Solved 8 Step Complete: Congratulations, You Won! Audio

Twiggyskulls · Feb 4, 2011

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5677

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/4/2011 12:13:32 PM
mbam-log-2011-02-04 (12-13-32).txt

Scan type: Quick scan
Objects scanned: 164761
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========================================

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-04 12:21:36
Windows 6.1.7600
Running: 7cesb1hr.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x84 0xC1 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x84 0xC1 0x6B ...

---- EOF - GMER 1.0.15 ----

========================================

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Brian at 11:52:03.77 on Fri 02/04/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2709 [GMT -5:00]

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Brian\AppData\Local\Apps\2.0\AVZHOJYN.37A\EA5GLQGW.RRZ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
C:\Program Files (x86)\Razer\Naga\NagaTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Adobe.exe] C:\Users\Brian\AppData\Roaming\Adobe.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
mRun: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs: {DLL_Str}
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
AppInit_DLLs-X64: {DLL_Str}
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe [2010-3-25 180968]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-1-19 469400]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-3-25 20792]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-1-19 79504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-1-19 120096]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
R3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision\RTCore64.sys [2010-8-10 14440]
R3 RzSynapse;Razer Naga Driver;C:\Windows\System32\drivers\RzSynapse.sys [2010-4-21 73216]
R3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-8-14 24064]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-1-19 78896]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2010-4-1 26624]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2010-1-25 10240]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-29 1255736]

=============== Created Last 30 ================

2011-02-03 15:41:24 -------- d-----w- C:\Users\Brian\AppData\Roaming\RIFT
2011-02-03 15:41:08 -------- d-----w- C:\Program Files (x86)\RIFT Beta
2011-01-31 02:46:36 -------- d-----w- C:\Users\Brian\AppData\Local\Divinity 2
2011-01-31 02:46:36 -------- d-----w- C:\PROGRA~3\Divinity 2
2011-01-29 02:09:53 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-21 04:31:58 -------- d-----w- C:\Program Files (x86)\Stunlock Studios
2011-01-21 04:30:47 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2011-01-20 03:19:59 23864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-01-20 03:19:58 78896 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-01-20 03:19:56 97576 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-01-20 03:19:56 120096 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-01-20 03:19:55 84424 ----a-w- C:\Windows\System32\drivers\mfetdik.sys
2011-01-20 03:19:54 79504 ----a-w- C:\Windows\System32\mfevtps.exe
2011-01-20 03:19:54 469400 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-01-20 03:18:28 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2011-01-20 03:18:25 -------- d-----w- C:\Program Files (x86)\McAfee
2011-01-20 03:18:25 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2011-01-20 03:07:36 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes
2011-01-20 03:06:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-20 03:06:31 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-20 03:06:28 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-20 03:06:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-18 11:17:31 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
2011-01-11 22:58:20 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 22:58:20 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-11 22:58:20 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-11 22:58:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-11 22:58:20 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-11 22:58:20 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 22:58:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 22:58:20 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-11 22:58:20 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 22:58:20 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-09 18:01:27 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-01-09 17:40:52 -------- d-----w- C:\Program Files (x86)\Motorola
2011-01-09 17:40:22 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2011-01-08 01:49:34 795752 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
2011-01-08 01:49:28 6143080 ----a-w- C:\Windows\System32\nvcpl.dll
2011-01-08 01:49:10 3156072 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-01-08 01:48:58 61032 ----a-w- C:\Windows\System32\nvshext.dll
2011-01-08 01:48:58 117864 ----a-w- C:\Windows\System32\nvmctray.dll
2011-01-08 01:48:58 1005160 ----a-w- C:\Windows\System32\nvvsvc.exe

==================== Find3M ====================

2010-12-11 11:05:43 327680 ----a-w- C:\Users\Brian\AppData\Roaming\Adobe.exe
2010-11-18 02:01:07 464 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2010-11-12 23:53:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

============= FINISH: 11:52:18.54 ===============

===========================================================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2010 4:38:35 PM
System Uptime: 2/4/2011 11:36:31 AM (0 hours ago)

Motherboard: EVGA | | EVGA P55 SLI LE E653
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | CPU 1 | 3362/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 363.551 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP120: 1/30/2011 9:46:40 PM - Installed DirectX
RP121: 2/3/2011 10:40:46 AM - Installed RIFT
RP122: 2/4/2011 11:27:55 AM - Removed MotoConnect

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Alien Swarm
Bloodline Champions
Brother HL-2170W
Curse Client
Definition update for Microsoft Office 2010 (KB982726)
Disciples III: Renaissance
Divinity II - The Dragon Knight Saga
DivX Setup
eReg
EVGA Precision 1.9.6
Global Agenda - Demo
Google Chrome
Java Auto Updater
Java(TM) 6 Update 23
League of Legends
Malwarebytes' Anti-Malware
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft XNA Framework Redistributable 3.1
Monday Night Combat
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NJStar Japanese WP
NVIDIA Performance
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA System Monitor
NVIDIA System Update
OpenAL
Pando Media Booster
Pidgin
Razer Naga
RIFT
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Steam
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft OneNote 2010 (KB2433299)
Update for Microsoft Outlook Social Connector (KB2289116)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 8.0 Runtime Setup Package (x64)
World of Warcraft
Z Engine

==== Event Viewer Messages From Past Week ========

2/4/2011 11:35:06 AM, Error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
2/4/2011 11:28:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MotoConnect Service service.
2/1/2011 9:01:38 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/28/2011 7:55:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/28/2011 7:52:02 PM, Error: Application Popup [1060] - \??\C:\Users\Brian\AppData\Local\Temp\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/28/2011 7:35:52 PM, Error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).
1/28/2011 5:01:44 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/28/2011 5:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/28/2011 5:01:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/28/2011 5:01:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/28/2011 5:01:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
1/28/2011 5:01:29 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2011 5:01:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/28/2011 5:01:08 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

==== End Of File ===========================

Broni · Feb 4, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Twiggyskulls · Feb 4, 2011

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: EVGA
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 155):
0x02A53000 \SystemRoot\system32\ntoskrnl.exe
0x02A0A000 \SystemRoot\system32\hal.dll
0x00BD0000 \SystemRoot\system32\kdcom.dll
0x00CB9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFD000 \SystemRoot\system32\PSHED.dll
0x00D11000 \SystemRoot\system32\CLFS.SYS
0x00E5B000 \SystemRoot\system32\CI.dll
0x00F1B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FBF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01048000 \SystemRoot\System32\Drivers\spqj.sys
0x0116E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01177000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x011A6000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x01017000 \SystemRoot\System32\drivers\partmgr.sys
0x0102C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D6F000 \SystemRoot\System32\drivers\volmgrx.sys
0x01041000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E33000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FCE000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DCB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FF1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E43000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C4C000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01401000 \SystemRoot\System32\Drivers\cng.sys
0x01474000 \SystemRoot\System32\drivers\pcw.sys
0x01485000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0148F000 \SystemRoot\system32\drivers\ndis.sys
0x01581000 \SystemRoot\system32\drivers\NETIO.SYS
0x016DA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01705000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0174F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0175F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017AB000 \SystemRoot\System32\Drivers\spldr.sys
0x017B3000 \SystemRoot\System32\drivers\rdyboost.sys
0x017ED000 \SystemRoot\System32\Drivers\mup.sys
0x01600000 \SystemRoot\system32\drivers\mfehidk.sys
0x01671000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0167A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x016B4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01AD5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01B3B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01B65000 \SystemRoot\System32\Drivers\Null.SYS
0x01B6E000 \SystemRoot\System32\Drivers\Beep.SYS
0x01B75000 \SystemRoot\System32\drivers\vga.sys
0x01B83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BA8000 \SystemRoot\System32\drivers\watchdog.sys
0x01BB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BCA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BD3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BDE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01A00000 \SystemRoot\system32\drivers\mfetdik.sys
0x01A13000 \SystemRoot\system32\drivers\TDI.SYS
0x01A20000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EEF000 \SystemRoot\system32\drivers\afd.sys
0x02F79000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F82000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02FA8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FB7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FD2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x03E2A000 \SystemRoot\system32\drivers\csc.sys
0x03EAD000 \SystemRoot\System32\Drivers\dfsc.sys
0x03ECB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03EDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F02000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x10053000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10CAE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x10CB0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10DA4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10DEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03F18000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03F6E000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x02E77000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x10024000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x1002D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x1003D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02EB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01A83000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x01AA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01AB3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x10DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x046EB000 \SystemRoot\system32\DRIVERS\ks.sys
0x0472E000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
0x0473E000 \SystemRoot\system32\drivers\WmBEnum.sys
0x04743000 \SystemRoot\system32\drivers\WmXlCore.sys
0x04755000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04767000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x047C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04600000 \SystemRoot\system32\drivers\HdAudio.sys
0x0465C000 \SystemRoot\system32\drivers\portcls.sys
0x04699000 \SystemRoot\system32\drivers\drmk.sys
0x046BB000 \SystemRoot\system32\drivers\ksthunk.sys
0x046C1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x046CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x046DB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x047D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x01B05000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x047E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x015E1000 \SystemRoot\system32\drivers\usbaudio.sys
0x047EB000 \SystemRoot\system32\drivers\skfiltv.sys
0x01B22000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x013D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02EE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x01BEF000 \SystemRoot\system32\DRIVERS\Alpham164.sys
0x047F8000 \SystemRoot\system32\DRIVERS\Alpham264.sys
0x01AC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x016CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01200000 \SystemRoot\system32\DRIVERS\RzSynapse.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x013F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x00CAA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x05C60000 \SystemRoot\system32\drivers\luafv.sys
0x05C83000 \SystemRoot\system32\drivers\WudfPf.sys
0x05CA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05CB9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05CD1000 \SystemRoot\system32\drivers\HTTP.sys
0x05D99000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05DB7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05DCF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x064E2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06505000 \SystemRoot\system32\drivers\peauth.sys
0x065AB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x065B6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x065E3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C2C000 \SystemRoot\System32\DRIVERS\srv.sys
0x06CD9000 \SystemRoot\system32\drivers\mfeavfk.sys
0x06CF5000 \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys
0x06D6C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77B70000 \Windows\System32\ntdll.dll
0x47630000 \Windows\System32\smss.exe
0xFFE90000 \Windows\System32\apisetschema.dll
0xFF4D0000 \Windows\System32\autochk.exe

Processes (total 65):
0 System Idle Process
4 System
340 C:\Windows\System32\smss.exe
432 csrss.exe
508 C:\Windows\System32\wininit.exe
536 csrss.exe
568 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\nvvsvc.exe
856 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
136 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\spoolsv.exe
1232 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1376 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
1416 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
1588 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1600 C:\Windows\System32\nvvsvc.exe
1756 C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
1824 C:\Windows\System32\mfevtps.exe
1872 naPrdMgr.exe
1960 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
2020 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1040 C:\Windows\System32\svchost.exe
1436 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
1664 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
1476 mfeann.exe
1516 C:\Windows\System32\conhost.exe
2480 C:\Windows\System32\taskhost.exe
2528 C:\Windows\System32\dwm.exe
2544 C:\Windows\System32\taskeng.exe
2612 C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
2636 C:\Windows\explorer.exe
3068 C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2732 C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
2876 C:\Program Files (x86)\Razer\Naga\NagaTray.exe
2928 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1440 C:\Users\Brian\AppData\Local\Apps\2.0\AVZHOJYN.37A\EA5GLQGW.RRZ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
3044 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
348 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
368 C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
3276 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe

========================================================

ComboFix 11-01-31.02 - Brian 02/04/2011 14:16:44.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2661 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 19:20 . 2011-02-04 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-03 15:41 . 2011-02-04 17:59 -------- d-----w- c:\users\Brian\AppData\Roaming\RIFT
2011-02-03 15:41 . 2011-02-04 17:46 -------- d-----w- c:\program files (x86)\RIFT Beta
2011-01-31 02:47 . 2011-01-31 02:47 -------- d--h--r- c:\users\Brian\AppData\Roaming\SecuROM
2011-01-31 02:46 . 2011-01-31 02:49 -------- d-----w- c:\users\Brian\AppData\Local\Divinity 2
2011-01-31 02:46 . 2011-01-31 02:46 -------- d-----w- c:\programdata\Divinity 2
2011-01-21 04:31 . 2011-01-21 04:31 -------- d-----w- c:\program files (x86)\Stunlock Studios
2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-20 03:19 . 2010-03-26 01:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-01-20 03:19 . 2010-03-26 01:07 78896 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 03:19 . 2010-03-26 01:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 03:19 . 2010-03-26 01:07 120096 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-20 03:19 . 2010-03-26 01:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-01-20 03:19 . 2010-03-26 01:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 03:19 . 2010-03-26 01:07 469400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2011-01-20 03:18 . 2011-01-20 03:19 -------- d-----w- c:\programdata\McAfee
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\McAfee
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-01-20 03:07 . 2011-01-20 03:07 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\programdata\Malwarebytes
2011-01-20 03:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-20 03:06 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 11:17 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
2011-01-11 22:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 22:58 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 22:58 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 22:58 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 22:58 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 22:58 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-11 22:58 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 22:58 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 22:58 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 22:58 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 18:01 . 2011-01-09 18:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files (x86)\Motorola
2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-08 01:48 . 2011-01-08 01:48 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 11:05 . 2010-12-11 11:05 327680 ----a-w- c:\users\Brian\AppData\Roaming\Adobe.exe
2010-11-18 02:01 . 2010-11-18 02:01 464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2010-11-12 23:53 . 2010-09-23 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-16 1242448]
"Adobe.exe"="c:\users\Brian\AppData\Roaming\Adobe.exe" [2010-12-11 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

c:\users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-9-3 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
R3 X6va002;X6va002;c:\users\Brian\AppData\Local\Temp\002F52C.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 834544]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-03-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-08-11 14440]
S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 73216]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.
Contents of the 'Scheduled Tasks' folder

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]
.

--------- x86-64 -----------

.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Brian\AppData\Local\Temp\002F52C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,c2,95,f4,84,74,2b,12,2e,63,e2,8c,51,ae,dc,00,9d,3b,56,79,0b,
71,3e,e2,58,79,42,b7,c8,3b,5c,29,72,b5,02,82,3f,cc,92,78,99,c9,c8,e8,ac,79,\
"rkeysecu"=hex:de,1d,29,57,c9,b2,ae,42,dc,39,15,5a,ea,4e,5b,3d

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-04 14:21:26
ComboFix-quarantined-files.txt 2011-02-04 19:21

Pre-Run: 389,955,592,192 bytes free
Post-Run: 389,925,294,080 bytes free

- - End Of File - - 8F76472291D4A495970D580C089613CE

Broni · Feb 4, 2011

MBRCheck log is incomplete.
Please, repost it.

Twiggyskulls · Feb 4, 2011

Sorry, here is the completed file. I wasn't sure if it had ran through cause it was just sitting at a screen without a prompt for a while the first time.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: EVGA
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 156):
0x02A53000 \SystemRoot\system32\ntoskrnl.exe
0x02A0A000 \SystemRoot\system32\hal.dll
0x00BD0000 \SystemRoot\system32\kdcom.dll
0x00CB9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CFD000 \SystemRoot\system32\PSHED.dll
0x00D11000 \SystemRoot\system32\CLFS.SYS
0x00E5B000 \SystemRoot\system32\CI.dll
0x00F1B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FBF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01048000 \SystemRoot\System32\Drivers\spqj.sys
0x0116E000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01177000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x011A6000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01000000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x0100A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x01017000 \SystemRoot\System32\drivers\partmgr.sys
0x0102C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D6F000 \SystemRoot\System32\drivers\volmgrx.sys
0x01041000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E33000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FCE000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE8000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DCB000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00FF1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E43000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00C4C000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01401000 \SystemRoot\System32\Drivers\cng.sys
0x01474000 \SystemRoot\System32\drivers\pcw.sys
0x01485000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0148F000 \SystemRoot\system32\drivers\ndis.sys
0x01581000 \SystemRoot\system32\drivers\NETIO.SYS
0x016DA000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01705000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0174F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0175F000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017AB000 \SystemRoot\System32\Drivers\spldr.sys
0x017B3000 \SystemRoot\System32\drivers\rdyboost.sys
0x017ED000 \SystemRoot\System32\Drivers\mup.sys
0x01600000 \SystemRoot\system32\drivers\mfehidk.sys
0x01671000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0167A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x016B4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01AD5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01B3B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01B65000 \SystemRoot\System32\Drivers\Null.SYS
0x01B6E000 \SystemRoot\System32\Drivers\Beep.SYS
0x01B75000 \SystemRoot\System32\drivers\vga.sys
0x01B83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BA8000 \SystemRoot\System32\drivers\watchdog.sys
0x01BB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01BC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BCA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01BD3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01BDE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01A00000 \SystemRoot\system32\drivers\mfetdik.sys
0x01A13000 \SystemRoot\system32\drivers\TDI.SYS
0x01A20000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01A3E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02EEF000 \SystemRoot\system32\drivers\afd.sys
0x02F79000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F82000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02FA8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FB7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FD2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x03E2A000 \SystemRoot\system32\drivers\csc.sys
0x03EAD000 \SystemRoot\System32\Drivers\dfsc.sys
0x03ECB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03EDC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F02000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x10053000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10CAE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x10CB0000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10DA4000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10DEA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03F18000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03F6E000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x02E77000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x10024000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x1002D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x1003D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03FD1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03E00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02EB5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E0C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x01A83000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FF5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x01AA4000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x01AB3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x10DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x046EB000 \SystemRoot\system32\DRIVERS\ks.sys
0x0472E000 \SystemRoot\system32\DRIVERS\nvoclk64.sys
0x0473E000 \SystemRoot\system32\drivers\WmBEnum.sys
0x04743000 \SystemRoot\system32\drivers\WmXlCore.sys
0x04755000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04767000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x047C1000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04600000 \SystemRoot\system32\drivers\HdAudio.sys
0x0465C000 \SystemRoot\system32\drivers\portcls.sys
0x04699000 \SystemRoot\system32\drivers\drmk.sys
0x046BB000 \SystemRoot\system32\drivers\ksthunk.sys
0x046C1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x046CF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x046DB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x047D6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x01B05000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x047E9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x015E1000 \SystemRoot\system32\drivers\usbaudio.sys
0x047EB000 \SystemRoot\system32\drivers\skfiltv.sys
0x01B22000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x013D9000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02EE4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x01BEF000 \SystemRoot\system32\DRIVERS\Alpham164.sys
0x047F8000 \SystemRoot\system32\DRIVERS\Alpham264.sys
0x01AC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x016CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x01200000 \SystemRoot\system32\DRIVERS\RzSynapse.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x013F2000 \SystemRoot\System32\drivers\Dxapi.sys
0x00CAA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x05C60000 \SystemRoot\system32\drivers\luafv.sys
0x05C83000 \SystemRoot\system32\drivers\WudfPf.sys
0x05CA4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x05CB9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05CD1000 \SystemRoot\system32\drivers\HTTP.sys
0x05D99000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05DB7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05DCF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05C00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x064E2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06505000 \SystemRoot\system32\drivers\peauth.sys
0x065AB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x065B6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x065E3000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06400000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C2C000 \SystemRoot\System32\DRIVERS\srv.sys
0x06CD9000 \SystemRoot\system32\drivers\mfeavfk.sys
0x06CF5000 \??\C:\Program Files (x86)\EVGA Precision\RTCore64.sys
0x06D6C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06D77000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77B70000 \Windows\System32\ntdll.dll
0x47630000 \Windows\System32\smss.exe
0xFFE90000 \Windows\System32\apisetschema.dll
0xFF4D0000 \Windows\System32\autochk.exe

Processes (total 62):
0 System Idle Process
4 System
340 C:\Windows\System32\smss.exe
432 csrss.exe
508 C:\Windows\System32\wininit.exe
536 csrss.exe
568 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
740 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\nvvsvc.exe
856 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
136 C:\Windows\System32\svchost.exe
524 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\spoolsv.exe
1232 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\svchost.exe
1376 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
1416 C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
1588 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1600 C:\Windows\System32\nvvsvc.exe
1756 C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
1824 C:\Windows\System32\mfevtps.exe
1872 naPrdMgr.exe
1960 C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
2020 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1040 C:\Windows\System32\svchost.exe
1436 C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
1664 C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe
1476 mfeann.exe
1516 C:\Windows\System32\conhost.exe
2480 C:\Windows\System32\taskhost.exe
2528 C:\Windows\System32\dwm.exe
2544 C:\Windows\System32\taskeng.exe
2612 C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
2636 C:\Windows\explorer.exe
3068 C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2732 C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe
2928 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1440 C:\Users\Brian\AppData\Local\Apps\2.0\AVZHOJYN.37A\EA5GLQGW.RRZ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
3044 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
348 C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
368 C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
3428 C:\Windows\System32\SearchIndexer.exe
3800 C:\Windows\System32\svchost.exe
4360 C:\Program Files\Windows Media Player\wmpnetwk.exe
4964 C:\Windows\System32\svchost.exe
4624 C:\Windows\System32\taskhost.exe
4488 C:\Windows\System32\audiodg.exe
4460 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
3668 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
440 C:\Program Files (x86)\Pidgin\pidgin.exe
3420 C:\Program Files (x86)\Ventrilo\Ventrilo.exe
3412 C:\Windows\SysWOW64\dllhost.exe
2760 C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
940 C:\Users\Brian\Desktop\MBRCheck.exe
1424 C:\Windows\System32\conhost.exe
1564 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000AAKS-00V1A0, Rev: 05.01D05

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Broni · Feb 4, 2011

Both logs look fine.

Still same issue?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Twiggyskulls · Feb 4, 2011

After running OTL, the problem still persists...

OTL logfile created on: 2/4/2011 5:26:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 363.19 Gb Free Space | 77.99% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/17 14:52:06 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/16 15:04:06 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/10 20:55:22 | 000,302,184 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
PRC - [2010/03/25 20:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2009/08/25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/06/04 17:56:20 | 000,057,344 | ---- | M] (Ideazon, Inc.) -- C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe

========== Modules (SafeList) ==========

MOD - [2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 20:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/01/10 22:36:35 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/25 20:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2010/03/25 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010/03/25 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2010/03/22 08:17:24 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/19 14:59:00 | 003,595,660 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2009/11/06 12:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/11 05:44:00 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/21 14:59:16 | 000,073,216 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/03/25 20:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/03/25 20:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/03/25 20:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/03/25 20:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/03/25 20:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010/01/25 19:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 17:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/08/14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/07/23 09:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/20 11:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV - [2010/08/10 20:55:22 | 000,014,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\EVGA Precision\RTCore64.sys -- (RTCore64)
DRV - [2004/12/29 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 18 93 54 BF CB 01 [binary data]
IE - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/19 22:19:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/19 23:44:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/09 21:26:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010/11/19 23:44:01 | 000,000,000 | ---D | M]

[2010/07/27 17:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2010/07/27 16:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/28 19:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\extensions
[2011/01/28 20:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/22 20:40:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 16:21:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/27 22:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/03/25 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [Zboard] C:\Program Files (x86)\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001..\Run: [Adobe.exe] C:\Users\Brian\AppData\Roaming\Adobe.exe (Adobe Corporation)
O4 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.200.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 16:09:47 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2011/02/04 14:59:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/04 14:21:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/02/04 14:16:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/04 14:16:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/04 14:16:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/04 14:15:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/04 14:15:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/04 11:33:07 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\TFC.exe
[2011/02/04 11:21:42 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/02/04 11:21:42 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/02/04 10:45:47 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/02/03 10:41:24 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\RIFT
[2011/02/03 10:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011/02/03 10:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RIFT Beta
[2011/01/30 21:47:45 | 000,000,000 | RH-D | C] -- C:\Users\Brian\AppData\Roaming\SecuROM
[2011/01/30 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Divinity 2
[2011/01/30 21:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2011/01/27 22:24:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/20 23:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodline Champions
[2011/01/20 23:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stunlock Studios
[2011/01/20 23:30:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2011/01/19 22:19:58 | 000,078,896 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/01/19 22:19:56 | 000,120,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/01/19 22:19:56 | 000,097,576 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2011/01/19 22:19:55 | 000,084,424 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfetdik.sys
[2011/01/19 22:19:54 | 000,469,400 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2011/01/19 22:19:54 | 000,079,504 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2011/01/19 22:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/01/19 22:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2011/01/19 22:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/01/19 22:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2011/01/19 22:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2011/01/19 22:07:36 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
[2011/01/19 22:06:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/19 22:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/19 22:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/19 22:06:28 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/19 22:06:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/09 13:01:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/01/09 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2011/01/09 12:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/12/11 06:05:43 | 000,327,680 | ---- | C] (Adobe Corporation) -- C:\Users\Brian\AppData\Roaming\Adobe.exe

========== Files - Modified Within 30 Days ==========

[2011/02/04 16:57:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
[2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2011/02/04 15:57:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
[2011/02/04 14:11:52 | 004,263,406 | R--- | M] () -- C:\Users\Brian\Desktop\ComboFix.exe
[2011/02/04 12:06:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 12:06:33 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 12:05:22 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/02/04 12:05:22 | 000,626,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/02/04 12:05:22 | 000,107,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/02/04 11:58:47 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/02/04 11:58:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/04 11:58:27 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/04 11:40:34 | 000,624,128 | ---- | M] () -- C:\Users\Brian\Desktop\dds.scr
[2011/02/04 11:34:15 | 000,296,448 | ---- | M] () -- C:\Users\Brian\Desktop\7cesb1hr.exe
[2011/02/04 11:33:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\TFC.exe
[2011/02/04 11:31:05 | 000,080,384 | ---- | M] () -- C:\Users\Brian\Desktop\MBRCheck.exe
[2011/02/03 10:42:09 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Play RIFT Beta.lnk
[2011/01/24 12:43:47 | 000,013,280 | ---- | M] () -- C:\Users\Brian\Desktop\Previous Employers.docx
[2011/01/19 22:06:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 17:17:47 | 000,378,368 | ---- | M] () -- C:\Users\Brian\Desktop\HelpDesk Winter Schedule 2010-2011.xls
[2011/01/09 12:42:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/01/09 12:42:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/01/09 12:42:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/01/09 12:41:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/01/09 12:41:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/01/09 12:41:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2011/01/07 22:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011/01/07 22:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011/01/07 22:27:00 | 000,007,621 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb

========== Files Created - No Company Name ==========

[2011/02/04 14:16:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/04 14:16:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/04 14:16:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/04 14:16:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/04 14:16:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/04 14:11:38 | 004,263,406 | R--- | C] () -- C:\Users\Brian\Desktop\ComboFix.exe
[2011/02/04 11:40:29 | 000,624,128 | ---- | C] () -- C:\Users\Brian\Desktop\dds.scr
[2011/02/04 11:34:13 | 000,296,448 | ---- | C] () -- C:\Users\Brian\Desktop\7cesb1hr.exe
[2011/02/04 11:31:04 | 000,080,384 | ---- | C] () -- C:\Users\Brian\Desktop\MBRCheck.exe
[2011/02/03 10:42:09 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT Beta.lnk
[2011/01/19 22:06:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 17:17:40 | 000,378,368 | ---- | C] () -- C:\Users\Brian\Desktop\HelpDesk Winter Schedule 2010-2011.xls
[2011/01/09 12:42:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2011/01/09 12:42:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2011/01/09 12:42:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2011/01/09 12:41:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2011/01/09 12:41:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2011/01/09 12:41:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motusbdevice_01007.Wdf
[2010/12/27 14:02:03 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/30 10:53:33 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/14 10:39:29 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/14 10:39:27 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/14 10:39:27 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/14 10:39:26 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/14 10:39:26 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/14 10:38:35 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/07/27 17:42:25 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/09/19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008/09/19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini

========== LOP Check ==========

[2011/02/04 17:25:44 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\.purple
[2010/12/11 05:50:30 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite
[2011/01/01 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\gtk-2.0
[2010/10/10 16:46:19 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Hi-Rez Studios
[2010/07/27 18:27:48 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Ideazon
[2010/09/02 12:28:50 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Leadertech
[2010/07/27 18:35:12 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\LolClient
[2010/11/06 15:19:55 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\NJStar
[2011/02/04 12:59:10 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\RIFT
[2010/07/27 16:03:17 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Thunderbird
[2010/12/01 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Trillian
[2009/07/14 00:08:49 | 000,020,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/02/04 14:21:26 | 000,017,028 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/02/04 11:58:27 | 3214,237,696 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/04 11:58:27 | 4285,652,992 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/27 15:45:59 | 000,000,221 | -HS- | M] () -- C:\Users\Brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/02/04 10:56:41 | 138,895,096 | ---- | M] (NVIDIA Corporation) -- C:\Users\Brian\Desktop\266.58_desktop_win7_winvista_64bit_english_whql.exe
[2011/02/04 11:34:15 | 000,296,448 | ---- | M] () -- C:\Users\Brian\Desktop\7cesb1hr.exe
[2011/02/04 14:11:52 | 004,263,406 | R--- | M] () -- C:\Users\Brian\Desktop\ComboFix.exe
[2011/02/04 11:31:05 | 000,080,384 | ---- | M] () -- C:\Users\Brian\Desktop\MBRCheck.exe
[2011/02/04 16:09:50 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe
[2011/02/04 11:33:09 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/02/04 11:23:39 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/02/04 11:23:39 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/07/27 16:30:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/07/27 16:30:04 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/02/04 11:23:39 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 15:38:58 | 000,000,402 | -HS- | M] () -- C:\Users\Brian\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Twiggyskulls · Feb 4, 2011

OTL Extras logfile created on: 2/4/2011 5:26:11 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Brian\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 363.19 Gb Free Space | 77.99% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBCD7C60-5996-4C0A-AC3C-DBA334270B1F}" = Brother HL-2170W
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"DivX Setup.divx.com" = DivX Setup
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NJStar Japanese WP" = NJStar Japanese WP
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"Precision" = EVGA Precision 1.9.6
"Steam App 17050" = Global Agenda - Demo
"Steam App 33670" = Disciples III: Renaissance
"Steam App 58540" = Divinity II - The Dragon Knight Saga
"Steam App 630" = Alien Swarm
"Steam App 63200" = Monday Night Combat
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2011 1:22:38 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mnc.exe, version: 1.0.5694.0, time stamp:
0x4d12a447 Faulting module name: steam_api.dll, version: 0.89.39.43, time stamp:
0x4c44851a Exception code: 0xc0000005 Fault offset: 0x000018ea Faulting process id:
0xee8 Faulting application start time: 0x01cbafae1fd6d834 Faulting application path:
c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\steam_api.dll
Report
Id: 79086588-1bb0-11e0-afb8-001fbc0891bf

Error - 1/9/2011 3:13:03 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mnc.exe, version: 1.0.5694.0, time stamp:
0x4d12a447 Faulting module name: steam_api.dll, version: 0.89.39.43, time stamp:
0x4c44851a Exception code: 0xc0000005 Fault offset: 0x000018ea Faulting process id:
0x344 Faulting application start time: 0x01cbafbd5ac88a4b Faulting application path:
c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\steam_api.dll
Report
Id: e5b3dedc-1bbf-11e0-afb8-001fbc0891bf

Error - 1/9/2011 4:21:35 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mnc.exe, version: 1.0.5694.0, time stamp:
0x4d12a447 Faulting module name: steam_api.dll, version: 0.89.39.43, time stamp:
0x4c44851a Exception code: 0xc0000005 Fault offset: 0x000018ea Faulting process id:
0x390 Faulting application start time: 0x01cbafccbb6d22e0 Faulting application path:
c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\mnc.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\monday night combat\binaries\win32\steam_api.dll
Report
Id: 78a651e4-1bc9-11e0-afb8-001fbc0891bf

Error - 1/20/2011 1:07:33 AM | Computer Name = Brian-PC | Source = McLogEvent | ID = 259
Description = The scan found detections. Scan engine version 5400.1158 DAT version
6231.

Error - 1/24/2011 5:31:37 PM | Computer Name = Brian-PC | Source = Wininit | ID = 1015
Description = A critical system process, C:\Windows\system32\lsass.exe, failed with
status code 1. The machine must now be restarted.

Error - 1/28/2011 8:19:01 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
Exception
code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x71c Faulting application
start time: 0x01cbbf4a169dedc8 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
Report
Id: 5ed55f9a-2b3d-11e0-85f8-b174331f748c

Error - 1/28/2011 8:30:21 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
Exception
code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x364 Faulting application
start time: 0x01cbbf4bad725116 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
Report
Id: f45c45fb-2b3e-11e0-85f8-b174331f748c

Error - 1/28/2011 8:31:39 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
Exception
code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x470 Faulting application
start time: 0x01cbbf4bdba6dbc6 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
Report
Id: 225e72fe-2b3f-11e0-85f8-b174331f748c

Error - 1/28/2011 8:34:55 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 0.0.0.0, time stamp:
0x4d27c1b0 Faulting module name: chrome.dll, version: 8.0.552.237, time stamp: 0x4d27c173
Exception
code: 0x80000003 Fault offset: 0x000d069a Faulting process id: 0x2b4 Faulting application
start time: 0x01cbbf4c50e09ae4 Faulting application path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: C:\Users\Brian\AppData\Local\Google\Chrome\Application\8.0.552.237\chrome.dll
Report
Id: 9782bcf2-2b3f-11e0-85f8-b174331f748c

Error - 2/4/2011 10:39:56 AM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Divinity2.exe, version: 1.4.9.70, time
stamp: 0x4d060e3a Faulting module name: Divinity2.exe, version: 1.4.9.70, time stamp:
0x4d060e3a Exception code: 0xc0000005 Fault offset: 0x00b86dfa Faulting process id:
0x11c8 Faulting application start time: 0x01cbc4795836f01d Faulting application path:
c:\program files (x86)\steam\steamapps\common\divinity ii - dragon knight saga\bin\Divinity2.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\divinity ii - dragon
knight saga\bin\Divinity2.exe Report Id: a22e4fbc-306c-11e0-9cd7-001fbc0891bf

[ System Events ]
Error - 1/28/2011 6:01:44 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 1/28/2011 8:35:52 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Engine Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 1/28/2011 8:39:24 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 1/28/2011 8:52:02 PM | Computer Name = Brian-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Users\Brian\AppData\Local\Temp\catchme.sys has been blocked
from loading due to incompatibility with this system. Please contact your software
vendor for a compatible version of the driver.

Error - 1/28/2011 8:55:27 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/1/2011 10:01:37 PM | Computer Name = Brian-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/1/2011 10:01:38 PM | Computer Name = Brian-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/4/2011 12:28:53 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MotoConnect Service service.

Error - 2/4/2011 12:35:06 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Framework Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/4/2011 3:20:20 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >

Broni · Feb 4, 2011

OTL is just a scan. It doesn't fix anything.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

=====================================================================

Now, we'll reset your router...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

Still same issue?

Twiggyskulls · Feb 4, 2011

Still the same issue...

All processes killed
Error: Unable to interpret <O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found> in the current context!
Error: Unable to interpret <O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 222634 bytes
->Temporary Internet Files folder emptied: 10941660 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 120725384 bytes
->Flash cache emptied: 2625 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 126.00 mb

[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02042011_180630

Files\Folders moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Broni · Feb 4, 2011

You didn't run OTL fix correctly.
Most likely, you didn't copy my whole script, especially "a colon" in front of "OTL (1st line).
Please, redo.

Have you reset router yet?

Twiggyskulls · Feb 6, 2011

Here is a re-post of the script ran again. Could you explain what restarting the router might do in this case?

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brian
->Temp folder emptied: 222636 bytes
->Temporary Internet Files folder emptied: 13653002 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 8700223 bytes
->Flash cache emptied: 2418 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4713188 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26.00 mb

[EMPTYFLASH]

User: All Users

User: Brian
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02062011_130203

Files\Folders moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Broni · Feb 6, 2011

That's resetting router, not restarting.
Sometimes, router may get infected as well and it needs to be reset.

Twiggyskulls · Feb 6, 2011

Broni said:
That's resetting router, not restarting.
Sometimes, router may get infected as well and it needs to be reset.

Yes, i had meant resetting, not actually power cycling the router. After resetting the settings, it's still around.

Broni · Feb 6, 2011

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Twiggyskulls · Feb 6, 2011

2011/02/06 16:14:08.0836 0724 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/06 16:14:09.0139 0724 ================================================================================
2011/02/06 16:14:09.0139 0724 SystemInfo:
2011/02/06 16:14:09.0139 0724
2011/02/06 16:14:09.0139 0724 OS Version: 6.1.7600 ServicePack: 0.0
2011/02/06 16:14:09.0139 0724 Product type: Workstation
2011/02/06 16:14:09.0139 0724 ComputerName: BRIAN-PC
2011/02/06 16:14:09.0139 0724 UserName: Brian
2011/02/06 16:14:09.0139 0724 Windows directory: C:\Windows
2011/02/06 16:14:09.0139 0724 System windows directory: C:\Windows
2011/02/06 16:14:09.0139 0724 Running under WOW64
2011/02/06 16:14:09.0139 0724 Processor architecture: Intel x64
2011/02/06 16:14:09.0139 0724 Number of processors: 8
2011/02/06 16:14:09.0139 0724 Page size: 0x1000
2011/02/06 16:14:09.0139 0724 Boot type: Normal boot
2011/02/06 16:14:09.0139 0724 ================================================================================
2011/02/06 16:14:09.0389 0724 Initialize success
2011/02/06 16:14:17.0805 4268 ================================================================================
2011/02/06 16:14:17.0805 4268 Scan started
2011/02/06 16:14:17.0805 4268 Mode: Manual;
2011/02/06 16:14:17.0805 4268 ================================================================================
2011/02/06 16:14:18.0841 4268 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/02/06 16:14:18.0869 4268 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/02/06 16:14:18.0887 4268 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/02/06 16:14:18.0907 4268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/02/06 16:14:18.0933 4268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/02/06 16:14:18.0966 4268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/02/06 16:14:19.0005 4268 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/02/06 16:14:19.0037 4268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/02/06 16:14:19.0062 4268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/02/06 16:14:19.0103 4268 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
2011/02/06 16:14:19.0161 4268 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
2011/02/06 16:14:19.0226 4268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/02/06 16:14:19.0241 4268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/02/06 16:14:19.0251 4268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/02/06 16:14:19.0267 4268 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/02/06 16:14:19.0287 4268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/02/06 16:14:19.0310 4268 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/02/06 16:14:19.0326 4268 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/02/06 16:14:19.0371 4268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/02/06 16:14:19.0391 4268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/02/06 16:14:19.0458 4268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/06 16:14:19.0474 4268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/02/06 16:14:19.0510 4268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/02/06 16:14:19.0544 4268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/02/06 16:14:19.0575 4268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/02/06 16:14:19.0613 4268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/02/06 16:14:19.0634 4268 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/06 16:14:19.0645 4268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/02/06 16:14:19.0660 4268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/02/06 16:14:19.0684 4268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/02/06 16:14:19.0698 4268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/02/06 16:14:19.0708 4268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/02/06 16:14:19.0718 4268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/02/06 16:14:19.0769 4268 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
2011/02/06 16:14:19.0799 4268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/02/06 16:14:19.0903 4268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/06 16:14:19.0935 4268 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/06 16:14:19.0958 4268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/02/06 16:14:19.0981 4268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/02/06 16:14:20.0005 4268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/06 16:14:20.0023 4268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/02/06 16:14:20.0047 4268 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/02/06 16:14:20.0071 4268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/06 16:14:20.0108 4268 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/02/06 16:14:20.0131 4268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/02/06 16:14:20.0172 4268 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/02/06 16:14:20.0218 4268 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/02/06 16:14:20.0241 4268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/02/06 16:14:20.0256 4268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/02/06 16:14:20.0298 4268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/02/06 16:14:20.0371 4268 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/06 16:14:20.0486 4268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/02/06 16:14:20.0555 4268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/02/06 16:14:20.0572 4268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/02/06 16:14:20.0590 4268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/02/06 16:14:20.0611 4268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/02/06 16:14:20.0635 4268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/06 16:14:20.0660 4268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/02/06 16:14:20.0677 4268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/02/06 16:14:20.0688 4268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/06 16:14:20.0709 4268 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/02/06 16:14:20.0731 4268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/02/06 16:14:20.0745 4268 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/06 16:14:20.0799 4268 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/02/06 16:14:20.0863 4268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/02/06 16:14:20.0878 4268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/02/06 16:14:20.0916 4268 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/02/06 16:14:20.0941 4268 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/06 16:14:20.0950 4268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/02/06 16:14:20.0959 4268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/02/06 16:14:20.0976 4268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/02/06 16:14:20.0999 4268 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/06 16:14:21.0022 4268 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/02/06 16:14:21.0061 4268 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/02/06 16:14:21.0080 4268 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/02/06 16:14:21.0092 4268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/06 16:14:21.0120 4268 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/02/06 16:14:21.0162 4268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/02/06 16:14:21.0183 4268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/02/06 16:14:21.0203 4268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/06 16:14:21.0225 4268 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/06 16:14:21.0233 4268 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/02/06 16:14:21.0249 4268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/02/06 16:14:21.0280 4268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/02/06 16:14:21.0306 4268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/02/06 16:14:21.0337 4268 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/06 16:14:21.0357 4268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/06 16:14:21.0374 4268 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/06 16:14:21.0389 4268 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/06 16:14:21.0430 4268 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/02/06 16:14:21.0494 4268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/02/06 16:14:21.0541 4268 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/02/06 16:14:21.0616 4268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/06 16:14:21.0636 4268 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/02/06 16:14:21.0714 4268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/02/06 16:14:21.0737 4268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/02/06 16:14:21.0756 4268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/02/06 16:14:21.0771 4268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/02/06 16:14:21.0793 4268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/02/06 16:14:21.0868 4268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/02/06 16:14:21.0889 4268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/02/06 16:14:21.0922 4268 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
2011/02/06 16:14:21.0993 4268 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
2011/02/06 16:14:22.0064 4268 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
2011/02/06 16:14:22.0111 4268 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
2011/02/06 16:14:22.0154 4268 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
2011/02/06 16:14:22.0226 4268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/02/06 16:14:22.0254 4268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/06 16:14:22.0305 4268 motccgp (338ba6b7170111edc2e43b5b4eaf17df) C:\Windows\system32\DRIVERS\motccgp.sys
2011/02/06 16:14:22.0358 4268 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
2011/02/06 16:14:22.0413 4268 motmodem (e90aba3c6f01be2c456c4aa857b28646) C:\Windows\system32\DRIVERS\motmodem.sys
2011/02/06 16:14:22.0456 4268 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
2011/02/06 16:14:22.0537 4268 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
2011/02/06 16:14:22.0625 4268 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\Windows\system32\DRIVERS\motusbdevice.sys
2011/02/06 16:14:22.0692 4268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/06 16:14:22.0713 4268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/06 16:14:22.0732 4268 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/02/06 16:14:22.0750 4268 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/02/06 16:14:22.0767 4268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/06 16:14:22.0792 4268 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/06 16:14:22.0828 4268 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/06 16:14:22.0884 4268 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/06 16:14:22.0951 4268 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/06 16:14:23.0018 4268 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/02/06 16:14:23.0038 4268 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/02/06 16:14:23.0064 4268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/02/06 16:14:23.0080 4268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/02/06 16:14:23.0094 4268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/02/06 16:14:23.0129 4268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/06 16:14:23.0143 4268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/06 16:14:23.0155 4268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/02/06 16:14:23.0178 4268 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/02/06 16:14:23.0199 4268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/06 16:14:23.0208 4268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/02/06 16:14:23.0235 4268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/02/06 16:14:23.0271 4268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/02/06 16:14:23.0308 4268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/06 16:14:23.0347 4268 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/02/06 16:14:23.0384 4268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/02/06 16:14:23.0403 4268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/06 16:14:23.0419 4268 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/06 16:14:23.0442 4268 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/06 16:14:23.0462 4268 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/02/06 16:14:23.0481 4268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/06 16:14:23.0507 4268 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/06 16:14:23.0554 4268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/02/06 16:14:23.0585 4268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/02/06 16:14:23.0650 4268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/06 16:14:23.0689 4268 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/02/06 16:14:23.0740 4268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/02/06 16:14:23.0990 4268 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/06 16:14:24.0205 4268 nvoclk64 (8c1d181480796d7d3366a9381fd7782d) C:\Windows\system32\DRIVERS\nvoclk64.sys
2011/02/06 16:14:24.0262 4268 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/02/06 16:14:24.0280 4268 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/02/06 16:14:24.0313 4268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/02/06 16:14:24.0326 4268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/06 16:14:24.0350 4268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/02/06 16:14:24.0369 4268 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/02/06 16:14:24.0386 4268 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/02/06 16:14:24.0407 4268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/02/06 16:14:24.0419 4268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/06 16:14:24.0433 4268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/02/06 16:14:24.0458 4268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/02/06 16:14:24.0518 4268 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/06 16:14:24.0542 4268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/02/06 16:14:24.0576 4268 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/06 16:14:24.0633 4268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/02/06 16:14:24.0665 4268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/02/06 16:14:24.0688 4268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/06 16:14:24.0708 4268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/06 16:14:24.0740 4268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/02/06 16:14:24.0758 4268 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/06 16:14:24.0784 4268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/06 16:14:24.0807 4268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/06 16:14:24.0829 4268 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/06 16:14:24.0845 4268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/02/06 16:14:24.0861 4268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/06 16:14:24.0895 4268 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/02/06 16:14:24.0922 4268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/06 16:14:24.0940 4268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/02/06 16:14:24.0963 4268 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/02/06 16:14:24.0986 4268 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/02/06 16:14:25.0024 4268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/06 16:14:25.0090 4268 RTCore64 (b971b79bdca77e8755e615909a1c7a9f) C:\Program Files (x86)\EVGA Precision\RTCore64.sys
2011/02/06 16:14:25.0198 4268 RzSynapse (d2ceff3befe9c468717b6bb7fa4a5e44) C:\Windows\system32\DRIVERS\RzSynapse.sys
2011/02/06 16:14:25.0277 4268 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/02/06 16:14:25.0309 4268 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/02/06 16:14:25.0333 4268 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/02/06 16:14:25.0359 4268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/02/06 16:14:25.0381 4268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/02/06 16:14:25.0406 4268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/02/06 16:14:25.0416 4268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/02/06 16:14:25.0436 4268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/02/06 16:14:25.0447 4268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/02/06 16:14:25.0458 4268 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/02/06 16:14:25.0469 4268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/02/06 16:14:25.0494 4268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/02/06 16:14:25.0517 4268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/02/06 16:14:25.0537 4268 skfiltv (01acb9228c303de1fff82b807d28b2b0) C:\Windows\system32\drivers\skfiltv.sys
2011/02/06 16:14:25.0592 4268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/02/06 16:14:25.0622 4268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/02/06 16:14:25.0670 4268 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/02/06 16:14:25.0670 4268 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/02/06 16:14:25.0673 4268 sptd - detected Locked file (1)
2011/02/06 16:14:25.0702 4268 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/02/06 16:14:25.0774 4268 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/06 16:14:25.0855 4268 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/06 16:14:25.0935 4268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/02/06 16:14:25.0965 4268 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/02/06 16:14:25.0985 4268 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/02/06 16:14:26.0006 4268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/06 16:14:26.0061 4268 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/02/06 16:14:26.0130 4268 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/06 16:14:26.0165 4268 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/06 16:14:26.0200 4268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/02/06 16:14:26.0211 4268 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/02/06 16:14:26.0222 4268 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/06 16:14:26.0234 4268 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/06 16:14:26.0259 4268 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/06 16:14:26.0271 4268 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/06 16:14:26.0284 4268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/06 16:14:26.0367 4268 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/06 16:14:26.0448 4268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/02/06 16:14:26.0468 4268 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/06 16:14:26.0488 4268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/02/06 16:14:26.0534 4268 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/02/06 16:14:26.0557 4268 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/06 16:14:26.0582 4268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/02/06 16:14:26.0603 4268 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/06 16:14:26.0625 4268 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/06 16:14:26.0640 4268 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/06 16:14:26.0664 4268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/06 16:14:26.0684 4268 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/06 16:14:26.0703 4268 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/06 16:14:26.0718 4268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/02/06 16:14:26.0733 4268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/06 16:14:26.0748 4268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/02/06 16:14:26.0760 4268 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/02/06 16:14:26.0783 4268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/02/06 16:14:26.0814 4268 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/02/06 16:14:26.0828 4268 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/02/06 16:14:26.0845 4268 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/02/06 16:14:26.0867 4268 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/02/06 16:14:26.0900 4268 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/02/06 16:14:26.0923 4268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/02/06 16:14:26.0947 4268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/02/06 16:14:26.0979 4268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/02/06 16:14:27.0017 4268 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/06 16:14:27.0035 4268 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/06 16:14:27.0085 4268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/02/06 16:14:27.0114 4268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/06 16:14:27.0154 4268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/02/06 16:14:27.0177 4268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/02/06 16:14:27.0245 4268 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/02/06 16:14:27.0289 4268 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
2011/02/06 16:14:27.0361 4268 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
2011/02/06 16:14:27.0425 4268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/02/06 16:14:27.0448 4268 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
2011/02/06 16:14:27.0516 4268 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
2011/02/06 16:14:27.0556 4268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/06 16:14:27.0578 4268 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/02/06 16:14:27.0601 4268 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/06 16:14:27.0690 4268 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/02/06 16:14:27.0712 4268 ================================================================================
2011/02/06 16:14:27.0712 4268 Scan finished
2011/02/06 16:14:27.0712 4268 ================================================================================
2011/02/06 16:14:27.0717 4476 Detected object count: 1
2011/02/06 16:14:33.0083 4476 Locked file(sptd) - User select action: Skip
2011/02/06 16:14:47.0543 3668 Deinitialize success

Broni · Feb 6, 2011

Nothing there.

Let's try to reset your MBR.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, check for the issue.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

Twiggyskulls · Feb 6, 2011

Printed out the directions and followed them word for word, problem is still persistent. I would assume it lies somewhere in the Startup configuration since it only occurs upon booting into the OS.

Broni · Feb 6, 2011

Please, delete your Combofix file, download fresh one and post new log.

Twiggyskulls · Feb 6, 2011

Should I run Combofix Uninstall?

Broni · Feb 6, 2011

No..............

Twiggyskulls · Feb 6, 2011

ComboFix 11-02-05.01 - Brian 02/06/2011 17:56:28.5.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2884 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-06 23:00 . 2011-02-06 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 23:06 . 2011-02-04 23:06 -------- d-----w- C:\_OTL
2011-02-03 15:41 . 2011-02-04 17:59 -------- d-----w- c:\users\Brian\AppData\Roaming\RIFT
2011-02-03 15:41 . 2011-02-06 22:24 -------- d-----w- c:\program files (x86)\RIFT Beta
2011-01-31 02:47 . 2011-01-31 02:47 -------- d--h--r- c:\users\Brian\AppData\Roaming\SecuROM
2011-01-31 02:46 . 2011-01-31 02:49 -------- d-----w- c:\users\Brian\AppData\Local\Divinity 2
2011-01-31 02:46 . 2011-01-31 02:46 -------- d-----w- c:\programdata\Divinity 2
2011-01-21 04:31 . 2011-01-21 04:31 -------- d-----w- c:\program files (x86)\Stunlock Studios
2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-20 03:19 . 2010-03-26 01:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-01-20 03:19 . 2010-03-26 01:07 78896 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 03:19 . 2010-03-26 01:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 03:19 . 2010-03-26 01:07 120096 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-20 03:19 . 2010-03-26 01:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-01-20 03:19 . 2010-03-26 01:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 03:19 . 2010-03-26 01:07 469400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2011-01-20 03:18 . 2011-01-20 03:19 -------- d-----w- c:\programdata\McAfee
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\McAfee
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-01-20 03:07 . 2011-01-20 03:07 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\programdata\Malwarebytes
2011-01-20 03:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-20 03:06 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 11:17 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
2011-01-11 22:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 22:58 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 22:58 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 22:58 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 22:58 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 22:58 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-11 22:58 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 22:58 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 22:58 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 22:58 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 18:01 . 2011-01-09 18:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files (x86)\Motorola
2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-08 01:48 . 2011-01-08 01:48 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 11:05 . 2010-12-11 11:05 327680 ----a-w- c:\users\Brian\AppData\Roaming\Adobe.exe
2010-11-18 02:01 . 2010-11-18 02:01 464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2010-11-12 23:53 . 2010-09-23 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-16 1242448]
"Adobe.exe"="c:\users\Brian\AppData\Roaming\Adobe.exe" [2010-12-11 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\Legend of Edda\GameGuard\dump_wmimmc.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
R3 X6va002;X6va002;c:\users\Brian\AppData\Local\Temp\002F52C.tmp [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 834544]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-03-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-08-11 14440]
S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 73216]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.
Contents of the 'Scheduled Tasks' folder

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]
.

--------- x86-64 -----------

.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Brian\AppData\Local\Temp\002F52C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,c2,95,f4,84,74,2b,12,2e,63,e2,8c,51,ae,dc,00,9d,3b,56,79,0b,
71,3e,e2,58,79,42,b7,c8,3b,5c,29,72,b5,02,82,3f,cc,92,78,99,c9,c8,e8,ac,79,\
"rkeysecu"=hex:de,1d,29,57,c9,b2,ae,42,dc,39,15,5a,ea,4e,5b,3d

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-06 18:02:14
ComboFix-quarantined-files.txt 2011-02-06 23:02
ComboFix2.txt 2011-02-04 19:21

Pre-Run: 399,594,196,992 bytes free
Post-Run: 399,585,755,136 bytes free

- - End Of File - - 745D497B2C1E3DF26B5958D208379480

Broni · Feb 6, 2011

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Driver::
dump_wmimmc
npggsvc
X6va002


Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Twiggyskulls · Feb 6, 2011

ComboFix 11-02-05.01 - Brian 02/06/2011 18:15:47.6.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4087.2645 [GMT -5:00]
Running from: c:\users\Brian\Desktop\ComboFix.exe
Command switches used :: c:\users\Brian\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_X6VA002
-------\Service_dump_wmimmc
-------\Service_npggsvc
-------\Service_X6va002

((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-06 23:18 . 2011-02-06 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 23:06 . 2011-02-04 23:06 -------- d-----w- C:\_OTL
2011-02-03 15:41 . 2011-02-04 17:59 -------- d-----w- c:\users\Brian\AppData\Roaming\RIFT
2011-02-03 15:41 . 2011-02-06 23:04 -------- d-----w- c:\program files (x86)\RIFT Beta
2011-01-31 02:47 . 2011-01-31 02:47 -------- d--h--r- c:\users\Brian\AppData\Roaming\SecuROM
2011-01-31 02:46 . 2011-01-31 02:49 -------- d-----w- c:\users\Brian\AppData\Local\Divinity 2
2011-01-31 02:46 . 2011-01-31 02:46 -------- d-----w- c:\programdata\Divinity 2
2011-01-21 04:31 . 2011-01-21 04:31 -------- d-----w- c:\program files (x86)\Stunlock Studios
2011-01-21 04:30 . 2011-01-21 04:30 -------- d-----w- c:\program files (x86)\Microsoft XNA
2011-01-20 03:19 . 2010-03-26 01:07 23864 ----a-w- c:\program files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-01-20 03:19 . 2010-03-26 01:07 78896 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-01-20 03:19 . 2010-03-26 01:07 97576 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-01-20 03:19 . 2010-03-26 01:07 120096 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-01-20 03:19 . 2010-03-26 01:07 84424 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2011-01-20 03:19 . 2010-03-26 01:07 79504 ----a-w- c:\windows\system32\mfevtps.exe
2011-01-20 03:19 . 2010-03-26 01:07 469400 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2011-01-20 03:18 . 2011-01-20 03:19 -------- d-----w- c:\programdata\McAfee
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\McAfee
2011-01-20 03:18 . 2011-01-20 03:18 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2011-01-20 03:07 . 2011-01-20 03:07 -------- d-----w- c:\users\Brian\AppData\Roaming\Malwarebytes
2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\programdata\Malwarebytes
2011-01-20 03:06 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-20 03:06 . 2011-01-20 03:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-20 03:06 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 11:17 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A737006A-BA3C-4DAA-97E3-991531DE6B87}\mpengine.dll
2011-01-11 22:58 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 22:58 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 22:58 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 22:58 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 22:58 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 22:58 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-11 22:58 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 22:58 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 22:58 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 22:58 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-09 18:01 . 2011-01-09 18:01 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files (x86)\Motorola
2011-01-09 17:40 . 2011-01-09 17:40 -------- d-----w- c:\program files\Common Files\Motorola Shared
2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
2011-01-08 01:48 . 2011-01-08 01:48 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-11 11:05 . 2010-12-11 11:05 327680 ----a-w- c:\users\Brian\AppData\Roaming\Adobe.exe
2010-11-18 02:01 . 2010-11-18 02:01 464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2010-11-12 23:53 . 2010-09-23 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-06_23.01.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-06 22:17 . 2011-02-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-06 23:19 . 2011-02-06 23:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-06 22:17 . 2011-02-06 22:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-06 23:19 . 2011-02-06 23:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-02-06 23:19 384036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-06 22:14 384036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-07-29 07:23 . 2011-02-06 22:14 724165 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365112199-3682941248-1621301289-1001-12288.dat
+ 2010-07-29 07:23 . 2011-02-06 23:19 724165 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1365112199-3682941248-1621301289-1001-12288.dat
+ 2010-09-13 23:31 . 2011-02-06 23:19 1442624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-13 23:31 . 2011-02-04 16:18 1442624 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-27 136176]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-16 1242448]
"Adobe.exe"="c:\users\Brian\AppData\Roaming\Adobe.exe" [2010-12-11 327680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Zboard"="c:\program files (x86)\Ideazon\ZEngine\Zboard.exe" [2009-06-04 57344]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\NagaTray.exe" [2010-05-11 810880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-03-26 78896]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2009-06-19 20992]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-11 834544]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe [2010-03-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-03-26 79504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
S3 RTCore64;RTCore64;c:\program files (x86)\EVGA Precision\RTCore64.sys [2010-08-11 14440]
S3 RzSynapse;Razer Naga Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-04-21 73216]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

.
Contents of the 'Scheduled Tasks' folder

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1365112199-3682941248-1621301289-1001UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 20:46]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF8748.cfxxe" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\2g6ao8s6.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1365112199-3682941248-1621301289-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,c2,95,f4,84,74,2b,12,2e,63,e2,8c,51,ae,dc,00,9d,3b,56,79,0b,
71,3e,e2,58,79,42,b7,c8,3b,5c,29,72,b5,02,82,3f,cc,92,78,99,c9,c8,e8,ac,79,\
"rkeysecu"=hex:de,1d,29,57,c9,b2,ae,42,dc,39,15,5a,ea,4e,5b,3d

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\EVGA Precision\EVGAPrecision.exe
c:\users\Brian\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-02-06 18:25:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-06 23:25
ComboFix2.txt 2011-02-06 23:02
ComboFix3.txt 2011-02-04 19:21

Pre-Run: 399,637,671,936 bytes free
Post-Run: 399,399,780,352 bytes free

- - End Of File - - 44504A63714BCB166AC0307EF987E5C0

Broni · Feb 6, 2011

Same issue?

Solved 8 Step Complete: Congratulations, You Won! Audio

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Posts: 26 +0

Posts: 56,041 +517

Similar threads