:06 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 6/12/2011 4:52:15 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
    Description = The Dock Login Service service failed to start due to the following
    error: %%2

    Error - 6/12/2011 4:52:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
    Description = The SessionLauncher service failed to start due to the following error:
    %%2

    Error - 6/12/2011 4:53:05 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    RxFilter

    Error - 6/12/2011 4:55:38 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
    Description =

    Error - 6/12/2011 4:55:49 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
    Description =

    Error - 6/12/2011 5:01:07 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
    to start due to the following error: %%31

    Error - 6/12/2011 5:54:28 PM | Computer Name = Chris-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.


    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    I can't continue, because you didn't answer my question:
  18. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    Oh, I'm sorry.. Nothing new's happened, theres still the same old problems as before, however.
  19. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Can you restate those issues for me?
  20. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    In the processes tab, when I go on Internet Explorer, a 2nd iexplore.exe shows up when I only have one window open. At times, random processes (iTunes, Internet Explorer, explorer.exe, and mcagent.exe) use up a lot more memory than they should, and slow down the computer.
    Almost everytime I run windows, a process called 'pcdrcui.exe' eventually shows up and it's memory seems to grow more and more until I notice it on Task Manager and end the process (which is my temporary solution for these problems, they return soon enough).
    Also, when I run iTunes, song playback is shoddy, glitchy, and almost sounds like the mp3 itself is slowing down. When I try watching videos online, such as on Youtube, I'll end up seeing a glitch on the screen, whatever audio is playing freezes and then the screen goes black, leaving me with no other option but to manually shut off and restart my computer. It has to do with the ATI driver, but uninstall/reinstall hasn't worked at all, so I assume it's involved with a bug in my system.
  21. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    This is normal. Starting with IE8, when you start IE, it'll open two iexplore.exe processes from the get go. Each new open tab will add another process.

    pcdrcui.exe is a part of PC-Doctor included in Dell Support Center.
    Dell Support Center is worthless resource hog and you can safely uninstall it.

    =======================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
      O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
      O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [1 C:\Users\Chris\Documents\*.tmp files -> C:\Users\Chris\Documents\*.tmp -> ]
      @Alternate Data Stream - 92 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.metadata"kMDItemWhereFroms
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\what it's worth.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\to be or not to be.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\the pit.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\temptation.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\so serious.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\secret lovers.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rude girl.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #2 tracklist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #1 playlist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #2 tracklist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #1 tracklist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #3 tracklist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #2 tracklist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #1 tracklist.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\pouring down.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\outta my business.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\ny girls.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\no games.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my style.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my chick bad.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\moment for life remix.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\mixed.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\make her say.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\latino.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\knockin boots.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\in the morning.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\im gettin it.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i need a beat.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i miss you.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\hypnotized.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\handle biz.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\guess who.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin uphill.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin down.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\gangsta party.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\down for whatever.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\deuces.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\darkness before dawn.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\close your eyes.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\call me savior.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\being myself.docx:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\back to the boogie.rtf:AFP_AfpInfo
      @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\amazing.rtf:AFP_AfpInfo
      @Alternate Data Stream - 11 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.TextEncoding
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
    File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Users\Chris\Documents\~WRL3981.tmp deleted successfully.
    Unable to delete ADS C:\Users\Chris\Documents\New Wave.txt:com.apple.metadata"kMDItemWhereFroms .
    ADS C:\Users\Chris\Documents\what it's worth.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\to be or not to be.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\the pit.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\temptation.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\so serious.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\secret lovers.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rude girl.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rock cd #2 tracklist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rock cd #1 playlist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rnb cd #2 tracklist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rnb cd #1 tracklist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rap cd #3 tracklist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rap cd #2 tracklist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\rap cd #1 tracklist.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\pouring down.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\outta my business.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\ny girls.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\no games.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\my style.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\my chick bad.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\moment for life remix.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\mixed.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\make her say.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\latino.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\knockin boots.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\in the morning.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\im gettin it.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\i need a beat.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\i miss you.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\hypnotized.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\handle biz.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\guess who.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\goin uphill.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\goin down.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\gangsta party.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\down for whatever.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\deuces.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\darkness before dawn.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\close your eyes.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\call me savior.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\being myself.docx:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\back to the boogie.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\amazing.rtf:AFP_AfpInfo deleted successfully.
    ADS C:\Users\Chris\Documents\New Wave.txt:com.apple.TextEncoding deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: .TemporaryItems
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Chris
    ->Temp folder emptied: 1307245 bytes
    ->Temporary Internet Files folder emptied: 588519330 bytes
    ->Java cache emptied: 10617379 bytes
    ->FireFox cache emptied: 48393984 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 504 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1824 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes
    RecycleBin emptied: 5095778 bytes

    Total Files Cleaned = 624.00 mb


    [EMPTYFLASH]

    User: .TemporaryItems

    User: All Users

    User: Chris
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.24.0 log created on 06132011_164049

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
    C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  23. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee SecurityCenter
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 10.2.153.1
    Adobe Reader 9.4.4
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
  24. chrisserra92

    chrisserra92 Newcomer, in training Topic Starter Posts: 24

    The ESET Online scanner didn't find anything, so there's no extra log for that :)
  25. Broni

    Broni Malware Annihilator Posts: 46,335   +252

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.