Solved HJT Log

Status
Not open for further replies.
ComboFix 11-08-17.03 - Raymond Wayne Solema 08/17/2011 16:18:03.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2890 [GMT -7:00]
Running from: c:\users\Raymond Wayne Solema\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-17 to 2011-08-17 )))))))))))))))))))))))))))))))
.
.
2011-08-17 23:30 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-08-17 23:30 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-08-17 23:30 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-17 23:30 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-17 23:30 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-17 23:23 . 2011-08-17 23:23 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-17 23:23 . 2011-08-17 23:23 -------- d-----w- c:\windows\system32\Wat
2011-08-17 23:20 . 2011-08-17 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-17 13:56 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-17 13:56 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-08-17 13:52 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-17 13:52 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-17 13:52 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-17 13:52 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-17 13:52 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-17 13:52 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-17 13:52 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-17 13:52 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-17 13:52 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-17 13:52 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-17 11:51 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-08-17 11:51 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-08-17 11:50 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-08-17 11:50 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-08-17 11:50 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-08-17 11:50 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-17 11:50 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-08-17 11:50 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-08-17 11:50 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-08-17 11:50 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-08-17 11:47 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-17 11:47 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-17 11:47 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-17 11:47 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-17 11:46 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-17 11:46 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-17 11:46 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-08-17 11:46 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-08-17 11:46 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-08-17 11:46 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-17 11:46 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-08-17 11:45 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-17 11:45 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-17 11:23 . 2010-12-21 06:15 264192 ----a-w- c:\windows\system32\upnp.dll
2011-08-17 11:14 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-17 11:14 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-08-17 11:06 . 2011-02-19 06:36 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-08-17 11:06 . 2011-02-19 05:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-08-17 11:06 . 2011-02-19 04:13 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-08-17 11:06 . 2011-02-19 03:37 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-08-17 10:59 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2011-08-17 10:59 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2011-08-17 10:59 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-08-17 10:59 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-08-17 10:54 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-08-17 10:54 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-08-17 10:54 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-08-17 10:51 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-17 10:51 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-08-17 10:51 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-08-17 10:51 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-08-17 10:51 . 2011-04-29 03:13 461312 ----a-w- c:\windows\system32\drivers\srv.sys
2011-08-17 10:51 . 2011-04-29 03:12 399872 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-08-17 10:51 . 2011-04-29 03:12 161792 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-17 10:44 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-08-17 10:44 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-08-17 10:41 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-17 10:41 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-08-17 10:41 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-08-17 10:41 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-08-17 10:41 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-08-17 10:41 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-08-17 10:41 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-08-17 10:41 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-08-17 10:41 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-08-17 10:40 . 2011-06-11 02:56 3134464 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 10:40 . 2011-06-21 06:27 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-17 10:30 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-17 10:30 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-17 10:30 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-17 10:08 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D4F1B7B-FA8D-4A95-96CB-951FDE9EC979}\mpengine.dll
2011-08-17 02:43 . 2010-01-11 02:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-08-17 02:43 . 2010-01-11 02:40 1071088 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2011-08-17 02:43 . 2011-08-17 02:47 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-08-17 02:00 . 2011-08-17 13:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-08-17 02:00 . 2011-08-17 02:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-16 23:07 . 2011-08-16 23:07 -------- d-----w- c:\program files\Google
2011-08-16 23:04 . 2011-08-16 23:04 -------- d-----w- c:\program files\CCleaner
2011-08-16 23:04 . 2011-08-16 23:04 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-16 14:50 . 2011-08-16 14:50 -------- d-----w- c:\programdata\Lenovo
2011-08-16 14:46 . 2011-08-16 14:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-16 14:46 . 2011-08-16 14:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-16 14:06 . 2011-08-16 14:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-16 14:06 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-16 14:06 . 2011-08-17 12:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-16 14:06 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 12:36 . 2011-08-16 23:07 -------- d-----w- c:\program files (x86)\Google
2011-08-16 12:35 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-16 12:35 . 2011-08-17 23:14 -------- d-----w- c:\programdata\AVAST Software
2011-08-16 12:35 . 2011-08-16 12:35 -------- d-----w- c:\program files\AVAST Software
2011-08-16 11:23 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-16 11:03 . 2011-08-16 11:03 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-08-16 10:40 . 2009-11-10 10:04 1827328 ----a-w- c:\windows\system32\drivers\athurx.sys
2011-08-16 10:40 . 2008-05-15 09:28 26624 ----a-w- c:\windows\system32\drivers\jswpslwfx.sys
2011-08-16 10:40 . 2007-01-20 01:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2011-08-16 10:40 . 2011-08-16 10:40 -------- d-----w- c:\program files (x86)\NETGEAR
2011-08-16 10:40 . 2011-08-16 10:40 -------- d-----w- C:\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-17 10:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-08-17_23.05.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-17 22:34 . 2011-08-17 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-08-17 22:34 . 2011-08-17 23:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-08-17 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-17 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-17 23:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-17 23:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-17 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-17 23:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-26 01:56 . 2011-08-17 23:18 26098 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-17 23:18 39472 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-16 10:45 . 2011-08-17 23:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 10:45 . 2011-08-17 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-16 10:45 . 2011-08-17 22:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-16 10:45 . 2011-08-17 22:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-16 10:45 . 2011-08-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-16 10:45 . 2011-08-17 23:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-16 10:45 . 2011-08-17 23:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-16 11:09 . 2011-08-17 23:18 3084 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-289670154-1285097819-147057498-1001_UserData.bin
- 2011-08-17 23:04 . 2011-08-17 23:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-17 23:20 . 2011-08-17 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-17 23:20 . 2011-08-17 23:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-17 23:04 . 2011-08-17 23:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-08-17 22:57 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-17 23:11 615122 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-17 23:11 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-17 22:57 103496 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-08-17 23:03 244256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-17 23:20 244256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2011-8-16 4562944]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 136176]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 12:36]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-16 12:36]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001Core.job
- c:\users\Raymond Wayne Solema\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 00:21]
.
2011-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001UA.job
- c:\users\Raymond Wayne Solema\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-17 00:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}"="c:\windows\test.bat" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-09 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-09 365080]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-08-17 16:23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-17 23:23
ComboFix2.txt 2011-08-17 11:31
ComboFix3.txt 2011-08-17 09:30
ComboFix4.txt 2011-08-17 03:38
.
Pre-Run: 950,262,956,032 bytes free
Post-Run: 950,165,843,968 bytes free
.
- - End Of File - - 24AD021C38A3299982F5DCB10126B604
 
I went to the Antelope Valley Fair tonight and saw FogHat, and Blue Oyster Cult While watching the concert I thought to myself "I wonder if it will copy and paste now that it's in Notepad?"
Sure enough when I got home that's exactly what you wanted me to do. Still don't understand why it was too long to fit into TS before I put it in Notepad. But, fit just fine after I put it in Notepad.???
Hope you find an easy fix thanks CB
 
Blue Oyster Cult
Click to expand...
Wow! That brings a lot of memories. Those guys have been around for a loooooong time :)

Combofix log looks good now.

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Both Blue Oyster Cult and Foghat have been around 40 years
Will start doing the download now. Lets hope I don't mess it up CB
 
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-20 12:04:02
-----------------------------
12:04:02.974 OS Version: Windows x64 6.1.7601 Service Pack 1
12:04:02.974 Number of processors: 2 586 0x170A
12:04:02.975 ComputerName: COMPZILLA-IV UserName:
12:04:05.686 Initialize success
12:04:05.978 AVAST engine defs: 11082000
12:04:20.842 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:04:20.846 Disk 0 Vendor: ST31000528AS CC68 Size: 953869MB BusType: 11
12:04:22.861 Disk 0 MBR read successfully
12:04:22.865 Disk 0 MBR scan
12:04:22.870 Disk 0 Windows 7 default MBR code
12:04:22.875 Service scanning
12:04:24.929 Modules scanning
12:04:24.934 Disk 0 trace - called modules:
12:04:24.955 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:04:24.960 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c45060]
12:04:24.966 3 CLASSPNP.SYS[fffff880019a943f] -> nt!IofCallDriver -> [0xfffffa8004aed4f0]
12:04:24.973 5 ACPI.sys[fffff88000faf7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004759680]
12:04:26.174 AVAST engine scan C:\windows
12:04:27.972 AVAST engine scan C:\windows\system32
12:05:22.191 AVAST engine scan C:\windows\system32\drivers
12:05:29.101 AVAST engine scan C:\Users\Raymond Wayne Solema
12:05:57.331 AVAST engine scan C:\ProgramData
12:06:07.456 Scan finished successfully
12:06:57.258 Disk 0 MBR has been saved successfully to "C:\Users\Raymond Wayne Solema\Documents\MBR.dat"
12:06:57.258 The log file has been saved successfully to "C:\Users\Raymond Wayne Solema\Documents\aswMBR.txt"


That was too easy and the log looks too short. What did I do Wrong?:haha:
 
You did fine :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 8/20/2011 5:37:03 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Raymond Wayne Solema\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 3.03 Gb Available Physical Memory | 76.48% Memory free
7.93 Gb Paging File | 6.47 Gb Available in Paging File | 81.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 881.41 Gb Free Space | 97.25% Space Free | Partition Type: NTFS

Computer Name: COMPZILLA-IV | User Name: Raymond Wayne Solema | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/20 17:35:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Raymond Wayne Solema\Downloads\OTL.exe
PRC - [2011/08/16 17:21:09 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\Raymond Wayne Solema\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
PRC - [2011/08/11 22:57:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 04:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/31 23:17:30 | 000,253,952 | ---- | M] (KEDMI Scientific Computing) -- C:\Program Files (x86)\tinySpell\tinyspell.exe
PRC - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
PRC - [2009/07/29 12:44:20 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/17 22:05:31 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/11 22:57:30 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/12/10 11:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
MOD - [2009/08/28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 05:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/27 12:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2009/11/05 16:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/04 04:36:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 04:36:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 04:35:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 04:32:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 04:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 04:32:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/10 03:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/07/21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 19:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 13:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:17:30 | 000,011,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spio.sys -- (SuperIO)
DRV:64bit: - [2009/05/22 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/05/15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20110818
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?pc=Z128&install_date=20110818"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110818&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Raymond Wayne Solema\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Raymond Wayne Solema\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/17 18:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/17 21:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/17 21:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Extensions
[2011/08/17 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Firefox\Profiles\0w0vavf9.default\extensions
[2011/08/17 22:26:02 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Firefox\Profiles\0w0vavf9.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/08/17 22:26:01 | 000,001,945 | ---- | M] () -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla\Firefox\Profiles\0w0vavf9.default\searchplugins\bing-zugo.xml
[2011/08/17 21:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/08/11 22:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2011/08/17 16:21:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [tinySpell] C:\Program Files (x86)\tinySpell\tinyspell.exe (KEDMI Scientific Computing)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/20 03:00:13 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2011/08/20 02:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tinySpell
[2011/08/20 02:18:24 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\tinySpell
[2011/08/20 02:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tinySpell
[2011/08/20 01:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2011/08/20 00:54:51 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\WinPatrol
[2011/08/20 00:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2011/08/20 00:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/08/20 00:54:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2011/08/19 03:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/08/19 01:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/08/18 23:34:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2011/08/18 23:33:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2011/08/18 23:30:41 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll
[2011/08/18 23:30:17 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll
[2011/08/18 03:42:32 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Adobe
[2011/08/17 23:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 21:49:04 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Mozilla
[2011/08/17 21:49:04 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Mozilla
[2011/08/17 21:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/17 18:17:15 | 000,022,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/08/17 18:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/17 18:17:14 | 000,288,088 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/08/17 18:17:13 | 000,031,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/08/17 18:17:12 | 000,600,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/08/17 18:17:12 | 000,045,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/08/17 18:17:11 | 000,064,856 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/08/17 18:17:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/08/17 18:17:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/08/17 16:32:43 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\Desktop\Just stuff I might need
[2011/08/17 16:23:54 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/08/17 16:23:12 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/08/17 16:23:12 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/08/17 16:21:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/08/16 20:09:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/08/16 20:09:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/08/16 20:09:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/08/16 20:09:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/08/16 20:09:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 19:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/08/16 19:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2011/08/16 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/16 19:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/08/16 17:50:27 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/08/16 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Google
[2011/08/16 16:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/16 16:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/16 07:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2011/08/16 07:47:51 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/16 07:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/16 07:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/16 07:06:16 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Malwarebytes
[2011/08/16 07:06:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/16 07:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 07:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/16 07:06:01 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/08/16 07:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/16 05:36:01 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Google
[2011/08/16 05:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/08/16 05:35:56 | 000,253,888 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/08/16 05:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/16 05:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/16 04:48:23 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft Games
[2011/08/16 04:20:10 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Diagnostics
[2011/08/16 04:03:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2011/08/16 04:03:19 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/08/16 03:54:38 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Macromedia
[2011/08/16 03:46:39 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Adobe
[2011/08/16 03:40:46 | 001,827,328 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athurx.sys
[2011/08/16 03:40:46 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\jswpslwfx.sys
[2011/08/16 03:40:46 | 000,025,312 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\drivers\SCMNdisP.sys
[2011/08/16 03:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Smart Wizard
[2011/08/16 03:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2011/08/16 03:40:32 | 000,000,000 | ---D | C] -- C:\temp
[2011/08/16 03:40:29 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\InstallShield
[2011/08/16 03:36:40 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Deployment
[2011/08/16 03:36:40 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Apps
[2011/08/16 03:36:31 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Searches
[2011/08/16 03:36:31 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/08/16 03:36:31 | 000,000,000 | -H-D | C] -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/08/16 03:36:24 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Identities
[2011/08/16 03:36:22 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Contacts
[2011/08/16 03:36:22 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\VirtualStore
[2011/08/16 03:36:18 | 000,000,000 | --SD | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Videos
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Saved Games
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Pictures
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Music
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Links
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Favorites
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Downloads
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Documents
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\Desktop
[2011/08/16 03:36:18 | 000,000,000 | R--D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Temporary Internet Files
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Templates
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Start Menu
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\SendTo
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Recent
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\PrintHood
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\NetHood
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Documents\My Videos
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Documents\My Pictures
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Documents\My Music
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\My Documents
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Local Settings
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\History
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Cookies
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\Application Data
[2011/08/16 03:36:18 | 000,000,000 | -HSD | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Application Data
[2011/08/16 03:36:18 | 000,000,000 | -H-D | C] -- C:\Users\Raymond Wayne Solema\AppData
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Temp
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Local\Microsoft
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Media Center Programs
[2011/08/16 03:36:18 | 000,000,000 | ---D | C] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/08/16 03:36:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2011/08/16 03:35:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/08/20 17:26:01 | 000,000,968 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001UA.job
[2011/08/20 17:26:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001Core.job
[2011/08/20 16:48:03 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/20 16:48:00 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/20 16:26:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/20 12:06:57 | 000,000,512 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Documents\MBR.dat
[2011/08/20 11:39:17 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 11:39:17 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/20 11:36:24 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/08/20 11:36:24 | 000,623,940 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/08/20 11:36:24 | 000,106,316 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/08/20 11:31:48 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/20 02:52:20 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\LVT.lnk
[2011/08/20 02:19:32 | 000,002,263 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Internet Explorer (64-bit).lnk
[2011/08/20 02:18:25 | 000,001,019 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\tinySpell.lnk
[2011/08/20 01:50:25 | 000,000,363 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Control Panel - Shortcut.lnk
[2011/08/20 01:45:30 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/08/20 01:45:30 | 000,001,304 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/08/20 01:07:57 | 000,000,136 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Spider Solitaire - Shortcut.lnk
[2011/08/20 01:06:46 | 000,000,068 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\You Tube.URL
[2011/08/20 00:54:44 | 000,002,181 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\WinPatrol Explorer.lnk
[2011/08/19 14:36:00 | 000,000,107 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Verizon MyVerizon 2.0 My Overview.URL
[2011/08/19 03:21:17 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Install Microsoft IntelliPoint.lnk
[2011/08/19 00:08:10 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/08/18 17:12:09 | 000,000,083 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\capital -one.URL
[2011/08/18 16:28:04 | 000,000,066 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\consumer cellular.URL
[2011/08/18 05:26:36 | 000,001,437 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/18 05:12:21 | 000,072,822 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2011/08/18 05:12:21 | 000,072,822 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2011/08/18 03:43:30 | 000,000,268 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Wells Fargo*Account Summary.URL
[2011/08/18 00:47:07 | 000,013,157 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Uninstall a program - Shortcut.lnk
[2011/08/17 23:40:24 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/17 22:30:35 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/17 21:48:59 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 19:30:48 | 000,000,144 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\G-Mail (1).url
[2011/08/17 19:29:22 | 000,000,135 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Yahoo Mail.url
[2011/08/17 18:17:15 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/17 18:17:11 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/08/17 17:33:48 | 000,001,223 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 16:38:43 | 000,001,258 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Spybot - Search & Destroy.lnk
[2011/08/17 16:26:29 | 000,001,021 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\SpywareBlaster.lnk
[2011/08/17 16:21:52 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2011/08/17 15:17:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/08/17 04:28:47 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20110817-064726.backup
[2011/08/17 02:00:56 | 000,013,477 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\ComboFix - Shortcut.lnk
[2011/08/17 00:53:59 | 000,000,123 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\TechSpot OpenBoards.url
[2011/08/16 17:50:27 | 000,002,405 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Google Chrome.lnk
[2011/08/16 06:26:46 | 000,001,034 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 06:26:46 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 04:48:11 | 000,000,622 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Solitaire - Shortcut.lnk
[2011/08/16 04:03:19 | 000,001,264 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Revo Uninstaller.lnk
[2011/08/16 03:36:39 | 000,002,131 | ---- | M] () -- C:\Users\Raymond Wayne Solema\Desktop\Lenovo Rescue System.lnk
[2011/08/16 03:36:00 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/08/16 03:36:00 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/08/20 12:06:57 | 000,000,512 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Documents\MBR.dat
[2011/08/20 02:18:25 | 000,001,019 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\tinySpell.lnk
[2011/08/20 01:50:25 | 000,000,363 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Control Panel - Shortcut.lnk
[2011/08/20 01:45:30 | 000,002,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2011/08/20 01:45:30 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2011/08/20 01:45:30 | 000,001,304 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2011/08/20 01:07:57 | 000,000,136 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Spider Solitaire - Shortcut.lnk
[2011/08/20 01:06:46 | 000,000,068 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\You Tube.URL
[2011/08/20 00:54:44 | 000,002,181 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\WinPatrol Explorer.lnk
[2011/08/19 14:36:00 | 000,000,107 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Verizon MyVerizon 2.0 My Overview.URL
[2011/08/19 03:21:17 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Install Microsoft IntelliPoint.lnk
[2011/08/18 23:31:34 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd
[2011/08/18 23:29:56 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml
[2011/08/18 23:29:40 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml
[2011/08/18 23:29:40 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml
[2011/08/18 23:29:14 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml
[2011/08/18 17:12:09 | 000,000,083 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\capital -one.URL
[2011/08/18 16:28:04 | 000,000,066 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\consumer cellular.URL
[2011/08/18 05:26:35 | 000,001,409 | ---- | C] () -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/08/18 05:12:21 | 000,072,822 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2011/08/18 05:12:21 | 000,072,822 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2011/08/18 03:42:00 | 000,000,268 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Wells Fargo*Account Summary.URL
[2011/08/18 00:47:07 | 000,013,157 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Uninstall a program - Shortcut.lnk
[2011/08/17 23:40:24 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/17 22:30:35 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/08/17 21:48:59 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/17 21:48:59 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/08/17 19:28:27 | 000,000,135 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Yahoo Mail.url
[2011/08/17 19:07:36 | 000,000,144 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\G-Mail (1).url
[2011/08/17 18:17:15 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/17 16:26:29 | 000,001,021 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\SpywareBlaster.lnk
[2011/08/17 15:17:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/08/17 06:28:31 | 000,001,258 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Spybot - Search & Destroy.lnk
[2011/08/17 05:31:26 | 000,001,223 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/17 02:00:56 | 000,013,477 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\ComboFix - Shortcut.lnk
[2011/08/16 21:18:00 | 000,000,123 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\TechSpot OpenBoards.url
[2011/08/16 20:09:13 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/16 20:09:13 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/16 20:09:13 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/16 20:09:13 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/16 20:09:13 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/16 17:50:27 | 000,002,405 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Google Chrome.lnk
[2011/08/16 17:21:10 | 000,000,968 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001UA.job
[2011/08/16 17:21:10 | 000,000,916 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-289670154-1285097819-147057498-1001Core.job
[2011/08/16 05:36:05 | 000,000,926 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 05:36:04 | 000,000,922 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 05:35:56 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2011/08/16 04:48:11 | 000,000,622 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Solitaire - Shortcut.lnk
[2011/08/16 04:03:19 | 000,001,264 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Revo Uninstaller.lnk
[2011/08/16 03:40:43 | 000,001,034 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 03:40:43 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNA1100 Smart Wizard.lnk
[2011/08/16 03:38:16 | 000,001,437 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 03:36:35 | 000,002,263 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Internet Explorer (64-bit).lnk
[2011/08/16 03:36:32 | 000,001,443 | ---- | C] () -- C:\Users\Raymond Wayne Solema\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/16 03:36:18 | 000,002,131 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Lenovo Rescue System.lnk
[2011/08/16 03:36:18 | 000,001,228 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Desktop\Windows Explorer.lnk
[2011/08/16 03:36:18 | 000,000,290 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/08/16 03:36:18 | 000,000,272 | ---- | C] () -- C:\Users\Raymond Wayne Solema\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/08/16 03:32:11 | 3193,835,520 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010/12/30 01:22:13 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2010/12/28 20:53:12 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/12/28 20:53:12 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2009/07/26 14:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/25 20:51:16 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/08/20 02:18:27 | 000,000,000 | ---D | M] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\tinySpell
[2011/08/20 00:54:51 | 000,000,000 | ---D | M] -- C:\Users\Raymond Wayne Solema\AppData\Roaming\WinPatrol
[2009/07/13 22:08:49 | 000,011,652 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 
I guess I messed up.. This is the only scan L saw. Don't know which one it is. But, I'll try to find the other and send it along CB
Yes I really did mess up.I just now saw what the red type was for.
Going to start all over again. This time I'll slow down and read everything. So you'll probably get the log I sent again.
 
This may be a little long. Please bare with me. Last night After I followed your instructions for creating the OLT scan log again, and it still only gave me one log. I sent you a lengthy reply. explaining, step by step just how I followed each one of your instructions. So, perhaps you could see where I might have made a mistake. I KNOW I typed it, and I could SWEAR I sent it. But. when I opened up my computer today it was gone. Where, and how???? Decided I didn't want to go to that much trouble again unless you asked me to.. So I decided to go to your post with the OTL link and try again. AS soon as I clicked on the OTL link a Avast warning popped up "Rootkit Blocked." Clicked on more details got.
URL: http://oldtimergeekstogo.com/OTL.exe
Process file://c:\programfiles{x86}mozilla files
Infection win32 rootkill-gen{RIK}
Avast moved threat to the chest. I'm going to send this,I hope it doesn't disappear like my last post. Then shut down my PC and only open it every so often to see if you've responded . CB
 
That's surely false positive.
Disable Avast for a time being and download OTL again.
 
Going to my 65th birthday party will do OTL when I get back. Your sure it's a false positive. Right? You'll be able to help me get rid of it, if it's not. Right?
Am I getting false positives because my Avast settings are too high or anything like that?
If so. Can you help me adjust it? Thank you for being patient. CB
 
I inquired about OTL at Avast forum and one of the mods said to make sure your Avast is up to date as he downloaded the file and it didn't trigger any pop-up.
I use Avast as well and I downloaded OTL number of times and I didn't get any pop-ups either.

HAPPY BIRTHDAY!
 
Thanks for the harry birthday wish. I'm sure my Avast is up to date.It updates itself. But I'm going to update it now. Before I start the OTL scan.
 
Can you tell me what the heck is going on?? Too many things keep disappearing. Now the OTL scan log I did about 15 minutes ago is gone. It should have been post #42 I'm not going to do another scan until you have a chance to find it. Maybe I just missed it But, I thought I looked through pages 1 2 and 3. If you do find it you'll notice only one log again.. Have you done OTL logs in a while? Maybe the merged the two logs together?? On this next post coming up. I'm going to go ahead and give you a step bt step account of how I followed your instructions. Maybe you can catch any mistakes I might have made. It will be like chicken soup.It might not help. But, it couldn't hurt. CB
 
Download OPTL to desktop. Did that
Double click on icon to run it. Did that.But,it didnot run it just opened up.(like when you click on any desktop icon.)
Make sure all other windows are closed. Did that
Let it run uninterrupted. Can't nothings running. Like I said clicking on icon only opened it up.
Click the scan all users box Did that.
Under the custom scan box paste in all the red print you provided. Did that. (sorry for the extra select all turned more things blue than just the red print.)
click the quick scan button. Did that.
Do not change any setting. I didn't.
When is complete lt will open two notepad windows. Copy paste and send them to me one at a time. It only created one log. Which I copy pasted and sent to you.

Just thought were both logs supposed to come up one right behind, or right beside the other? or was one supposed to come up, and after I send it the other is ,maybe, in a file somewhere that I have to open up before I can send it to you?
 
it's there you should be able to find it this time. I say find it . Because it never seems to show up where I think it should.you'll notice. Only one log again
 
Hope you find this quicklyI think it's the extrta's log

Found it in my start menu opened it and this is what I got. Is it the missing second log from Otc?



OTL Extras logfile created on: 8/20/2011 6:23:42 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Raymond Wayne Solema\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 3.08 Gb Available Physical Memory | 77.75% Memory free
7.93 Gb Paging File | 6.53 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 881.41 Gb Free Space | 97.25% Space Free | Partition Type: NTFS

Computer Name: COMPZILLA-IV | User Name: Raymond Wayne Solema | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EC766C7-F444-42BF-A05F-4A790F5360EB}" = FanSpeedControl
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42B21298-C850-4272-AFD9-636CBC005421}" = LXH-JME2207FN Hotkey Driver
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Driver and Application Installation
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.2
"InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}" = FanSpeedControl
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"Revo Uninstaller" = Revo Uninstaller 1.93
"SpywareBlaster_is1" = SpywareBlaster 4.4
"tinySpell_is1" = tinySpell 1.9.40
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/17/2011 2:17:23 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

Error - 8/17/2011 3:02:54 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

Error - 8/17/2011 5:01:35 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

Error - 8/17/2011 5:48:32 AM | Computer Name = Compzilla-IV | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 8/17/2011 5:48:35 AM | Computer Name = Compzilla-IV | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 8/17/2011 5:55:21 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

Error - 8/17/2011 6:08:35 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

Error - 8/17/2011 7:14:25 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

Error - 8/17/2011 7:15:24 AM | Computer Name = Compzilla-IV | Source = Application Error | ID = 1000
Description = Faulting application name: pev.cfxxe, version: 0.0.0.0, time stamp:
0x4e06cfe8 Faulting module name: pev.cfxxe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception
code: 0xc0000417 Fault offset: 0x00081dc9 Faulting process id: 0x209c Faulting application
start time: 0x01cc5ccef5251c4d Faulting application path: C:\ComboFix\pev.cfxxe Faulting
module path: C:\ComboFix\pev.cfxxe Report Id: 337f6ba1-c8c2-11e0-a7a7-4437e61e2439

Error - 8/17/2011 7:16:28 AM | Computer Name = Compzilla-IV | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 8/17/2011 7:27:40 AM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/17/2011 7:25:00 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 8/17/2011 7:46:34 PM | Computer Name = Compzilla-IV | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706be: Windows Internet Explorer 9 for Windows 7 for x64-based
Systems.

Error - 8/17/2011 7:46:34 PM | Computer Name = Compzilla-IV | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2505438).

Error - 8/17/2011 7:02:21 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/17/2011 7:03:47 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/17/2011 7:10:25 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/17/2011 7:11:49 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/17/2011 7:19:13 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/17/2011 7:20:16 PM | Computer Name = Compzilla-IV | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >
 
Broni: don't know if you've seen my first reply to your last post. If you did than this post will make more sense. When said there's no need to run another otl scan. Because the results would be the same. Only one Log.I was thinking alone the lines of The definition of insanity.
which is Doing the same thing over and over, and expecting different results.
When I wrote the step by step information on how I tried to follow your instructions It was never
meant to say that there was anything wrong with your instructions. It was meant to help you pick out and show me.(.If there is any.) mistakes I might have made Didn't do something I should have.
Did something I shouldn't have.
Any mistake(S) I might have made . So I can give you 2 proper scan logs.

Have you found anything wrong in the scans I have sent so far?
I have sent this info 2 times. But I think, both time the post just went away. I know you have asked for it 2 times so here it is How my Computer is working Downloads take hours, where they used to take minutes, and minutes where they used to take seconds. I've given up on trying to watch a You Tube Video It's about 30 to 50 seconds of Buffering For 3 to 5 seconds of watching. Hope this helps a little CB.
 
OK let's leave it as it is.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] File not found
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Here we go again

Opened OTL Pasted what you wanted under custom scan/fixes. Clicked RunFix
In less than a second. On the bottom of OTL was "Processing complete", and a window opened up with"The system requires a reboot to finish recovering files
click OK to reboot . Would not reboot by clicking OK had to use restart..When the PC rebooted there was nothing there but my desktop. I opened up OTL again. But, there was no sign of any Scan logs. Was it all supposed to happen that fast? Because I don't think there was time to create any scan logs. But, if it did where are they?
Broni I am going to go on to the next scans you want me to run Hopefully I will be sending you some logs,and we can worry about this one after. CB
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
X/Twitter iPhone app adds passkey support for more secure logins
Replies
3
Views
171
Cal Jeffrey
Cal Jeffrey
M
Virus warning popup
Replies
1
Views
531
Mark Fuller
M
J
Inactive Admin rights are revoked
Replies
18
Views
2K
Broni
Broni

Latest posts

Back