Solved Another "Hard Drive Clusters are Partly Damaged" virus or malware attack

Are you talking about where you told me to start aswMBR? I hope I didn't miss something? Here is the log file from aswMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-08 21:50:50
-----------------------------
21:50:50.237 OS Version: Windows x64 6.1.7601 Service Pack 1
21:50:50.237 Number of processors: 8 586 0x2A07
21:50:50.237 ComputerName: LOKI UserName:
21:50:51.103 Initialize success
21:53:47.550 AVAST engine defs: 11120801
21:55:38.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:55:38.996 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
21:55:39.014 Disk 0 MBR read successfully
21:55:39.030 Disk 0 MBR scan
21:55:39.033 Disk 0 unknown MBR code
21:55:39.046 Service scanning
21:55:40.034 Modules scanning
21:55:40.037 Disk 0 trace - called modules:
21:55:40.058 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:55:40.061 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80080a6790]
21:55:40.064 3 CLASSPNP.SYS[fffff88001bb243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d35050]
21:55:40.976 AVAST engine scan C:\Windows
21:55:43.065 AVAST engine scan C:\Windows\system32
21:56:52.873 AVAST engine scan C:\Windows\system32\drivers
21:57:01.006 AVAST engine scan C:\Users\Keith
22:02:24.572 AVAST engine scan C:\ProgramData
22:03:14.788 Scan finished successfully
22:05:08.903 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
22:05:08.923 The log file has been saved successfully to "C:\aswMBR.txt"
 
Combofix says Warning! Sophos is still active, unfortunately I don't see it anywhere or in the task manager under processes. Only one place under services it has sophos autoupdater. Should I continue? temporarily uninstall? or would you know where I can close it? Thank you so much for your help!
 
ComboFix 11-12-08.01 - Keith 12/08/2011 22:38:19.1.8 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8044.6869 [GMT -7:00]
Running from: c:\users\Keith\Downloads\ComboFix.exe
AV: Sophos Anti-Virus *Enabled/Updated* {479CCF92-4960-B3E0-7373-BF453B467D2C}
SP: Sophos Anti-Virus *Enabled/Updated* {FCFD2E76-6F5A-BC6E-49C3-843740C13791}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\bflixtoolbar
c:\program files (x86)\bflixtoolbar\chrome\content\lib\about.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\external.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\bflixtoolbar\chrome\content\preferences.xml
c:\program files (x86)\bflixtoolbar\chrome\content\template.xml
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.htm
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.xul
c:\program files (x86)\bflixtoolbar\chrome\content\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\product.xml
c:\program files (x86)\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\engines.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\search.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_png
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files (x86)\bflixtoolbar\chrome\skin\about.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\about_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\arcade_png
c:\program files (x86)\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files (x86)\bflixtoolbar\chrome\skin\blank_png
c:\program files (x86)\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ca.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dictionary.png
c:\program files (x86)\bflixtoolbar\chrome\skin\divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email_on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook_png
c:\program files (x86)\bflixtoolbar\chrome\skin\games.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Games_png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphredna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\grey.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\bflixtoolbar\chrome\skin\images.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lichen.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\mail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\modify-save.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music_png
c:\program files (x86)\bflixtoolbar\chrome\skin\Myspace_png
c:\program files (x86)\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\bflixtoolbar\chrome\skin\news.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\pixsy.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\bflixtoolbar\chrome\skin\protect-id.png
c:\program files (x86)\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rssback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\shopping.png
c:\program files (x86)\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\technorati.png
c:\program files (x86)\bflixtoolbar\chrome\skin\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\translate.png
c:\program files (x86)\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\tv_png
c:\program files (x86)\bflixtoolbar\chrome\skin\twitter_png
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.css
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Weather_png
c:\program files (x86)\bflixtoolbar\chrome\skin\web.png
c:\program files (x86)\bflixtoolbar\chrome\skin\websearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yellow.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\youtube.png
c:\program files (x86)\bflixtoolbar\chrome\skin\zoom.png
c:\program files (x86)\bflixtoolbar\components\windowmediator.js
c:\program files (x86)\bflixtoolbar\install.ico
c:\program files (x86)\bflixtoolbar\manifest.xml
c:\program files (x86)\bflixtoolbar\partner.xml
c:\program files (x86)\bflixtoolbar\uninstall.exe
c:\program files (x86)\bflixtoolbar\vmntemplate.dll
c:\program files (x86)\bflixtoolbar\vmNTemplatex.dll
c:\programdata\cKPo1SOXpTG4Me.exe
c:\programdata\yIrumcUIGGU.exe
c:\users\Keith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\9a7w5ipi.default\searchplugins\bing-zugo.xml
c:\users\Keith\Desktop\System Fix.lnk
 
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2011-12-09 05:42 . 2011-12-09 05:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-09 05:42 . 2011-12-09 05:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 05:09 . 2011-12-09 05:09 -------- d-----w- c:\users\Keith\AppData\Local\ElevatedDiagnostics
2011-12-08 23:10 . 2011-12-08 23:10 -------- d--h--w- c:\users\Keith\AppData\Roaming\Malwarebytes
2011-12-08 23:10 . 2011-12-08 23:10 -------- d--h--w- c:\programdata\Malwarebytes
2011-12-08 23:09 . 2011-09-01 00:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 23:09 . 2011-12-09 03:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-08 23:08 . 2011-12-08 23:08 -------- d--h--w- c:\users\Keith\AppData\Local\Sophos
2011-12-08 22:52 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8C681F9-C96E-4395-8395-F9384C69D8CE}\mpengine.dll
2011-12-08 06:07 . 2011-12-08 06:55 -------- d-----w- c:\program files (x86)\CueCard
2011-12-05 18:05 . 2011-12-05 18:05 -------- d--h--w- c:\users\Keith\AppData\Local\Broadcom
2011-12-03 19:49 . 2011-12-03 19:49 -------- d--h--w- c:\users\Keith\Logitech
2011-12-03 19:47 . 2011-12-03 19:49 -------- d-----w- c:\program files (x86)\Common Files\Remote Control Software Common
2011-12-03 19:47 . 2011-12-03 19:47 -------- d-----w- c:\program files (x86)\Logitech
2011-12-03 19:46 . 2011-12-03 19:46 -------- d-----w- c:\program files (x86)\Common Files\Remote Control USB Driver
2011-12-03 19:46 . 2011-12-03 19:46 -------- d--h--w- c:\users\Keith\AppData\Roaming\InstallShield
2011-11-29 16:00 . 2011-11-29 16:00 -------- d--h--r- c:\users\Keith\AppData\Roaming\Brother
2011-11-19 22:31 . 2011-11-19 22:30 183024 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-11-19 22:31 . 2011-12-01 17:06 -------- d--h--w- c:\programdata\Sophos Web Intelligence
2011-11-19 22:30 . 2011-11-19 22:30 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2011-11-19 22:30 . 2011-11-19 22:30 35568 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-11-19 22:30 . 2011-11-19 22:30 25592 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-11-19 22:30 . 2011-11-19 22:48 142328 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2011-11-19 22:30 . 2011-11-19 22:30 25608 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2011-11-19 22:29 . 2011-11-19 22:30 -------- d--h--w- c:\programdata\Sophos
2011-11-19 22:29 . 2011-11-19 22:30 -------- d-----w- c:\program files (x86)\Sophos
2011-11-17 01:41 . 2011-11-17 01:41 0 ---ha-w- c:\users\Keith\AppData\Local\BITD058.tmp
2011-11-17 00:51 . 2011-11-17 00:51 -------- d--h--w- c:\programdata\Premium
2011-11-17 00:51 . 2011-11-17 00:52 -------- d--h--w- c:\programdata\InstallMate
2011-11-16 23:28 . 2011-11-17 00:20 -------- d-----w- c:\program files (x86)\EVGA Precision
2011-11-15 06:57 . 2011-11-15 06:57 -------- d--h--w- c:\users\Keith\AppData\Roaming\SystemRequirementsLab
2011-11-14 06:08 . 2011-11-23 05:44 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-14 06:08 . 2011-11-14 06:08 -------- d--h--w- c:\users\Keith\AppData\Local\PunkBuster
2011-11-14 06:07 . 2011-11-14 06:08 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2011-11-14 06:06 . 2011-11-14 06:06 -------- d--h--w- c:\programdata\EA Core
2011-11-14 05:56 . 2011-11-14 05:56 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-11-14 05:54 . 2007-07-20 07:57 411496 ----a-w- c:\windows\system32\xactengine2_9.dll
2011-11-14 04:46 . 2011-11-14 04:55 -------- d--h--w- c:\users\Keith\AppData\Roaming\Origin
2011-11-14 04:46 . 2011-11-14 04:46 -------- d--h--w- c:\users\Keith\AppData\Local\Origin
2011-11-14 04:45 . 2011-11-14 06:05 -------- d--h--w- c:\programdata\Origin
2011-11-14 04:45 . 2011-11-14 06:06 -------- d--h--w- c:\programdata\Electronic Arts
2011-11-14 04:45 . 2011-11-14 05:07 -------- d--h--w- c:\program files (x86)\Origin Games
2011-11-14 04:44 . 2011-11-14 04:50 -------- d--h--w- c:\program files (x86)\Origin
2011-11-09 15:19 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 15:19 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 15:19 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 15:19 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-23 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-11-06 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-11-06 202096]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-02-15 297280]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-11 1070160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2011-01-12 189488]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2011-11-19 439536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2011-5-17 704104]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-12-10 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 CLKMSVC10_34E30CCC;CyberLink Product - 2011/05/25 21:20;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2011-02-19 238576]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-11 346704]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2011-01-12 318000]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-01-12 258096]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 873064]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2011-08-10 102608]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-11-19 163056]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-11-19 97520]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-11-19 1541360]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_34E30CCC
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 05:48]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 05:48]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4107540638-2524112132-87441406-1002Core.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 06:51]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4107540638-2524112132-87441406-1002UA.job
- c:\users\Keith\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-23 06:51]
.
2011-12-08 c:\windows\Tasks\New scheduled scan.job
- c:\program files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2011-11-19 22:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 1796200]
"Media remote"="c:\program files (x86)\Media remote\Media remote.exe" [2011-03-11 41496]
"combofix"="c:\combofix\CF23933.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\programdata\Sophos Web Intelligence\swi_lsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\9a7w5ipi.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111117&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-yIrumcUIGGU.exe - c:\programdata\yIrumcUIGGU.exe
Toolbar-Locked - (no file)
AddRemove-bflixtoolbar - c:\program files (x86)\bflixtoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2011-12-08 22:49:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-09 05:49
.
Pre-Run: 638,247,260,160 bytes free
Post-Run: 639,079,731,200 bytes free
.
- - End Of File - - EE8CD597B7BB2285AA646A5BD1EDDE1C
 
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/08/2011 at 22:53:57.
Operating System: Windows 7 Ultimate


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Users\Keith\Downloads\rkill.exe


Rkill completed on 12/08/2011 at 22:54:07.
 
Looks good now.

Restart computer in normal mode and let me know how things are there.

While in normal mode see if you can update and run MBAM.

Then...

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL is currently creating restore point on the infected computer. The computer is doing much better at the moment, I wasn't bombarded by anything at all when I started normally, a number of my desktop items have returned. I don't see any active signs of the infection. I am missing files from my desktop, nearly everything from my windows explorer start tab and the background is black still. I imagine these are things I can restore later unless you know better and its some tell tale sign there's a problem still.

It's been on the creating restore point. DO NOT INTERRUPT... message for about 5 minutes now
 
OTL logfile created on: 12/8/2011 11:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Keith\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 71.15% Memory free
15.71 Gb Paging File | 13.15 Gb Available in Paging File | 83.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.04 Gb Total Space | 595.21 Gb Free Space | 87.66% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 513.87 Mb Free Space | 73.12% Space Free | Partition Type: UDF

Computer Name: LOKI | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/08 23:03:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.exe
PRC - [2011/11/22 22:14:42 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/11/19 15:50:48 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/11/19 15:50:45 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/11/19 15:48:50 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/11/19 15:45:39 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/11/19 15:30:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/22 23:58:04 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 09:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 09:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/04/21 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/11 13:37:04 | 000,041,496 | ---- | M] () -- C:\Program Files (x86)\Media remote\Media remote.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 10:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 10:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 16:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 11:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 11:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/02/11 05:49:46 | 000,332,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/02/11 05:49:44 | 001,070,160 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/11 05:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/31 13:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/01/24 11:36:28 | 000,085,272 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
PRC - [2011/01/24 11:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/11 17:35:04 | 000,318,000 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
PRC - [2011/01/11 17:34:10 | 000,258,096 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
PRC - [2011/01/11 17:33:56 | 000,189,488 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe
PRC - [2010/12/20 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/05 18:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/11/05 18:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/10/05 14:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/09/27 19:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/16 11:42:51 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/16 11:40:54 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2011/10/16 11:40:53 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll
MOD - [2011/10/15 14:08:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/15 14:07:58 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/15 14:07:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 14:07:41 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/15 14:07:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/15 14:07:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/15 14:07:02 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/15 14:06:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/15 14:06:30 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/15 14:06:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/15 14:06:18 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 14:06:11 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/17 10:34:27 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/07/22 23:58:04 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011/06/01 09:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 09:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 09:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 09:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/03/21 11:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/11 13:37:04 | 000,041,496 | ---- | M] () -- C:\Program Files (x86)\Media remote\Media remote.exe
MOD - [2011/02/22 10:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 10:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 11:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2011/01/24 11:35:58 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/01/24 11:35:54 | 000,026,848 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/01/24 11:35:30 | 000,324,320 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2010/11/20 20:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/22 15:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/22 21:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/01/31 13:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/12/10 15:53:34 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/10/08 02:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/11/22 22:14:42 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/11/19 15:50:48 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2011/11/19 15:48:50 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/11/19 15:45:39 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/11/19 15:30:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 11:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/25 21:13:00 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/21 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/18 17:09:08 | 000,238,576 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe -- (CLKMSVC10_34E30CCC)
SRV - [2011/02/15 11:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/02/11 05:49:44 | 000,346,704 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/01/24 11:35:36 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/01/12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/01/11 17:35:04 | 000,318,000 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\EgisService.exe -- (EgisTec Service)
SRV - [2011/01/11 17:34:10 | 000,258,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/12/20 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/29 16:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 06:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/19 15:48:24 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/11/19 15:30:25 | 000,025,592 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011/11/19 15:30:09 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/25 20:56:15 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV:64bit: - [2011/05/17 20:16:21 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/05/17 20:16:21 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/05/17 20:16:21 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/21 17:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 01:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 21:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 21:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 07:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/10 01:05:02 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/12/10 01:04:52 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010/11/20 20:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 20:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/25 20:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/08 02:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/13 22:59:16 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/09/13 22:59:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/08/20 00:21:38 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/02 01:46:58 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-4107540638-2524112132-87441406-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z134&install_date=20111117
IE - HKU\S-1-5-21-4107540638-2524112132-87441406-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4107540638-2524112132-87441406-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111117&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keith\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Acer Bio Protection\FFExt [2011/05/25 21:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/22 23:57:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/12 13:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/13 23:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/26 08:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/26 08:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/07/22 23:51:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Extensions
[2011/12/03 12:30:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\9a7w5ipi.default\extensions
[2011/12/03 12:30:01 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Keith\AppData\Roaming\Mozilla\Firefox\Profiles\9a7w5ipi.default\extensions\DeviceDetection@logitech.com
[2011/11/13 23:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/12 13:30:35 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/11/13 23:16:06 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/13 23:16:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z134&form=ZGACDF&install_date=20111117
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2011/12/08 22:44:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Media remote] C:\Program Files (x86)\Media remote\Media remote.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Egis Technology Inc. )
O4 - HKU\S-1-5-21-4107540638-2524112132-87441406-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4107540638-2524112132-87441406-1002..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4107540638-2524112132-87441406-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-4107540638-2524112132-87441406-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O4 - Startup: C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4107540638-2524112132-87441406-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4107540638-2524112132-87441406-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4107540638-2524112132-87441406-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DC3CDEF-D18F-4DE4-8793-9450BDCE5DBC}: DhcpNameServer = 50.40.0.52
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E86162-84CD-4B7D-A884-CDDB3F68CFC5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll) -C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 23:01:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/08 22:42:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/08 22:37:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/08 22:37:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/08 22:37:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/08 22:37:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/08 22:09:28 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\ElevatedDiagnostics
[2011/12/08 22:09:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/08 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Malwarebytes
[2011/12/08 16:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/08 16:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/08 16:09:58 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 16:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/08 16:08:28 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Sophos
[2011/12/07 23:07:07 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CueCard
[2011/12/07 23:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CueCard
[2011/12/07 23:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CueCard
[2011/12/05 11:05:16 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\Bluetooth Exchange Folder
[2011/12/05 11:05:14 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Broadcom
[2011/12/03 12:49:12 | 000,000,000 | ---D | C] -- C:\Users\Keith\Logitech
[2011/12/03 12:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control Software Common
[2011/12/03 12:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011/12/03 12:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2011/12/03 12:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Remote Control USB Driver
[2011/12/03 12:46:13 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\InstallShield
[2011/11/29 09:00:41 | 000,000,000 | R--D | C] -- C:\Users\Keith\AppData\Roaming\Brother
[2011/11/28 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Kinetics Exam 3
[2011/11/23 02:03:40 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Therapeutics Exam 7
[2011/11/19 21:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/19 15:31:08 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2011/11/19 15:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2011/11/19 15:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/11/19 15:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2011/11/19 15:30:50 | 000,035,568 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011/11/19 15:30:25 | 000,025,592 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2011/11/19 15:30:13 | 000,142,328 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011/11/19 15:30:09 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2011/11/19 15:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011/11/19 15:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/11/16 17:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/11/16 17:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/11/16 16:28:23 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision
[2011/11/16 16:28:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2011/11/14 23:57:28 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\SystemRequirementsLab
[2011/11/13 23:08:41 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\PunkBuster
[2011/11/13 23:08:36 | 000,000,000 | ---D | C] -- C:\Users\Keith\Documents\Battlefield 3
[2011/11/13 23:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011/11/13 23:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011/11/13 22:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011/11/13 22:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011/11/13 21:46:24 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Origin
[2011/11/13 21:46:21 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Origin
[2011/11/13 21:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011/11/13 21:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011/11/13 21:45:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2011/11/13 21:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2011/11/13 21:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2011/11/09 23:33:42 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\Pharmacotherapeutics Exam 6 Fall 2011
[1 C:\Users\Keith\AppData\Local\*.tmp files -> C:\Users\Keith\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 23:17:42 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4107540638-2524112132-87441406-1002UA.job
[2011/12/08 23:17:42 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 23:08:41 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 23:08:41 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/08 23:01:31 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 23:01:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/08 23:01:04 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/08 22:49:44 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/08 22:49:44 | 000,624,730 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/08 22:49:44 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/08 22:44:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/08 22:05:08 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/08 20:01:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 23:13:43 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4107540638-2524112132-87441406-1002Core.job
[2011/12/07 23:07:11 | 000,000,995 | ---- | M] () -- C:\Users\Keith\Desktop\CueCard.lnk
[2011/12/07 23:03:14 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\New scheduled scan.job
[2011/12/03 12:49:08 | 000,002,361 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2011/11/29 09:01:30 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2011/11/28 19:59:31 | 000,031,883 | ---- | M] () -- C:\Users\Keith\Documents\Cox billing information.rtf
[2011/11/23 19:00:37 | 000,007,617 | ---- | M] () -- C:\Users\Keith\AppData\Local\Resmon.ResmonCfg
[2011/11/22 22:44:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/22 22:44:11 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/22 22:32:40 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/22 22:15:12 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/22 22:14:42 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/11/19 21:19:58 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/19 15:48:24 | 000,142,328 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011/11/19 15:30:25 | 000,025,592 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2011/11/19 15:30:23 | 000,035,568 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011/11/19 15:30:13 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2011/11/19 15:30:09 | 000,025,608 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2011/11/19 11:12:11 | 000,002,363 | ---- | M] () -- C:\Users\Keith\Desktop\Google Chrome.lnk
[2011/11/16 18:41:35 | 000,000,000 | ---- | M] () -- C:\Users\Keith\AppData\Local\{188C7617-A1E6-46D7-BF57-B14C407859B3}
[2011/11/16 16:28:23 | 000,001,078 | ---- | M] () -- C:\Users\Keith\Desktop\EVGA Precision.lnk
[2011/11/13 21:50:47 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/11/10 08:06:15 | 000,453,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Keith\AppData\Local\*.tmp files -> C:\Users\Keith\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 22:40:14 | 000,001,782 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2011/12/08 22:40:14 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/12/08 22:40:12 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/12/08 22:40:12 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/12/08 22:40:12 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/12/08 22:40:12 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/12/08 22:40:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/12/08 22:40:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/12/08 22:40:12 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/12/08 22:40:12 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/12/08 22:40:11 | 000,002,861 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi Tutorial.lnk
[2011/12/08 22:40:11 | 000,002,626 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/12/08 22:40:11 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/12/08 22:40:11 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/12/08 22:40:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/08 22:40:11 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/12/08 22:40:11 | 000,002,361 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Harmony Remote Software 7.lnk
[2011/12/08 22:40:11 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/12/08 22:40:11 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2011/12/08 22:40:11 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/12/08 22:40:11 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/12/08 22:40:11 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011/12/08 22:40:11 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\FingerPrint Easy Start.lnk
[2011/12/08 22:40:11 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/08 22:40:11 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2011/12/08 22:40:11 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\Acer USB Charge Manager.lnk
[2011/12/08 22:40:11 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/12/08 22:40:11 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/08 22:40:11 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/12/08 22:40:11 | 000,001,709 | ---- | C] () -- C:\Users\Public\Desktop\AS8951G Demo.lnk
[2011/12/08 22:40:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/12/08 22:40:11 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/12/08 22:40:11 | 000,001,285 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/12/08 22:40:11 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2011/12/08 22:40:11 | 000,001,174 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/12/08 22:40:11 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/08 22:40:11 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/12/08 22:40:11 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2011/12/08 22:40:11 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2011/12/08 22:40:11 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2011/12/08 22:37:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/08 22:37:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/08 22:37:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/08 22:37:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/08 22:37:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/08 22:37:44 | 000,060,416 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2011/12/08 22:05:08 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/08 20:01:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/07 23:07:11 | 000,000,995 | ---- | C] () -- C:\Users\Keith\Desktop\CueCard.lnk
[2011/11/19 15:31:20 | 000,000,542 | ---- | C] () -- C:\Windows\tasks\New scheduled scan.job
[2011/11/16 18:41:35 | 000,000,000 | ---- | C] () -- C:\Users\Keith\AppData\Local\{188C7617-A1E6-46D7-BF57-B14C407859B3}
[2011/11/16 16:28:23 | 000,001,078 | ---- | C] () -- C:\Users\Keith\Desktop\EVGA Precision.lnk
[2011/11/15 01:47:20 | 000,007,617 | ---- | C] () -- C:\Users\Keith\AppData\Local\Resmon.ResmonCfg
[2011/11/13 23:08:46 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011/11/13 22:55:51 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/13 22:55:51 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011/11/13 22:55:48 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/30 22:50:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/30 22:50:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7420.DAT
[2011/08/17 10:40:38 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/22 23:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/17 20:06:19 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/17 20:06:18 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/17 20:06:17 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/05/17 20:06:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/17 20:06:15 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/22 14:42:06 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Leadertech
[2011/07/23 00:51:25 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\LolClient
[2011/07/22 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Memeo
[2011/08/17 10:36:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\OpenOffice.org
[2011/11/13 21:55:24 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Origin
[2011/07/30 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\PowerCinema
[2011/07/22 14:47:37 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Seagate
[2011/08/24 13:12:20 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\SoftGrid Client
[2011/11/14 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\SystemRequirementsLab
[2011/08/04 18:14:09 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\Thunderbird
[2011/08/17 10:41:12 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\TP
[2011/12/07 23:03:14 | 000,000,542 | ---- | M] () -- C:\Windows\Tasks\New scheduled scan.job
[2011/11/16 18:42:55 | 000,020,448 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/08 22:05:08 | 000,001,499 | ---- | M] () -- C:\aswMBR.txt
[2011/05/17 20:10:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/12/08 22:49:13 | 000,061,857 | ---- | M] () -- C:\ComboFix.txt
[2011/12/08 23:01:04 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/13 23:13:01 | 000,000,120 | ---- | M] () -- C:\log.txt
[2011/12/08 22:05:08 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/08 23:01:09 | 4139,630,591 | -HS- | M] () -- C:\pagefile.sys
[2011/12/08 22:54:07 | 000,000,462 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/22 14:44:39 | 000,000,221 | -HS- | M] () -- C:\Users\Keith\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/11/19 15:51:39 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/11/19 15:51:39 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/05/25 20:49:16 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/05/25 20:49:16 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/11/19 15:51:39 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/11/19 15:39:24 | 000,000,402 | -HS- | M] () -- C:\Users\Keith\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/25 21:20:33 | 000,015,473 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe5.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 12/8/2011 11:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Keith\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.86 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 71.15% Memory free
15.71 Gb Paging File | 13.15 Gb Available in Paging File | 83.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.04 Gb Total Space | 595.21 Gb Free Space | 87.66% Space Free | Partition Type: NTFS
Drive E: | 702.82 Mb Total Space | 513.87 Mb Free Space | 73.12% Space Free | Partition Type: UDF

Computer Name: LOKI | User Name: Keith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4107540638-2524112132-87441406-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4292E6B0-1532-4700-BF0F-73A7367FC000}" = Media remote R01.08
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AD4BF37B-6882-4FD4-B440-96576446884C}" = Acer Arcade Instant On
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}" = Acer USB Charge Manager
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Fingerprint Solution
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"bflixtoolbar" = BFlix Toolbar
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"CueCard" = CueCard (remove only)
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Precision" = EVGA Precision 2.0.4
"PunkBusterSvc" = PunkBuster Services
"SystemRequirementsLab" = System Requirements Lab
"thinkorswim from TD AMERITRADE" = thinkorswim from TD AMERITRADE
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0a45986d-43ec-4fb9-8870-d00c5f3bb475" = Penguins!
"WTA-1f88f549-0ff5-4d15-923a-56e88a1db496" = Chuzzle Deluxe
"WTA-22dc8c83-4bd1-4d28-aef9-3db2fa2bd31c" = Virtual Villagers 4 - The Tree of Life
"WTA-2361f292-61a9-4b3f-93ef-63446c9b654b" = Torchlight
"WTA-36abf1bd-5adc-45ea-adae-b11a56ecafc3" = Namco All-Stars: PAC-MAN
"WTA-382a48a7-9919-4449-a3af-b1c6080c860e" = Dora's World Adventure
"WTA-450bd7c1-406d-48fa-b642-2c55deee08b7" = Polar Golfer
"WTA-53acf42a-2aee-488e-87b0-7e4af5df237a" = Plants vs. Zombies - Game of the Year
"WTA-778b1c91-8d91-4cae-b3ab-57a02af0e965" = Zuma's Revenge
"WTA-96c923ce-092c-4382-a740-1d2ec8aaa9d8" = Final Drive: Nitro
"WTA-983a0616-e30d-4b7a-881b-5683e1d1b446" = Jewel Quest Heritage
"WTA-b9012569-32dc-4518-bd1c-140259619e94" = Agatha Christie - 4:50 from Paddington
"WTA-c0b5660e-83d6-4782-882d-6be648b449e2" = Bejeweled 2 Deluxe
"WTA-c76452bc-85ae-43e1-83dd-727812457176" = FATE - The Traitor Soul
"WTA-ca9faf9f-7f6d-4599-ba65-b47333ede9de" = Polar Bowler
"WTA-d0210b3f-035a-4dff-887e-c70e79d1c82b" = Mystery P.I. - Stolen in San Francisco
"WTA-d160b4ca-96ed-42cb-a6b4-c3f280d4e07a" = Build-a-lot 2
"WTA-d85de0c0-1bbc-451b-896f-a5e5a06552e1" = Diner Dash 2 Restaurant Rescue
"WTA-f7ce7a47-0c2d-4ab1-b359-2252e341e64a" = Poker Superstars III
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4107540638-2524112132-87441406-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2011 1:39:41 AM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/26/2011 1:39:41 AM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10998

Error - 11/26/2011 1:39:41 AM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10998

Error - 11/26/2011 1:39:42 AM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/26/2011 1:39:42 AM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12028

Error - 11/26/2011 1:39:42 AM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12028

Error - 11/27/2011 9:42:19 PM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/27/2011 9:42:19 PM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9968

Error - 11/27/2011 9:42:19 PM | Computer Name = Loki | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9968

Error - 11/28/2011 12:05:47 PM | Computer Name = Loki | Source = Windows Backup | ID = 4103
Description =

[ System Events ]
Error - 12/7/2011 2:09:39 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...4\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process svchost.exe, (start check timestamp [
1ccb50b6324df39]).

Error - 12/7/2011 2:09:40 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...ram Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process SAVAdminServic, (start check timestamp
[ 1ccb50b632fb4d1]).

Error - 12/7/2011 2:09:40 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...ram Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process ALUpdate.exe, (start check timestamp [
1ccb50b632a5d8d]).

Error - 12/7/2011 2:09:40 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...\Device\HarddiskVolume4\Windows\SysWOW64\stdole2.tlb]'s scan
succeeded following a timeout/busy condition - it is being logged in case it contributed
to that condition. Process ALUpdate.exe, (start check timestamp [ 1ccb50b6333103e]).


Error - 12/7/2011 2:09:40 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...am Files (x86)\Sophos\Sophos Anti-Virus\SystemInformation.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process ALUpdate.exe, (start check timestamp [
1ccb50b63346fd3]).

Error - 12/7/2011 2:09:40 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...Program Files (x86)\Sophos\Sophos Anti-Virus\ICManagement.dll]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process SAVAdminServic, (start check timestamp
[ 1ccb50b63335e5f]).

Error - 12/7/2011 2:09:41 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...gram Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process SAVAdminServic, (start check timestamp
[ 1ccb50b642cb626]).

Error - 12/7/2011 2:09:42 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...Device\HarddiskVolume4\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process SAVAdminServic, (start check timestamp
[ 1ccb50b63676772]).

Error - 12/7/2011 2:09:42 PM | Computer Name = Loki | Source = SAVOnAccess | ID = 3997781
Description = File [...Device\HarddiskVolume4\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s
scan succeeded following a timeout/busy condition - it is being logged in case
it contributed to that condition. Process SAVAdminServic, (start check timestamp
[ 1ccb50b63678e83]).

Error - 12/8/2011 7:02:22 PM | Computer Name = Loki | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:00:54 PM on ?12/?8/?2011 was unexpected.


< End of report >
 
Oh, sorry and the Malware bytes log: (and what should I do with OTL, I haven't clicked close yet, i wasn't sure if i should click clean up or anything? Thanks!

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8338

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/8/2011 11:37:06 PM
mbam-log-2011-12-08 (23-37-06).txt

Scan type: Quick scan
Objects scanned: 191387
Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I am missing files from my desktop, nearly everything from my windows explorer start tab
Click to expand...
Can you give me more details?
What files? What is Windows Explorer start tab?

Can you change background manually?
 
Hello, my files on my desktop are back after the last time i restarted my computer (they were various current assignments and pdf lectures and are now restored). The windows start tab in the bottom left corner of Windows 7 desktop that launches run, all programs, shut down etc. is all but empty except mozilla but this is ok with me if i just need to restore some shortcuts. I just wanted to let you know in case it was somehow diagnostic.

At the moment I still have OTL open and was wondering if i should click "RunFix" "Cleanup" or just close since the scan is completed?

My computer seems to be working and in good order, I really appreciate all your help. I just want to follow up and make sure there aren't things I am missing or still need to do as the very first instructions imply. ( I got the impression I'm not done till you say I'm done haha =D )
 
Are you talking about this area?

p4492342.gif


================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Yes that's the area I was talking about =).

My scenario at the moment is I have a pharmacy law final on Monday, would it be rude, inconsiderate or a bad idea to postpone doing anything further until then? If so please let me know and I will jump into finishing the rest of this =D Otherwise I was considering waiting until Monday as my computer appears stable and in the event something goes horribly wrong Monday I'll have months to fix it in stead of hours haha. I default to your expertise and opinion =)
 
At this point your computer should be fairly clean so....study :)

As for that "Start" menu those entries can be easily recreated.
The top part (seen in my screenshot in bold) are programs pinned to start menu.
You can pin any program by right clicking on it and clicking "Pin to start menu".

The lower part are programs frequently used.
It'll populate over time.
Just make sure your settings are correct.
Right click on "Start" button, click "Properties" and make sure both boxes in "Privacy" section are checked.
 
I'm still with you, I'm running the OTL here as I leave for work and I should be back on tonight with the results =)

I also passed my exams haha w00t Thank you so much for getting my computer operable.
 
I'm not sure if this is diagnostic to you but It took multiple multiple multiple attempts to get the custom fix OTL to work without freezing at some point ie opening the browser my computer would freeze sometimes, typing in techspot.com/.... would freeze , I re-downloaded OTL because I thought maybe it was corrupt because it would freeze to, couldn't access it downloading with google chrome so I used Mozilla. I finally just did safe mode with networking to run it =\ and my computer was ran through everything fine. ( I haven't used it since my last post to you here about finals). Here is the newest log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Keith
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 113532348 bytes
->Java cache emptied: 470923 bytes
->FireFox cache emptied: 43703846 bytes
->Google Chrome cache emptied: 7951545 bytes
->Flash cache emptied: 41789 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5283573 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64693 bytes
RecycleBin emptied: 22016 bytes

Total Files Cleaned = 163.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Keith
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12202011_015427

Files\Folders moved on Reboot...
File\Folder C:\Users\Keith\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
 
For security check, this said my flash player isn't up to date? But I did just update it as you said ?

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Sophos Anti-Virus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 30
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (5.0.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamgui.exe
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````
 
You must log in or register to reply here.

Similar threads

A
Pirated Windows installer found to contain crypto-hijacker, exploit EFI partition
Replies
11
Views
692
AndreV
A
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni

Latest posts

Back