Solved Need help with System Check virus

codyb · Jan 9, 2012

I think this is the right file

my comp also feels quite a bit better now! i appreciate the help sooo much broni!

Broni · Jan 9, 2012

Good

Go on with OTL.

codyb · Jan 9, 2012

OTL logfile created on: 1/10/2012 2:21:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cody Brown\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.80% Memory free
7.98 Gb Paging File | 6.15 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.87 Gb Total Space | 172.22 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
Drive D: | 458.87 Gb Total Space | 458.77 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: CODY-BROWN | User Name: Cody Brown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/10 14:20:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cody Brown\Downloads\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Cody Brown\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/25 16:02:06 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2011/08/25 15:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2011/05/12 12:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2010/12/22 19:46:29 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/11/11 19:27:40 | 000,193,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/07/05 13:12:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/06/30 17:46:32 | 000,121,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2010/06/30 17:46:30 | 001,264,240 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Acer Display\eDisplay Management\dthtml.exe
PRC - [2010/05/13 17:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
PRC - [2010/05/13 17:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
PRC - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/09 15:35:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\DetectWireless.exe
PRC - [2009/12/09 20:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/11/12 12:48:50 | 000,469,536 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/11 00:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/04 16:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/03 18:15:12 | 000,496,896 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/06/26 20:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/05 20:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 20:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 20:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 20:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 20:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2012/01/05 18:06:01 | 008,593,056 | ---- | M] () -- C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
MOD - [2011/10/13 04:36:16 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll
MOD - [2011/10/13 04:36:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011/10/13 04:31:36 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/13 04:31:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 04:31:14 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 04:31:10 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 04:30:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 04:30:56 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 04:30:53 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 04:30:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 04:30:48 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 23:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 23:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/30 17:46:26 | 000,084,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2010/06/30 17:37:38 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2010/05/13 17:34:48 | 000,711,792 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
MOD - [2010/05/13 17:34:42 | 000,674,928 | ---- | M] () -- C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
MOD - [2010/02/09 15:35:54 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\DetectWireless.exe
MOD - [2009/11/12 12:48:50 | 000,469,536 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/11/03 12:27:14 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/04/20 11:22:34 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanDll.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/13 07:09:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/03 17:46:44 | 000,199,008 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2011/07/19 10:57:00 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/08/07 08:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 12:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 10:18:48 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/12/08 19:57:19 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/25 15:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (RumorServer)
SRV - [2011/08/25 15:58:30 | 000,291,064 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe -- (myAgtSvc)
SRV - [2011/05/12 12:48:20 | 000,324,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2010/12/22 19:46:29 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/07/05 13:12:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/30 17:46:32 | 000,121,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/04/16 16:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/09 20:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/11 00:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/26 05:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/11 08:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/26 20:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/13 07:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/13 07:56:18 | 010,207,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/13 06:30:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/19 10:57:00 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/07/19 10:57:00 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/07/19 10:57:00 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/07/19 10:57:00 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/07/19 10:57:00 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/07/19 10:57:00 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/06/07 09:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 17:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/04 20:08:15 | 000,508,472 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/11/21 00:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 17:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/04/16 16:34:06 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/09/30 12:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 20:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/25 00:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009/08/07 08:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/14 12:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 11:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 07:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 22:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 22:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 22:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/03 15:43:04 | 000,589,312 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/01/23 18:09:28 | 000,113,664 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bsusbser.sys -- (bsusbser)
DRV:64bit: - [2006/05/24 12:51:14 | 000,013,824 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV - [2009/07/14 12:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/23 18:09:28 | 000,113,664 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\bsusbser.sys -- (bsusbser)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

IE - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_x3900&r=173606107007p0448v1k5w4471u393
IE - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.11
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.6
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.638
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100009

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cody Brown\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cody Brown\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/25 14:54:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 15:46:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/03 15:46:34 | 000,000,000 | ---D | M]

[2010/08/31 17:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Extensions
[2010/08/31 17:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/10 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\extensions
[2012/01/03 15:47:12 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012/01/03 18:07:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/18 15:52:41 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\extensions\battlefieldheroespatcher@ea.com
[2012/01/03 15:50:15 | 000,000,000 | ---D | M] (DomainsOnFirefox) -- C:\Users\Cody Brown\AppData\Roaming\Mozilla\Firefox\Profiles\p0nbcfyo.default\extensions\domainsonfirefox@domainsonfire.com
[2012/01/03 15:46:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 18:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/21 15:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 15:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cody Brown\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/10 12:57:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110917024202.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110917024201.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DT ACR] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000..\Run: [Akamai NetSession Interface] C:\Users\Cody Brown\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000..\Run: [MyDetectWireless] C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\DetectWireless.exe ()
O4 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000..\Run: [MyWirelessCard] C:\Program Files (x86)\Crazy John's\Crazy John's Broadband\WirelessCard.exe ()
O4 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Cody Brown\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CBB8732-FC33-481D-B866-ADBFE1E95E0E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{743D876A-93F8-4E33-BB02-A02B487F0A8B}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA4B0376-B043-4BC3-A85A-8E68168899C8}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC4C6B1E-7835-4B6B-B993-F931CAA47AC7}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9AC704B-92F7-4E1D-9DEB-3B90B1FC81A3}: DhcpNameServer = 211.29.132.12 61.88.88.88
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)

codyb · Jan 9, 2012

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/10 13:03:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/10 12:57:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/10 12:42:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/10 12:42:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/10 12:42:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/10 12:42:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/10 12:42:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/10 12:42:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{45B3D47E-DBFA-437A-98E1-BF59CCCB91DE}
[2012/01/10 12:12:35 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{0B11088A-5D6E-444F-8CE2-8C20D93F8CFE}
[2012/01/10 11:38:41 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{9B576559-D607-4975-A92F-2F2AF739C9B2}
[2012/01/10 11:38:28 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{67BA549F-3763-4CE1-932A-8341D1F15231}
[2012/01/10 11:16:35 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{F324C93C-0292-4024-8F12-C9A71AA831A2}
[2012/01/10 11:16:22 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{864B6527-B56B-4111-A08A-8079F549752E}
[2012/01/10 11:06:15 | 000,256,576 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysWow64\dtsoftbus01.sys
[2012/01/10 10:11:22 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Cody Brown\Desktop\aswMBR.exe
[2012/01/10 09:22:57 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Cody Brown\Desktop\dds.scr
[2012/01/10 08:50:23 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{9B89FAE9-C6F1-457E-A16F-EEE481206408}
[2012/01/10 08:50:03 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{7205775D-219B-4D0B-85DB-A0B82E3E6C09}
[2012/01/10 03:20:01 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/10 03:03:35 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Roaming\Malwarebytes
[2012/01/10 03:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 03:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/10 03:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/10 03:02:08 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cody Brown\Desktop\mbam-setup.exe
[2012/01/10 02:56:16 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cody Brown\Desktop\iexplore.com.exe
[2012/01/10 01:27:22 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{A387678F-CA4A-4728-818A-61B139D3EC38}
[2012/01/10 01:27:08 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{2939BC6D-A77A-4DA9-B176-193AB7940604}
[2012/01/10 01:11:31 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/09 13:45:11 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\.freemind
[2012/01/09 13:44:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[2012/01/09 13:44:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeMind
[2012/01/06 02:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2012/01/03 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
[2012/01/03 15:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeywordBlaze
[2011/12/26 22:15:59 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{2775E56B-C313-4433-B370-466CC8934358}
[2011/12/26 22:15:32 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{4827CA5D-2D95-4807-9847-56D1E5E59F86}
[2011/12/16 11:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Local Shortcut
[2011/12/16 11:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Your Local Shortcut
[2011/12/16 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{90197898-4B0F-476A-A6A3-C78FACFD6020}
[2011/12/16 09:49:52 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Local\{4FA53F3E-6CC0-4168-ADD3-567AFD779EFA}
[2009/11/27 04:31:51 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 14:17:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000UA.job
[2012/01/10 14:02:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 13:04:23 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 13:04:23 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 12:57:31 | 000,050,688 | ---- | M] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2012/01/10 12:57:31 | 000,007,835 | ---- | M] () -- C:\Windows\SysWow64\dtsoftbus01.cat
[2012/01/10 12:57:31 | 000,001,931 | ---- | M] () -- C:\Windows\SysWow64\dtsoftbus01.inf
[2012/01/10 12:57:30 | 000,256,576 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysWow64\dtsoftbus01.sys
[2012/01/10 12:57:28 | 000,000,943 | ---- | M] () -- C:\Windows\WirelessCard.INI
[2012/01/10 12:57:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/10 12:57:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/10 12:56:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/10 12:56:36 | 3214,479,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 12:28:15 | 000,000,512 | ---- | M] () -- C:\Users\Cody Brown\Desktop\MBR.dat
[2012/01/10 12:17:26 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/10 12:17:26 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/10 12:17:26 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/10 10:32:01 | 000,059,237 | ---- | M] () -- C:\Users\Cody Brown\Desktop\bootkit.htm
[2012/01/10 10:11:36 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Cody Brown\Desktop\aswMBR.exe
[2012/01/10 09:23:00 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Cody Brown\Desktop\dds.scr
[2012/01/10 09:06:37 | 000,302,592 | ---- | M] () -- C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
[2012/01/10 08:54:47 | 000,684,297 | ---- | M] () -- C:\Users\Cody Brown\Desktop\unhide.exe
[2012/01/10 03:04:30 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 03:02:30 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cody Brown\Desktop\mbam-setup.exe
[2012/01/10 02:56:06 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cody Brown\Desktop\iexplore.com.exe
[2012/01/10 02:46:50 | 001,008,141 | ---- | M] () -- C:\Users\Cody Brown\Desktop\iExplore (1).exe
[2012/01/10 01:11:31 | 000,000,681 | ---- | M] () -- C:\Users\Cody Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/09 13:44:54 | 000,001,893 | ---- | M] () -- C:\Users\Cody Brown\Desktop\FreeMind.lnk
[2012/01/09 13:42:32 | 000,102,967 | ---- | M] () -- C:\Users\Cody Brown\Desktop\UltimateWSOSuccessSystem.mmap
[2012/01/09 11:34:42 | 000,344,254 | ---- | M] () -- C:\Users\Cody Brown\Desktop\GodFather Outsourcing By Seth Bias.pdf
[2012/01/09 11:18:06 | 000,018,074 | ---- | M] () -- C:\Users\Cody Brown\AppData\Roaming\wklnhst.dat
[2012/01/09 04:17:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228345665-1085567725-3446538699-1000Core.job
[2012/01/08 14:21:36 | 000,128,000 | ---- | M] () -- C:\Users\Cody Brown\Desktop\treatment for constipation.msam
[2012/01/07 20:18:07 | 000,002,432 | ---- | M] () -- C:\Users\Cody Brown\Desktop\Google Chrome.lnk
[2012/01/07 16:45:59 | 000,082,944 | ---- | M] () -- C:\Users\Cody Brown\Desktop\best stretch mark cream.msam
[2012/01/07 15:21:42 | 000,150,528 | ---- | M] () -- C:\Users\Cody Brown\Desktop\how do i reduce stretch marks.msam
[2012/01/06 02:14:14 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012/01/04 12:29:23 | 000,023,552 | ---- | M] () -- C:\Users\Cody Brown\Documents\My First Workspace.kwbz
[2012/01/03 15:47:34 | 000,002,060 | ---- | M] () -- C:\Users\Cody Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/03 15:46:38 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/03 15:39:33 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\KeywordBlaze.lnk
[2011/12/20 15:51:26 | 000,018,944 | ---- | M] () -- C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri.wps
[2011/12/20 11:26:39 | 001,350,660 | ---- | M] () -- C:\Users\Cody Brown\Desktop\eBook_The Top 10... Your Loved One.v4-with cover page.pdf
[2011/12/20 11:16:04 | 000,185,398 | ---- | M] () -- C:\Users\Cody Brown\Desktop\What is Lead Generation.pdf
[2011/12/16 19:59:30 | 000,028,195 | ---- | M] () -- C:\Users\Cody Brown\Desktop\marketing-expert.jpg
[2011/12/16 11:16:34 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Your Local Shortcut.lnk
[2011/12/16 04:23:25 | 005,249,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/14 16:55:26 | 000,015,360 | ---- | M] () -- C:\Users\Cody Brown\Desktop\Web Design Questionnaire.wps
[2011/12/14 16:45:55 | 002,049,467 | ---- | M] () -- C:\Users\Cody Brown\Desktop\Capri.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 12:42:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/10 12:42:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/10 12:42:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/10 12:42:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/10 12:42:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/10 12:28:15 | 000,000,512 | ---- | C] () -- C:\Users\Cody Brown\Desktop\MBR.dat
[2012/01/10 11:06:16 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbusinst64.exe
[2012/01/10 11:06:16 | 000,007,835 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbus01.cat
[2012/01/10 11:06:16 | 000,001,931 | ---- | C] () -- C:\Windows\SysWow64\dtsoftbus01.inf
[2012/01/10 10:32:26 | 000,059,237 | ---- | C] () -- C:\Users\Cody Brown\Desktop\bootkit.htm
[2012/01/10 09:11:53 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Xilisoft iPhone Video Converter 6.lnk
[2012/01/10 09:11:53 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Your Local Shortcut.lnk
[2012/01/10 09:11:53 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Connection Manager.lnk
[2012/01/10 09:11:52 | 000,002,752 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/01/10 09:11:52 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/01/10 09:11:52 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/10 09:11:52 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops Call MP.lnk
[2012/01/10 09:11:52 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty - Black Ops.lnk
[2012/01/10 09:11:52 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\Crazy John's Broadband.lnk
[2012/01/10 09:11:52 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\Acer eDisplay Management.lnk
[2012/01/10 09:11:52 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
[2012/01/10 09:11:52 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\ACID Pro 7.0.lnk
[2012/01/10 09:11:52 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/01/10 09:11:52 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2012/01/10 09:11:52 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/10 09:11:52 | 000,001,525 | ---- | C] () -- C:\Users\Public\Desktop\MYOB BusinessBasics v1.lnk
[2012/01/10 09:11:52 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Warsow.lnk
[2012/01/10 09:11:52 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\LiveCode 4.6.3.lnk
[2012/01/10 09:11:52 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2012/01/10 09:11:52 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/10 09:11:52 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk
[2012/01/10 09:11:52 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\MixPad Audio Mixer.lnk
[2012/01/10 09:11:52 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/01/10 09:11:52 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\MarketMeSuite.lnk
[2012/01/10 09:11:52 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2012/01/10 09:11:52 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
[2012/01/10 09:11:52 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2012/01/10 09:11:52 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2012/01/10 09:11:52 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/01/10 09:11:52 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\KeywordBlaze.lnk
[2012/01/10 09:11:52 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2012/01/10 09:11:52 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\BlogMe.lnk
[2012/01/10 09:11:46 | 000,001,998 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/01/10 09:11:46 | 000,000,958 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
[2012/01/10 09:11:33 | 000,002,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
[2012/01/10 09:11:33 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/01/10 09:11:33 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/01/10 09:11:33 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/01/10 09:11:33 | 000,002,623 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
[2012/01/10 09:11:33 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/01/10 09:11:33 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/01/10 09:11:33 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/01/10 09:11:33 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TidySongs.lnk
[2012/01/10 09:11:33 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012/01/10 09:11:33 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/01/10 09:11:33 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/01/10 09:11:33 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/01/10 09:11:33 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/01/10 09:11:33 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/01/10 09:11:33 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/01/10 09:11:33 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/01/10 09:11:33 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/01/10 09:11:33 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/01/10 09:11:33 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/01/10 09:11:33 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/10 09:11:33 | 000,001,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
[2012/01/10 09:11:33 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2012/01/10 09:11:33 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS5.lnk
[2012/01/10 09:11:33 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer.lnk
[2012/01/10 09:11:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/10 09:11:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/01/10 09:11:32 | 000,001,527 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012/01/10 09:11:32 | 000,001,513 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2012/01/10 09:11:32 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012/01/10 09:11:32 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2012/01/10 09:11:32 | 000,001,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2012/01/10 09:11:32 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[2012/01/10 09:11:32 | 000,001,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS5.lnk
[2012/01/10 09:11:32 | 000,001,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2012/01/10 09:11:32 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip.lnk
[2012/01/10 09:11:32 | 000,001,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.lnk
[2012/01/10 09:11:32 | 000,001,026 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor.lnk
[2012/01/10 09:11:32 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/01/10 09:11:32 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2012/01/10 09:11:32 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeywordBlaze.lnk
[2012/01/10 09:11:32 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlogMe.lnk
[2012/01/10 09:07:53 | 000,302,592 | ---- | C] () -- C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
[2012/01/10 08:56:39 | 000,684,297 | ---- | C] () -- C:\Users\Cody Brown\Desktop\unhide.exe
[2012/01/10 03:04:30 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 02:47:08 | 001,008,141 | ---- | C] () -- C:\Users\Cody Brown\Desktop\iExplore (1).exe
[2012/01/10 01:11:31 | 000,000,681 | ---- | C] () -- C:\Users\Cody Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/01/09 13:44:54 | 000,001,893 | ---- | C] () -- C:\Users\Cody Brown\Desktop\FreeMind.lnk
[2012/01/09 13:42:32 | 000,102,967 | ---- | C] () -- C:\Users\Cody Brown\Desktop\UltimateWSOSuccessSystem.mmap
[2012/01/09 11:34:41 | 000,344,254 | ---- | C] () -- C:\Users\Cody Brown\Desktop\GodFather Outsourcing By Seth Bias.pdf
[2012/01/08 13:53:30 | 000,128,000 | ---- | C] () -- C:\Users\Cody Brown\Desktop\treatment for constipation.msam
[2012/01/07 16:34:38 | 000,082,944 | ---- | C] () -- C:\Users\Cody Brown\Desktop\best stretch mark cream.msam
[2012/01/07 15:12:43 | 000,150,528 | ---- | C] () -- C:\Users\Cody Brown\Desktop\how do i reduce stretch marks.msam
[2012/01/03 15:40:32 | 000,023,552 | ---- | C] () -- C:\Users\Cody Brown\Documents\My First Workspace.kwbz
[2011/12/20 11:25:57 | 001,350,660 | ---- | C] () -- C:\Users\Cody Brown\Desktop\eBook_The Top 10... Your Loved One.v4-with cover page.pdf
[2011/12/20 11:15:58 | 000,185,398 | ---- | C] () -- C:\Users\Cody Brown\Desktop\What is Lead Generation.pdf
[2011/12/16 19:59:30 | 000,028,195 | ---- | C] () -- C:\Users\Cody Brown\Desktop\marketing-expert.jpg
[2011/12/14 17:43:43 | 000,018,944 | ---- | C] () -- C:\Users\Cody Brown\Desktop\Web Design Questionnaire - Capri.wps
[2011/12/14 16:55:26 | 000,015,360 | ---- | C] () -- C:\Users\Cody Brown\Desktop\Web Design Questionnaire.wps
[2011/12/14 16:45:49 | 002,049,467 | ---- | C] () -- C:\Users\Cody Brown\Desktop\Capri.pdf
[2011/10/19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/10/18 23:45:12 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/15 11:28:07 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2011/04/15 23:59:29 | 000,150,108 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/03/18 04:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/15 21:36:08 | 000,000,181 | ---- | C] () -- C:\Windows\MYOBP.INI
[2011/03/15 21:36:08 | 000,000,041 | ---- | C] () -- C:\Windows\MYOB.INI
[2011/02/14 20:08:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/29 10:28:30 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/11/20 17:23:05 | 002,373,712 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/11/18 16:31:43 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/11/18 16:31:40 | 002,427,248 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2010/11/18 16:31:40 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/09/27 18:50:50 | 000,018,074 | ---- | C] () -- C:\Users\Cody Brown\AppData\Roaming\wklnhst.dat
[2010/08/08 17:44:43 | 000,000,943 | ---- | C] () -- C:\Windows\WirelessCard.INI
[2010/07/28 17:43:59 | 000,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2010/07/08 15:42:28 | 000,011,776 | ---- | C] () -- C:\Users\Cody Brown\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/30 16:39:55 | 000,000,206 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2010/06/28 12:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2009/11/27 04:06:06 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2009/11/27 04:06:06 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2009/11/27 04:06:06 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2009/11/27 04:06:06 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2009/11/27 04:06:06 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2009/11/27 04:06:06 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin
[2009/07/14 16:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 13:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 13:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 11:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 10:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 08:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 08:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/10/11 06:49:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2000/01/31 08:02:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\Wh2Robo.dll
[1999/01/23 12:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/25 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\BlogMe
[2012/01/03 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\com.blueprintcentral.keywordblaze
[2012/01/09 23:20:06 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\CoreFTP
[2011/01/04 20:13:16 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\DAEMON Tools Pro
[2011/06/15 14:44:45 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\DisplayTune
[2012/01/10 12:58:14 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Dropbox
[2011/04/16 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\FrostWire
[2011/02/25 10:51:19 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\FXTS2
[2010/12/07 12:46:53 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\gtk-2.0
[2010/11/29 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Hi-Rez Studios
[2011/05/31 11:03:00 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Iceni
[2011/04/15 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\LimeWire
[2010/08/05 02:49:40 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\MarketMeTweet
[2010/09/15 16:21:49 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/10/03 23:57:02 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\MindTerm
[2012/01/10 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Mumble
[2010/08/24 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\NCH Swift Sound
[2010/08/31 17:27:38 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\NetMedia Providers
[2010/10/10 18:38:39 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\OpenCandy
[2010/06/27 18:33:31 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Opera
[2010/09/07 17:01:08 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Publish Providers
[2010/10/10 22:42:28 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Red Kawa
[2011/08/26 22:10:44 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\RunRev
[2010/08/15 15:54:04 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\SoftDMA
[2010/08/31 17:27:31 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Sony
[2011/01/27 22:00:44 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\SystemRequirementsLab
[2010/09/27 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Template
[2010/10/10 11:11:07 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1
[2010/11/30 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Warsow 0.5
[2010/11/29 13:59:11 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Windows Live Writer
[2010/10/10 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\Xilisoft
[2011/11/13 22:49:00 | 000,000,000 | ---D | M] -- C:\Users\Cody Brown\AppData\Roaming\YourLocalShorcut
[2011/08/12 06:04:15 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/01/27 16:08:10 | 000,013,308 | ---- | M] () -- C:\aaw7boot.log
[2009/11/27 04:06:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/17 13:41:42 | 115,513,480 | ---- | M] (AMD Inc.) -- C:\Catalyst_10.12_CCC2_Preview_Win7_Dec7.exe
[2012/01/10 13:03:36 | 000,031,802 | ---- | M] () -- C:\ComboFix.txt
[2009/10/05 17:37:06 | 000,003,731 | ---- | M] () \ENZ1LP11.MD5 -- C:\ENZ1LP11.MD5
[2012/01/10 12:56:36 | 3214,479,360 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/05 17:32:44 | 000,000,292 | ---- | M] () -- C:\LPCD.DAT
[2011/01/21 14:28:14 | 001,246,890 | ---- | M] (Igor Pavlov) -- C:\mb_driver_chipset_intel.exe
[2012/01/10 12:56:40 | 4285,972,480 | -HS- | M] () -- C:\pagefile.sys
[2010/04/16 16:34:00 | 000,007,233 | ---- | M] () -- C:\pdiports.cat
[2010/04/16 16:33:44 | 000,002,853 | ---- | M] () -- C:\pdiports64.inf
[2009/11/27 04:27:38 | 000,002,168 | ---- | M] () -- C:\RHDSetup.log
[2012/01/10 02:50:25 | 000,000,505 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2009/07/14 16:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 16:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 16:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 16:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 07:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 15:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/12 06:46:15 | 000,000,221 | -HS- | M] () -- C:\Users\Cody Brown\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/10 10:11:36 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Cody Brown\Desktop\aswMBR.exe
[2012/01/10 02:46:50 | 001,008,141 | ---- | M] () -- C:\Users\Cody Brown\Desktop\iExplore (1).exe
[2012/01/10 02:56:06 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cody Brown\Desktop\iexplore.com.exe
[2011/11/30 10:43:13 | 043,678,872 | ---- | M] (RunRev Ltd) -- C:\Users\Cody Brown\Desktop\LiveCodeInstaller-5_0_0-Windows.exe
[2012/01/10 03:02:30 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cody Brown\Desktop\mbam-setup.exe
[2012/01/10 09:06:37 | 000,302,592 | ---- | M] () -- C:\Users\Cody Brown\Desktop\p1hbv6e4.exe
[2012/01/10 08:54:47 | 000,684,297 | ---- | M] () -- C:\Users\Cody Brown\Desktop\unhide.exe
[2011/02/16 23:58:20 | 000,159,144 | ---- | M] (Microsoft Corporation) -- C:\Users\Cody Brown\Desktop\WindowsActivationUpdate.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 08:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/08/12 06:46:14 | 000,000,402 | -HS- | M] () -- C:\Users\Cody Brown\Favorites\desktop.ini
[2011/08/12 12:38:52 | 000,000,258 | ---- | M] () -- C:\Users\Cody Brown\Favorites\NCH Audio and Telephony Software.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2007/10/11 07:01:47 | 000,008,461 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/07/18 13:57:22 | 000,036,136 | ---- | M] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2011/01/17 13:11:31 | 000,000,091 | ---- | M] () -- C:\ProgramData\PS.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

codyb · Jan 9, 2012

OTL Extras logfile created on: 1/10/2012 2:21:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cody Brown\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.80% Memory free
7.98 Gb Paging File | 6.15 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.87 Gb Total Space | 172.22 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
Drive D: | 458.87 Gb Total Space | 458.77 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: CODY-BROWN | User Name: Cody Brown | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-4228345665-1085567725-3446538699-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Pro Plugin
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02828774-BEAF-39B4-E4F5-F093D6184402}" = TidySongs
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1345E306-1EE5-4545-84C9-F02F70413E9A}" = Invoice2go 4.0
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{20A981DF-6170-422C-8A29-7DC5CFC904DC}" = Visual C++ 8.0 x64 Runtime Setup Package
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37597766-C125-C616-4E74-88A9AFA5DDD4}" = BlogMe
"{395AB8C5-F3A8-4380-8718-7A11EC5829F0}" = Crazy John's Broadband
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{48EE6985-2F6A-AA36-175C-7228EE10BBAC}" = MarketMeSuite
"{494367EC-82A9-4C0D-A788-74A967998E8C}" = FXCM Trading Station
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FD707D0-B98D-4C8F-9248-A3CD17DB90F5}" = Quick and Dirty IMAP Mail Reader
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92EAE2BD-48D8-52FA-FBE7-FB6ADCCBCB89}" = Market Samurai
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A257078-74C3-D178-B4B6-49953E93BBE9}" = Keyword Blaze
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9d5299f9-f94e-43ed-9632-a5e045b51f7d}" = Nero 9 Essentials
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1
"{A07D7AF9-BA12-D49D-9771-A102A4D5BD13}" = Catalyst Control Center InstallProxy
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A586DC50-B18D-48FB-B7CC-A598200457C2}" = Acer eDisplay Management
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5BD220A-EFE8-48A5-B70E-9503D535******" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D9198056-A296-4583-A790-C0E73694CFE8}" = D-Link DWA-131 Wireless N Nano USB Adapter
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DA4E6EB8-C15C-48BD-9462-DB293C239697}" = Visual C++ 8.0 x64 Runtime Setup Package
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"43442AE9-6512-4392-B5DD-9167BECD1114_is1" = Infix 4.30
"Acer Welcome Center" = Welcome Center
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.4 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"Akamai" = Akamai NetSession Interface Service
"AviSynth" = AviSynth 2.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BlogMe" = BlogMe
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.blueprintcentral.keywordblaze" = Keyword Blaze
"Core FTP LE 2.1" = Core FTP LE 2.1
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"FrostWire" = FrostWire 4.21.5
"FXCM Trading Station" = FXCM Trading Station
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{A06176AF-7494-4B29-BE74-F01323AD3233}" = MYOB BusinessBasics v1
"LimeWire" = LimeWire 5.5.14
"LiveCode 4.6.3" = RunRev LiveCode 4.6.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"MarketMeTweet" = MarketMeSuite
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MVS" = McAfee Virus and Spyware Protection Service
"Opera 11.60.1185" = Opera 11.60
"PunkBusterSvc" = PunkBuster Services
"Quick and Dirty IMAP Mail Reader" = Quick and Dirty IMAP Mail Reader
"Steam App 17020" = Global Agenda
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 440" = Team Fortress 2
"Steam App 7940" = Call of Duty 4: Modern Warfare
"SystemRequirementsLab" = System Requirements Lab
"TidySongs" = TidySongs (remove only)
"tidysongs15.27F6A35B76E5883BF9E6FEE514586561E60595CA.1" = TidySongs
"VentriloMIX" = VentriloMIX
"Videora iPhone Converter" = Videora iPhone Converter 6
"VLC media player" = VLC media player 1.1.10
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"Xilisoft iPhone Video Converter 6" = Xilisoft iPhone Video Converter 6
"Your Local Shortcut_is1" = Your Local Shortcut

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4228345665-1085567725-3446538699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2011 9:07:10 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 151586

Error - 9/17/2011 9:07:11 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/17/2011 9:07:11 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 152584

Error - 9/17/2011 9:07:11 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 152584

Error - 9/17/2011 9:07:12 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/17/2011 9:07:12 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 153598

Error - 9/17/2011 9:07:12 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 153598

Error - 9/17/2011 9:07:13 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/17/2011 9:07:13 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 154612

Error - 9/17/2011 9:07:13 PM | Computer Name = Cody-Brown | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 154612

[ System Events ]
Error - 1/9/2012 8:39:22 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 1/9/2012 8:39:22 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 1/9/2012 9:12:47 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 1/9/2012 9:12:47 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

Error - 1/9/2012 9:42:33 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7031
Description = The Akamai NetSession Interface service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 1000
milliseconds: Restart the service.

Error - 1/9/2012 9:50:39 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/9/2012 9:54:02 PM | Computer Name = Cody-Brown | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 1/9/2012 9:55:22 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/9/2012 9:59:10 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7000
Description = The MBAMProtector service failed to start due to the following error:
%%2

Error - 1/9/2012 9:59:10 PM | Computer Name = Cody-Brown | Source = Service Control Manager | ID = 7001
Description = The MBAMService service depends on the MBAMProtector service which
failed to start because of the following error: %%2

< End of report >

Broni · Jan 9, 2012

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
IE - HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
[2012/01/10 01:11:31 | 000,000,000 | ---D | C] -- C:\Users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/10 01:11:31 | 000,000,681 | ---- | M] () -- C:\Users\Cody Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Do NOT post JavaRa log.

==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

codyb · Jan 9, 2012

All processes killed
Error: Unable to interpret <%SYSTEMDRIVE%\*.*> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.com> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.dll> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.ini2> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\spool\prtprocs\w32x86\*.*> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.bak1> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.jpg > in the current context!
Error: Unable to interpret <%systemroot%\*.jpg > in the current context!
Error: Unable to interpret <%systemroot%\*.png > in the current context!
Error: Unable to interpret <%systemroot%\*.scr> in the current context!
Error: Unable to interpret <%systemroot%\*._sy> in the current context!
Error: Unable to interpret <%APPDATA%\Adobe\Update\*.*> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Favorites\*.*> in the current context!
Error: Unable to interpret <%APPDATA%\Microsoft\*.* > in the current context!
Error: Unable to interpret <%PROGRAMFILES%\*.*> in the current context!
Error: Unable to interpret <%APPDATA%\Update\*.*> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav > in the current context!
Error: Unable to interpret <%PROGRAMFILES%\bak. /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\bak. /s> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Start Menu\*.lnk /x > in the current context!
Error: Unable to interpret <%systemroot%\system32\config\systemprofile\*.dat /x> in the current context!
Error: Unable to interpret <%systemroot%\*.config> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.db> in the current context!
Error: Unable to interpret <%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x> in the current context!
Error: Unable to interpret <%USERPROFILE%\Desktop\*.exe> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Common Files\*.*> in the current context!
Error: Unable to interpret <%systemroot%\*.src> in the current context!
Error: Unable to interpret <%systemroot%\install\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\DLL\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\HelpFiles\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\rundll\*.*> in the current context!
Error: Unable to interpret <%systemroot%\winn32\*.*> in the current context!
Error: Unable to interpret <%systemroot%\Java\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\test\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\Rundll32\*.*> in the current context!
Error: Unable to interpret <%systemroot%\AppPatch\Custom\*.*> in the current context!
Error: Unable to interpret <%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\PC-Doctor\Downloads\*.*> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\*.tmp> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\*.dat> in the current context!
Error: Unable to interpret <%USERPROFILE%\My Documents\*.exe> in the current context!
Error: Unable to interpret <%USERPROFILE%\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\ADDINS\*.*> in the current context!
Error: Unable to interpret <%systemroot%\assembly\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\Config\*.*> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\SECURITY\Database\*.sdb /x> in the current context!
Error: Unable to interpret <%systemroot%\SYSTEM\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\Web\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\Driver Cache\*.*> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\0*.exe> in the current context!
Error: Unable to interpret <%ProgramFiles%\Microsoft Common\*.*> in the current context!
Error: Unable to interpret <%ProgramFiles%\TinyProxy.> in the current context!
Error: Unable to interpret <%USERPROFILE%\Favorites\*.url /x> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.bk> in the current context!
Error: Unable to interpret <%systemroot%\*.te> in the current context!
Error: Unable to interpret <%systemroot%\system32\system32\*.*> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\*.dat /x> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.rmv> in the current context!
Error: Unable to interpret <dir /b "%systemroot%\system32\*.exe" | find /i " " /c> in the current context!
Error: Unable to interpret <dir /b "%systemroot%\*.exe" | find /i " " /c> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Microsoft\*.*> in the current context!
Error: Unable to interpret <%systemroot%\System32\Wbem\proquota.exe> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\*.dat> in the current context!
Error: Unable to interpret <%USERPROFILE%\Cookies\*.txt /x> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\fonts\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\winlog\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\Language\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\Settings\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.quo> in the current context!
Error: Unable to interpret <%SYSTEMROOT%\AppPatch\*.exe> in the current context!
Error: Unable to interpret <%SYSTEMROOT%\inf\*.exe> in the current context!
Error: Unable to interpret <%SYSTEMROOT%\Installer\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\config\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\system32\Computers\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\Sound\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\SpecialImg\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\code\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\draft\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\MSSSys\*.*> in the current context!
Error: Unable to interpret <%ProgramFiles%\Javascript\*.*> in the current context!
Error: Unable to interpret <%systemroot%\pchealth\helpctr\System\*.exe /s> in the current context!
Error: Unable to interpret <%systemroot%\Web\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\msn\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.tro> in the current context!
Error: Unable to interpret <%AppData%\Microsoft\Installer\msupdates\*.*> in the current context!
Error: Unable to interpret <%ProgramFiles%\Messenger\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\systhem32\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system\*.exe> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret </md5stop> in the current context!
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
C:\Users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\Users\Cody Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cody Brown
->Temp folder emptied: 433657 bytes
->Temporary Internet Files folder emptied: 8439752 bytes
->Java cache emptied: 4775919 bytes
->Google Chrome cache emptied: 48183747 bytes
->Apple Safari cache emptied: 1510400 bytes
->Opera cache emptied: 18450942 bytes
->Flash cache emptied: 8227363 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: postgres
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 86.00 mb

[EMPTYFLASH]

User: All Users

User: Cody Brown
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01102012_144753

Files\Folders moved on Reboot...
C:\Users\Cody Brown\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Broni · Jan 9, 2012

This is incorrect.
When copying my script you missed very first line:
:OTL
Redo.

codyb · Jan 9, 2012

my bad

do i have to run otl from the beginning again, or just from where i have to paste in the information you have given me ?

cheers,
cody

codyb · Jan 9, 2012

I just opened up the otl tool and pasted in your code and ran the fix. I hope this is where i was meant to go from.

New otl fix log:

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-4228345665-1085567725-3446538699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Folder C:\Users\Cody Brown\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\ not found.
File C:\Users\Cody Brown\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cody Brown
->Temp folder emptied: 19196 bytes
->Temporary Internet Files folder emptied: 321979 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7637141 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 559 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

[EMPTYFLASH]

User: All Users

User: Cody Brown
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01102012_150339

Files\Folders moved on Reboot...
C:\Users\Cody Brown\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

codyb · Jan 9, 2012

Security Check Log:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Adobe After Effects CS3 Presets
McAfee Virus and Spyware Protection Service
McAfee Browser Protection Service
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
McAfee Virus and Spyware Protection Service
McAfee SiteAdvisor Enterprise Plus
Java(TM) 6 Update 30
Adobe Flash Player 9 (Out of date Flash Player installed!)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Managed VirusScan Agent myAgtSvc.exe
McAfee Managed VirusScan DesktopUI XTray.exe
``````````End of Log````````````

Broni · Jan 9, 2012

Now you got it

codyb · Jan 9, 2012

Farbar Service Scanner Log:

Farbar Service Scanner
Ran by Cody Brown (administrator) on 10-01-2012 at 15:15:44
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

codyb · Jan 10, 2012

C:\Users\Cody Brown\AppData\Local\Microsoft\Windows Live Mail\Hotmail (co 6df\Deleted items\2A7F022D-0000014C.eml HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\Cody Brown\Documents\Cody\My Businesses\CLUB FIT NETWORK\New Website\Back Up's\backup-clubfitnetwork_com_au-2011_09_22-z2kaqz0j65.zip PHP/WPHack.A virus deleted - quarantined
C:\Users\Cody Brown\Documents\Random ****\Adobe\Adobe_CS5_Complete_Licensing_Solution.rar a variant of MSIL/Restamdos.AA trojan deleted - quarantined

Broni · Jan 10, 2012

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

codyb · Jan 10, 2012

Thank You sooooooooooooooooooooooooooo much for all of your help Broni! You have been a lifesaver!

I will post the OTL below and then finish all the steps

P.S What is the best way to avoid getting this virus again ? just because I have no idea how I got it and I though mcafee would have picked it up ?

Thanks Again!

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cody Brown
->Temp folder emptied: 36854 bytes
->Temporary Internet Files folder emptied: 2014177 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 72182986 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 2959134 bytes
->Flash cache emptied: 797 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 74.00 mb

[EMPTYFLASH]

User: All Users

User: Cody Brown
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: McAfeeMVSUser
->Flash cache emptied: 0 bytes

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_091805

Files\Folders moved on Reboot...
C:\Users\Cody Brown\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Broni · Jan 10, 2012

When you get to step 12 you'll get some hints.

Way to go!!

Good luck and stay safe

Solved Need help with System Check virus

codyb

Posts: 25 +0

Broni

Posts: 56,041 +516

codyb

Posts: 25 +0

codyb

Posts: 25 +0

codyb

Posts: 25 +0

Broni

Posts: 56,041 +516

codyb

Posts: 25 +0

Broni

Posts: 56,041 +516

codyb

Posts: 25 +0

codyb

Posts: 25 +0

codyb

Posts: 25 +0

Broni

Posts: 56,041 +516

codyb

Posts: 25 +0

codyb

Posts: 25 +0

Broni

Posts: 56,041 +516

codyb

Posts: 25 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts