Solved IE pop-up ads when using firefox

Status
Not open for further replies.
B

BobDylan

Posts: 114   +0
Hi there,

I have searched the world wide web about this problem. It seems that it has also happened to others, but I haven't really found a solution that works!

Basically, when I am using the internet (I always use firefox) ads in Internet Explorer pop up. It's very annoying and I'm guessing it's a bug. I've noticed that my computer is acting a little strangely now too.

I have Windows 7 and also have Norton 360 which I paid for when I got my laptop (an HP Pavilion Entertainment PC) (SD.MA/Pro.MMC.XD).

Norton found a few things wrong with it. Since I have had these problems, I have also done scans with 'SuperAntiSpyware Free Edition', 'Spybot Search and Destroy', 'Spyware Terminator'. All of which found two or three things which they have now removed (I think).

I have just this second done a McAfee Security Plus Scan and it says it found:

"One dangerous website. These websites put your computer and personal identity at rick:

(then a bullet point here:) licenseaquisition.org."

I have no idea what that means or what that website is. I have clicked on 'Fix Now' but it's not responding.

As add-on extentions I have are: 'Adblock Plus 1.2.2', 'Adobe DLM 1.6.2.91', 'Crawler toolbar 1.3', 'Java console 6.0.21', 'Java console 6.0.20', 'Norton IPS 1.0', 'Norton Toolbar 3.7.2', 'No Script 2.0.3.3', 'Vshare plugin 1.0.0', 'vuze remote toolbar 2.7.2.0'.

That bad news is that I'm pretty clueless with computers, so most of the stuff I said above I barely understand!

Another thing I have noticed is that on youtube it says: "Hello, you seem to have JavaScript turned off. Please enable it to see search results properly." But when I go to 'Tools', 'options', 'content', 'Enable JavaScript' has it's box ticked, which surely would mean it is turned on?! This has only happened since my computer has been acting weirdly.

Any help really would be hugely appreaciated. Please please please!
 
Hi, me again. I have read about this 'HijjackThis' thing, so have done a scan and will post the results below.

When I did a HijackThis scan it instantly said:
"For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this. If this happens you need to edit the file yourself. To do this...." etc etc

Then it opened Notepad saying:
"Cannot find the C:\ProgrameFiles (x86)\TrendMicro\HijackThis\hyjackthis.log.file
Do you want to create a new file?"

I clicked on Yes, which didn't seem to do anything.

Below is the scan (I think)


* Trend Micro HijackThis v2.0.4 *


See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components

Command-line parameters:
* /autolog - automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit
* /silentautuolog - the same as /autolog, except with no required user intervention

* Version history *

[v2.0.4]
* Fixed parser issues on winlogon notify
* Fixed issues to handle certain environment variables
* Rename HJT generates complete scan log
[v2.00.0]
* AnalyzeThis added for log file statistics
* Recognizes Windows Vista and IE7
* Fixed a few bugs in the O23 method
* Fixed a bug in the O22 method (SharedTaskScheduler)
* Did a few tweaks on the log format
* Fixed and improved ADS Spy
* Improved Itty Bitty Procman (processes are frozen before they are killed)
* Added listing of O4 autoruns from other users
* Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
* Added /silentautolog parameter for system admins
* Added /deleteonreboot [file] parameter for system admins
* Added O24 - ActiveX Desktop Components enumeration
* Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
 
I am up to Step 3.

I can't download 'Malwarebytes Anti-Malware' as when I click to download it, it directs me automatically to a blank white page which says "Files.Crunch.com will be here soon" "Windows and Mac0S Downloads and Drivers"
 
Okay, I have done step 5 'DDS'.

I am not sure how to show you guys the Notepad files without just copy and pasting what is in them?
 
DDS (Ver_10-10-10.03) - NTFS_AMD64
Run by owner at 17:07:33.93 on 18/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2812.1627 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\owner\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SpywareTerminatorUpdate] "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ClickPotatoLiteSA] "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - {7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjsh4d9s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search...
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: C:\Program Files (x86)\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0308000.029\SymEFA64.sys [2010-2-3 402992]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\N360x64\0308000.029\BHDrvx64.sys [2010-2-3 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\N360x64\0308000.029\cchpx64.sys [2010-2-3 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101015.003\IDSviA64.sys [2010-10-13 476720]
R1 RapportKE64;RapportKE64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys [2010-10-3 63472]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys [2010-10-3 56816]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-10-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-2-3 117640]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-17 1153368]
R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-26 132656]
R3 RapportLaunService;Rapport Launching Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe [2010-10-3 526320]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-10-16 215040]
R3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\N360x64\0308000.029\symndisv.sys [2010-2-3 56880]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-16 36408]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-24 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-30 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-10-18 14:58:12 -------- d-----w- C:\PROGRA~3\McAfee Security Scan
2010-10-18 14:58:09 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2010-10-18 14:39:24 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2010-10-18 14:39:22 286768 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2010-10-18 14:39:22 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2010-10-18 14:39:21 261928 ----a-w- C:\Windows\System32\SynCtrl.dll
2010-10-18 14:39:21 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2010-10-18 14:39:21 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2010-10-17 21:14:28 -------- d-----w- C:\Program Files (x86)\Crawler
2010-10-17 21:14:24 -------- d-----w- C:\Users\owner\AppData\Roaming\Spyware Terminator
2010-10-17 21:14:23 -------- d-----w- C:\PROGRA~3\Spyware Terminator
2010-10-17 21:14:22 -------- d-----w- C:\Program Files (x86)\Spyware Terminator
2010-10-17 20:38:58 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-17 20:38:58 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-10-17 19:57:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-10-17 19:57:02 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-10-13 19:12:26 -------- d-----w- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
2010-10-13 19:12:26 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
2010-10-13 19:12:20 -------- d-----w- C:\PROGRA~3\!SASCORE
2010-10-13 19:12:18 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-10-13 17:18:10 -------- d-----w- C:\Users\owner\AppData\Roaming\Registry Mechanic
2010-10-10 20:12:56 815104 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2010-10-10 20:12:56 77824 ----a-w- C:\Windows\SysWow64\xvid.ax
2010-10-10 20:12:56 180224 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2010-10-10 20:12:56 -------- d-----w- C:\Program Files (x86)\Xvid
2010-10-10 20:12:07 87344 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
2010-10-10 20:12:05 -------- d-----w- C:\PROGRA~3\ClickPotatoLiteSA
2010-10-10 20:12:03 -------- d-----w- C:\Users\owner\AppData\Roaming\ClickPotatoLite
2010-10-10 20:12:03 -------- d-----w- C:\Program Files (x86)\ClickPotatoLite
2010-09-29 09:43:03 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-09-29 09:43:03 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-09-29 08:50:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-09-29 08:50:15 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-09-29 08:49:47 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-09-29 08:49:47 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-19 14:56:55 -------- d-----w- C:\PROGRA~3\LightScribe

==================== Find3M ====================

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 17:08:17.09 ===============
 
DDS (Ver_10-10-10.03)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 22/12/2009 16:10:07
System Uptime: 18/10/2010 16:50:42 (1 hours ago)

Motherboard: Quanta | | 3635
Processor: AMD Athlon(tm) II Dual-Core M320 | Socket S1G3 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 219 GiB total, 129.989 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.224 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP115: 19/09/2010 19:27:18 - Windows Backup
RP116: 26/09/2010 19:00:04 - Windows Backup
RP117: 29/09/2010 10:42:45 - Windows Update
RP118: 03/10/2010 19:00:04 - Windows Backup
RP119: 08/10/2010 13:02:31 - Windows Update
RP120: 10/10/2010 21:06:37 - Windows Backup
RP121: 13/10/2010 09:45:24 - Windows Update
RP122: 13/10/2010 20:05:18 - Installed Rapport
RP123: 17/10/2010 20:42:49 - Windows Backup
RP124: 17/10/2010 21:38:29 - Installed HiJackThis
RP125: 18/10/2010 11:20:25 - Spyware Terminator - restore point
RP126: 18/10/2010 15:23:07 - HPSF Applying updates

==== Installed Programs ======================

Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4 MUI
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClickPotato
Compatibility Pack for the 2007 Office system
Crawler Toolbar with Web Security Guard
CyberLink DVD Suite
Efficient WMA MP3 Converter v0.99.7
Football Manager 2010
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0154
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java(TM) 6 Update 21
LabelPrint
LightScribe System Software
Magic Desktop
McAfee Security Scan Plus
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
PCFriendly
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Rapport
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Spotify
Spybot - Search & Destroy
Spyware Terminator
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vuze
Vuze_Remote Toolbar
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

13/10/2010 21:16:52, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
12/10/2010 22:01:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the hpqwmiex service to connect.
12/10/2010 22:01:43, Error: Service Control Manager [7000] - The hpqwmiex service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/10/2010 22:01:43, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}

==== End Of File ===========================
 
Okay, here is the results from Step 3:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4874

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18/10/2010 17:31:09
mbam-log-2010-10-18 (17-31-09).txt

Scan type: Quick scan
Objects scanned: 141332
Time elapsed: 5 minute(s), 33 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 17

Memory Processes Infected:
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\clickpotatoliteax.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c55ca95c-324b-451c-b2d2-6e895aa75fec} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ac6d819e-aa8f-4418-a3bb-d165c1b18bb5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clickpotatoliteax.userprofiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{814baa91-dc22-4350-87d6-0c86e93f7f08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{419eda30-6dff-432c-b534-e15d899abee4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7a3d6d17-9dd5-4c60-8076-d1784dabaf8c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\menubuttonie.buttonie.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{11c27351-716b-4052-9361-e3b0a3f8221c} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b58926d6-cfb0-45d2-9c28-4b5a0f0368ae} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\clickpotatolite@clickpotatolite.com (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0 (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSA.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files (x86)\clickpotatolite\bin\10.0.530.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Delete on reboot.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSAAX.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteSABHO.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\ClickPotatoLiteUninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.530.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Customer Support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\ClickPotato Uninstall Instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
 
BobDylan said:
Another thing I have noticed is that on youtube it says: "Hello, you seem to have JavaScript turned off. Please enable it to see search results properly." But when I go to 'Tools', 'options', 'content', 'Enable JavaScript' has it's box ticked, which surely would mean it is turned on?! This has only happened since my computer has been acting weirdly.
Click to expand...


I have realised that I can't watch youtube video's when 'No Script 2.0.3.3' is enabled. When it is disabled I can watch. Is this normal?

PS:

I hope people don't mind that this thread is one whole conversation with myself! :haha: I'm hoping someone will come to save me at some point! ha
 
Welcome aboard
yahooo.gif


Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply with a new HijackThis log.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Okay I just did everything you said concerning the SuperAntiSpyware. When it finished the scan it said my computer had no harmful viruses... so then I couldn't do what you said.

Will do the next stage (MRB) now. I'm presuming I have to do back out of safe mode?!


PS; Thanks so much for your help, it's much apprecieated.
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 253):
0x02C5B000 \SystemRoot\system32\ntoskrnl.exe
0x02C12000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00CE0000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CED000 \SystemRoot\system32\PSHED.dll
0x00D01000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E6D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F11000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F20000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F77000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F80000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F8A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FBD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D5F000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E3F000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00E47000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E57000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00E5E000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00E65000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DBB000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DD5000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x0109E000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010C7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x010F7000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010FE000 \SystemRoot\system32\DRIVERS\viaide.sys
0x0124E000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x0136C000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01375000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0139F000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01106000 \SystemRoot\system32\DRIVERS\storport.sys
0x013BC000 \SystemRoot\system32\DRIVERS\msahci.sys
0x013C7000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01168000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01200000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x0122F000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x01056000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x013DE000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x011E3000 \SystemRoot\system32\DRIVERS\arc.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x0148D000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01514000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01525000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01544000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01557000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x01576000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01672000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x01716000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x01726000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0184A000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01751000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019EE000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x01800000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01818000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x017B0000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01600000 \SystemRoot\system32\drivers\fltmgr.sys
0x01822000 \SystemRoot\system32\drivers\fileinfo.sys
0x01582000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
0x01A38000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01400000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BDB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C44000 \SystemRoot\System32\Drivers\cng.sys
0x01CB7000 \SystemRoot\System32\drivers\pcw.sys
0x01CC8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01CD2000 \SystemRoot\system32\drivers\ndis.sys
0x01ED1000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F31000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02002000 \SystemRoot\System32\drivers\tcpip.sys
0x01F5C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01FA6000 \SystemRoot\system32\DRIVERS\wd.sys
0x01FAE000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E00000 \SystemRoot\System32\Drivers\spldr.sys
0x01E08000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01E25000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E5F000 \SystemRoot\System32\Drivers\mup.sys
0x01E71000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01E7A000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01E84000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01DC4000 \SystemRoot\system32\DRIVERS\disk.sys
0x01EBE000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01C13000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01A00000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x01DF4000 \SystemRoot\System32\Drivers\Null.SYS
0x01C3D000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A12000 \SystemRoot\System32\drivers\vga.sys
0x0164C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A20000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01836000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0183F000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x017E5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0145E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0147C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x034CC000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
0x03518000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x0354E000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
0x0355E000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
0x03400000 \SystemRoot\system32\drivers\afd.sys
0x03580000 \SystemRoot\System32\DRIVERS\netbt.sys
0x035C5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x035CE000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0348A000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x034A0000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x034AB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0442E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04449000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0445D000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
0x04471000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x0447B000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04485000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x044D6000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x044E9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x044F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04500000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101015.005\IDSvia64.sys
0x0457B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x04400000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x045F1000 \SystemRoot\System32\drivers\discache.sys
0x042D8000 \SystemRoot\System32\Drivers\dfsc.sys
0x042F6000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
0x04389000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x0439A000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
0x04200000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04226000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x05045000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0565C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05692000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05786000 \SystemRoot\System32\drivers\dxgmms1.sys
0x057CC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04857000 \SystemRoot\system32\DRIVERS\athrx.sys
0x049E0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04800000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04839000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04846000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0423B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x049ED000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x049FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05000000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05011000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0502F000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x057F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04C91000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04CDD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04CEC000 \SystemRoot\system32\DRIVERS\enecir.sys
0x04D09000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04D0E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04D17000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x04D23000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04D33000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04D49000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04D6D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04D79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04DA8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04DC3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04DE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DFE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x04C43000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04C55000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0581B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05875000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0588A000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x058AA000 \SystemRoot\system32\drivers\portcls.sys
0x058E7000 \SystemRoot\system32\drivers\drmk.sys
0x05909000 \SystemRoot\system32\drivers\ksthunk.sys
0x0590F000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x0598A000 \SystemRoot\system32\DRIVERS\hidir.sys
0x0599B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x059B4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x059BD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x059CB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x059D8000 \SystemRoot\System32\drivers\Dxapi.sys
0x059E4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x059F2000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x05800000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04C67000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04291000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02C24000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02C52000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00680000 \SystemRoot\System32\cdd.dll
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x02C60000 \SystemRoot\system32\drivers\luafv.sys
0x02C83000 \SystemRoot\system32\DRIVERS\stflt.sys
0x02CAF000 \SystemRoot\system32\drivers\WudfPf.sys
0x02CD0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02CE5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02D38000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02D4B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x040DA000 \SystemRoot\system32\drivers\HTTP.sys
0x041A2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x041C0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04000000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0402D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0407B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06837000 \SystemRoot\system32\drivers\peauth.sys
0x068DD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x068E8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06915000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06927000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02D63000 \SystemRoot\System32\DRIVERS\srv.sys
0x094FB000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
0x09641000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.004\EX64.SYS
0x09600000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101019.004\ENG64.SYS
0x09579000 \SystemRoot\system32\drivers\spsys.sys
0x77810000 \Windows\System32\ntdll.dll
0x47AD0000 \Windows\System32\smss.exe
0xFFB30000 \Windows\System32\apisetschema.dll
0xFFFD0000 \Windows\System32\autochk.exe
0xFFA50000 \Windows\System32\usp10.dll
0xFFA40000 \Windows\System32\lpk.dll
0xFF7E0000 \Windows\System32\iertutil.dll
0xFF600000 \Windows\System32\setupapi.dll
0x776F0000 \Windows\System32\kernel32.dll
0xFF590000 \Windows\System32\gdi32.dll
0xFF580000 \Windows\System32\nsi.dll
0xFF450000 \Windows\System32\wininet.dll
0xFF320000 \Windows\System32\rpcrt4.dll
0xFF240000 \Windows\System32\oleaut32.dll
0x775F0000 \Windows\System32\user32.dll
0xFF1C0000 \Windows\System32\shlwapi.dll
0xFF0E0000 \Windows\System32\advapi32.dll
0xFF090000 \Windows\System32\Wldap32.dll
0xFF070000 \Windows\System32\sechost.dll
0xFE2E0000 \Windows\System32\shell32.dll
0xFE240000 \Windows\System32\comdlg32.dll
0xFE0C0000 \Windows\System32\urlmon.dll
0xFDFB0000 \Windows\System32\msctf.dll
0xFDF80000 \Windows\System32\imm32.dll
0x779E0000 \Windows\System32\psapi.dll
0xFDF60000 \Windows\System32\imagehlp.dll
0xFDEE0000 \Windows\System32\difxapi.dll
0x779D0000 \Windows\System32\normaliz.dll
0xFDE40000 \Windows\System32\clbcatq.dll
0xFDC30000 \Windows\System32\ole32.dll
0xFDBE0000 \Windows\System32\ws2_32.dll
0xFDB40000 \Windows\System32\msvcrt.dll
0xFD9D0000 \Windows\System32\crypt32.dll
0xFD990000 \Windows\System32\cfgmgr32.dll
0xFD950000 \Windows\System32\wintrust.dll
0xFD8B0000 \Windows\System32\comctl32.dll
0xFD890000 \Windows\System32\devobj.dll
0xFD820000 \Windows\System32\KernelBase.dll
0xFD810000 \Windows\System32\msasn1.dll
0x76D50000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
384 csrss.exe
452 C:\Windows\System32\wininit.exe
484 csrss.exe
516 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
576 C:\Windows\System32\winlogon.exe
688 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
816 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
932 C:\Windows\System32\atiesrxx.exe
964 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
292 C:\Windows\System32\svchost.exe
404 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
900 C:\Windows\System32\audiodg.exe
1076 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\hpservice.exe
1176 C:\Windows\System32\atieclxx.exe
1208 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\wlanext.exe
1360 C:\Windows\System32\conhost.exe
1448 C:\Windows\System32\spoolsv.exe
1484 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\taskhost.exe
1688 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1700 C:\Windows\System32\dwm.exe
1736 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1772 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1812 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1856 C:\Windows\SysWOW64\svchost.exe
1868 C:\Windows\explorer.exe
1920 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1236 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
1952 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2000 C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
2228 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2896 C:\Program Files\IDT\WDM\sttray64.exe
2908 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2964 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
3048 C:\Windows\System32\svchost.exe
2044 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
924 C:\Windows\System32\SearchIndexer.exe
3348 C:\Windows\System32\SearchProtocolHost.exe
3460 C:\Windows\System32\svchost.exe
3560 C:\Program Files\Java\jre6\bin\jusched.exe
3584 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3592 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3688 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3696 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3704 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
3712 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3752 C:\Program Files\Windows Media Player\wmpnetwk.exe
3828 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3844 WmiPrvSE.exe
3104 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3216 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2256 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2640 C:\Windows\System32\taskeng.exe
1936 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4216 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4380 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
4728 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4744 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
4760 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4800 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4836 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4852 C:\Windows\System32\svchost.exe
4976 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4180 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3268 C:\Program Files\iPod\bin\iPodService.exe
5048 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4872 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
3304 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5712 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5796 C:\Windows\System32\sppsvc.exe
3224 C:\Windows\servicing\TrustedInstaller.exe
5816 C:\Windows\System32\SearchFilterHost.exe
628 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5316 C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
6040 C:\Users\owner\Downloads\MBRCheck.exe
6048 C:\Windows\System32\conhost.exe
2608 C:\Windows\System32\dllhost.exe
5996 C:\Windows\System32\sdclt.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`db600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEKT-60F3T1, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: B413909AEAB23B59509582F416A5863C3D438127


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Ok, I hope I have done this right. Wasn't entirely sure about the whole BIOS stuff, but think I did it!


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 253):
0x02C05000 \SystemRoot\system32\ntoskrnl.exe
0x031E1000 \SystemRoot\system32\hal.dll
0x00B96000 \SystemRoot\system32\kdcom.dll
0x00CCC000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CD9000 \SystemRoot\system32\PSHED.dll
0x00CED000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00D4B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DEF000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E56000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EAD000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EB6000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00EC0000 \SystemRoot\system32\DRIVERS\pci.sys
0x00EF3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F00000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00F09000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00F33000 \SystemRoot\System32\drivers\partmgr.sys
0x00F48000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F51000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F5D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F72000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FCE000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00FD6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FE6000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FED000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF4000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x01075000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x0109E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x010CE000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010D5000 \SystemRoot\system32\DRIVERS\viaide.sys
0x010DD000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x01000000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01009000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01033000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x012EC000 \SystemRoot\system32\DRIVERS\storport.sys
0x0134E000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01359000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01370000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01200000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01256000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01285000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x012A3000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x013EB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01050000 \SystemRoot\system32\DRIVERS\arc.sys
0x014E1000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x014FC000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01583000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01594000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x015B3000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x015C6000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x015E5000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01400000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x014A4000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x014B4000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01621000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x0186E000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x018CD000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x018DB000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x018F3000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x018FD000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01927000 \SystemRoot\system32\drivers\fltmgr.sys
0x01973000 \SystemRoot\system32\drivers\fileinfo.sys
0x01987000 \SystemRoot\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS
0x01A25000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01800000 \SystemRoot\System32\Drivers\msrpc.sys
0x01BC8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C55000 \SystemRoot\System32\Drivers\cng.sys
0x01CC8000 \SystemRoot\System32\drivers\pcw.sys
0x01CD9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01CE3000 \SystemRoot\system32\drivers\ndis.sys
0x01E75000 \SystemRoot\system32\drivers\NETIO.SYS
0x01ED5000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02003000 \SystemRoot\System32\drivers\tcpip.sys
0x01F00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01F4A000 \SystemRoot\system32\DRIVERS\wd.sys
0x01F52000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01F9E000 \SystemRoot\System32\Drivers\spldr.sys
0x01FA6000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01FC3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E00000 \SystemRoot\System32\Drivers\mup.sys
0x01E12000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01E1B000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01E25000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01E5F000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DD5000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01C1E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01BE2000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys
0x01C48000 \SystemRoot\System32\Drivers\Null.SYS
0x01DF7000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A00000 \SystemRoot\System32\drivers\vga.sys
0x017C5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01A0E000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0185E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019EE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x017EA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01600000 \SystemRoot\System32\Drivers\Npfs.SYS
0x03496000 \SystemRoot\system32\DRIVERS\tdx.sys
0x034B4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x034C1000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS
0x0350D000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
0x03543000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS
0x03553000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS
0x03575000 \SystemRoot\system32\drivers\afd.sys
0x03400000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03445000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0344E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03474000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0348A000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x01611000 \SystemRoot\system32\DRIVERS\netbios.sys
0x042B8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x042D3000 \SystemRoot\system32\DRIVERS\termdd.sys
0x042E7000 \SystemRoot\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS
0x042FB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04305000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x0430F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04360000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys
0x04373000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0437F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x04200000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101019.001\IDSvia64.sys
0x0438A000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x0427B000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x042A0000 \SystemRoot\System32\drivers\discache.sys
0x0483F000 \SystemRoot\System32\Drivers\dfsc.sys
0x0485D000 \SystemRoot\System32\Drivers\N360x64\0308000.029\ccHPx64.sys
0x048F0000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04901000 \SystemRoot\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys
0x04958000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0497E000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x05026000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0563D000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05673000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05767000 \SystemRoot\System32\drivers\dxgmms1.sys
0x057AD000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0440C000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04595000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x045A2000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x045DB000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x045E8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04993000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x045F3000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x04400000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x057D1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x057E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05000000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x0500C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04A67000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04AB3000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04AC2000 \SystemRoot\system32\DRIVERS\enecir.sys
0x04ADF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04AE4000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04AED000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x04AF9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04B09000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04B1F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04B43000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B4F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04B7E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04B99000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04BBA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04BD4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x04A43000 \SystemRoot\system32\DRIVERS\circlass.sys
0x04A55000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05831000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0588B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x058A0000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x058C0000 \SystemRoot\system32\drivers\portcls.sys
0x058FD000 \SystemRoot\system32\drivers\drmk.sys
0x0591F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05925000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x059A0000 \SystemRoot\system32\DRIVERS\hidir.sys
0x059B1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x059CA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x059D3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x059E1000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x059EE000 \SystemRoot\System32\drivers\Dxapi.sys
0x05800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0580E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0581A000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04BD6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04800000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02C87000 \SystemRoot\System32\Drivers\usbvideo.sys
0x02CB5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x02CC3000 \SystemRoot\system32\drivers\luafv.sys
0x02CE6000 \SystemRoot\system32\DRIVERS\stflt.sys
0x02D12000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D33000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02D48000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02D9B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04E4A000 \SystemRoot\system32\drivers\HTTP.sys
0x04F12000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04F30000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04F48000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04F75000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04FC3000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0684E000 \SystemRoot\system32\drivers\peauth.sys
0x068F4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x068FF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0692C000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0693E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C3B000 \SystemRoot\System32\DRIVERS\srv.sys
0x06CD1000 \SystemRoot\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS
0x08A31000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101020.002\EX64.SYS
0x08A00000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101020.002\ENG64.SYS
0x06D4F000 \SystemRoot\system32\drivers\spsys.sys
0x77920000 \Windows\System32\ntdll.dll
0x47FC0000 \Windows\System32\smss.exe
0xFFC40000 \Windows\System32\apisetschema.dll
0xFF160000 \Windows\System32\autochk.exe
0xFFB60000 \Windows\System32\usp10.dll
0xFF950000 \Windows\System32\ole32.dll
0xFF8E0000 \Windows\System32\gdi32.dll
0xFF8D0000 \Windows\System32\nsi.dll
0xFF880000 \Windows\System32\Wldap32.dll
0x77820000 \Windows\System32\user32.dll
0xFF6A0000 \Windows\System32\setupapi.dll
0xFF520000 \Windows\System32\urlmon.dll
0xFF3F0000 \Windows\System32\wininet.dll
0xFF3E0000 \Windows\System32\lpk.dll
0xFF180000 \Windows\System32\iertutil.dll
0x77AF0000 \Windows\System32\normaliz.dll
0x77700000 \Windows\System32\kernel32.dll
0xFF100000 \Windows\System32\shlwapi.dll
0xFF020000 \Windows\System32\advapi32.dll
0xFEFA0000 \Windows\System32\difxapi.dll
0xFE210000 \Windows\System32\shell32.dll
0xFE1C0000 \Windows\System32\ws2_32.dll
0xFE090000 \Windows\System32\rpcrt4.dll
0xFDFF0000 \Windows\System32\msvcrt.dll
0xFDEE0000 \Windows\System32\msctf.dll
0xFDE40000 \Windows\System32\clbcatq.dll
0x77AE0000 \Windows\System32\psapi.dll
0xFDE20000 \Windows\System32\imagehlp.dll
0xFDE00000 \Windows\System32\sechost.dll
0xFDDD0000 \Windows\System32\imm32.dll
0xFDCF0000 \Windows\System32\oleaut32.dll
0xFDC50000 \Windows\System32\comdlg32.dll
0xFDBE0000 \Windows\System32\KernelBase.dll
0xFDB40000 \Windows\System32\comctl32.dll
0xFD9D0000 \Windows\System32\crypt32.dll
0xFD990000 \Windows\System32\cfgmgr32.dll
0xFD950000 \Windows\System32\wintrust.dll
0xFD930000 \Windows\System32\devobj.dll
0xFD920000 \Windows\System32\msasn1.dll
0x77AD0000 \Windows\SysWOW64\normaliz.dll

Processes (total 86):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
384 csrss.exe
460 C:\Windows\System32\wininit.exe
468 csrss.exe
516 C:\Windows\System32\services.exe
532 C:\Windows\System32\lsass.exe
540 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
808 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
932 C:\Windows\System32\atiesrxx.exe
964 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\svchost.exe
244 C:\Windows\System32\svchost.exe
396 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
1044 C:\Windows\System32\audiodg.exe
1088 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\hpservice.exe
1200 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\atieclxx.exe
1352 C:\Windows\System32\wlanext.exe
1360 C:\Windows\System32\conhost.exe
1464 C:\Windows\System32\spoolsv.exe
1564 C:\Windows\System32\svchost.exe
1640 C:\Windows\System32\taskhost.exe
1668 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1688 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
1732 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1784 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1852 C:\Windows\SysWOW64\svchost.exe
1868 C:\Windows\System32\dwm.exe
1908 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1928 C:\Windows\explorer.exe
2028 C:\Windows\System32\taskeng.exe
1028 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
1728 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2056 C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
2156 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2656 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe
2748 C:\Windows\System32\svchost.exe
2816 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
2856 C:\Program Files\IDT\WDM\sttray64.exe
2880 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2932 C:\Windows\System32\svchost.exe
3024 WmiPrvSE.exe
3128 C:\Program Files\Java\jre6\bin\jusched.exe
3140 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
3152 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3160 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3172 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3188 C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
3484 C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
3772 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
4084 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3604 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3612 C:\Windows\System32\taskeng.exe
3736 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3720 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4024 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4100 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4172 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
4192 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
4224 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
4232 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4296 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4316 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
4496 C:\Windows\System32\SearchIndexer.exe
4536 C:\Program Files\Windows Media Player\wmpnetwk.exe
4584 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
4676 C:\Program Files\iPod\bin\iPodService.exe
4784 WmiPrvSE.exe
4880 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
5048 C:\Windows\System32\sppsvc.exe
4308 C:\Windows\System32\SearchProtocolHost.exe
3936 C:\Windows\System32\SearchFilterHost.exe
4252 C:\Windows\System32\svchost.exe
1580 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
4968 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
5796 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
5908 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5312 C:\Users\owner\Downloads\MBRCheck.exe
5556 C:\Windows\System32\conhost.exe
5512 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000036`db600000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEKT-60F3T1, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Good job :)
MBR is clean...

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Alternative download: http://majorgeeks.com/Dr.Web_CureIT_d4783.html

  • Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
  • This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, select Complete scan.
  • Click the green arrow
    drweb.jpg
    at the right, and the scan will start.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • [color=5]Important![/color] Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
 
Okay. I am currently doing the above process. I have done the smaller scan, am now doing the complete scan.

Is it OK that I am doing this in 'Enhanced Protection Mode'? It kind of asked me and I agreed.

Is this scan meant to take such a long time? I am 30 minutes in and the green bar is only a few millimetres in. The speed is 1550 KB/s.... I'm guessing that's slow?

I presume I need the internet for this scan? I have it on now, but would like to restart it as it's so slow!
 
It's been scanning for over two hours now, and the green bar is a centermetre long at most.

If it carries on like this, it will take approx 20 hours!

Should I just stop it and try and sort my internet out?
 
Hi there,

I have made 5 seperate attempts to do the complete scan. But it ends up freezing so I can't move the curser and have to turn the computer off.

Last time it had been scanning for over 4 hours and hadn't even got half way. I am wondering if it is freezing because the laptop is over heating or something?

My computer really doesn't have a great deal on it, so it's a shame that the complete scan is taking so long.

What do you think I should do? Keep trying?

Thanks
 
Let's leave it for now.

How is computer doing at the moment?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 10/23/2010 5:02:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.23 Gb Total Space | 128.68 Gb Free Space | 58.70% Space Free | Partition Type: NTFS
Drive D: | 13.36 Gb Total Space | 2.22 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
Drive E: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 16:57:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2010/10/17 22:14:25 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010/10/03 23:43:16 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/27 14:47:30 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/12/22 17:49:33 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/07/24 04:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 19:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/10/23 16:57:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
MOD - [2010/10/03 23:43:42 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\ezsvc7.dll -- (ezSharedSvc)
SRV:64bit: - [2010/06/29 18:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 21:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2010/10/17 22:14:25 | 001,033,255 | ---- | M] (Xacti LLC) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/10/03 23:43:48 | 000,526,320 | ---- | M] (Trusteer Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportLaunService64.exe -- (RapportLaunService)
SRV - [2010/10/03 23:43:16 | 000,767,208 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/22 17:49:33 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/18 15:39:17 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2010/03/02 16:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/12/22 17:49:46 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/12/22 17:49:35 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/22 17:49:35 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/12/22 17:49:35 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009/12/22 17:49:35 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009/12/22 17:49:35 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009/12/22 17:49:35 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/22 17:49:35 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/12/22 17:49:34 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009/12/22 17:49:34 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/12/22 17:49:34 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/07/22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 21:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 21:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 14:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010/10/19 21:36:20 | 000,476,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20101021.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010/10/03 23:43:50 | 000,056,816 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportPG64.sys -- (RapportPG64)
DRV - [2010/10/03 23:43:48 | 000,063,472 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKE64.sys -- (RapportKE64)
DRV - [2010/09/28 09:00:00 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101022.048\EX64.SYS -- (NAVEX15)
DRV - [2010/09/28 09:00:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20101022.048\ENG64.SYS -- (NAVENG)
DRV - [2010/05/26 09:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/26 09:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/27 10:38:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2010/10/17 22:14:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 19:38:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 19:38:23 | 000,000,000 | ---D | M]

[2009/12/27 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2010/10/23 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions
[2010/10/17 20:36:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/19 18:00:12 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/17 20:37:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/28 15:18:22 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\tjsh4d9s.default\extensions\vshare@toolbar
[2010/04/02 13:40:27 | 000,000,911 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\tjsh4d9s.default\searchplugins\conduit.xml
[2010/08/28 15:18:33 | 000,001,583 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\FireFox\Profiles\tjsh4d9s.default\searchplugins\web-search.xml
[2010/10/22 12:44:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/16 23:31:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:40:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/06/12 01:10:42 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/12 01:10:42 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010/06/12 01:10:42 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/12 01:10:42 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.203.110
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files (x86)\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/30 09:30:42 | 000,000,154 | R--- | M] () - E:\autorun.cfg -- [ UDF ]
O32 - AutoRun File - [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive) - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006/09/11 14:26:42 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{99b5adbb-ba2e-11de-9da7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99b5adbb-ba2e-11de-9da7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2008/11/27 13:02:24 | 000,214,280 | R--- | M] (Sports Interactive)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/21 15:16:58 | 000,000,000 | ---D | C] -- C:\Users\owner\DoctorWeb
[2010/10/19 20:06:09 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/19 20:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/19 20:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/18 17:22:11 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes
[2010/10/18 17:22:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/18 17:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/18 17:22:00 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/18 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/18 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/18 15:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/18 15:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/10/18 15:39:22 | 000,286,768 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2010/10/18 15:39:22 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2010/10/18 15:39:21 | 000,261,928 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2010/10/18 15:39:21 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2010/10/18 15:39:21 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2010/10/17 22:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2010/10/17 22:14:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Spyware Terminator
[2010/10/17 22:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/10/17 22:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2010/10/17 21:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/10/17 20:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/10/17 20:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/10/13 20:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/13 18:18:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Registry Mechanic
[2010/10/10 21:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid

========== Files - Modified Within 30 Days ==========

[2010/10/23 17:02:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/23 16:40:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 16:40:55 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/23 16:33:26 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/23 16:33:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/23 16:33:12 | 2211,598,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/19 20:06:05 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/18 17:22:04 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/18 16:10:21 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/18 16:10:21 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/18 15:40:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/18 15:39:17 | 000,286,768 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2010/10/18 15:39:17 | 000,261,928 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2010/10/18 15:39:17 | 000,206,120 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2010/10/18 15:39:17 | 000,169,256 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2010/10/18 15:39:17 | 000,107,816 | ---- | M] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2010/10/17 22:42:01 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010/10/17 21:38:58 | 000,002,975 | ---- | M] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2010/10/17 20:57:08 | 000,001,258 | ---- | M] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/10/13 20:04:31 | 000,355,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 19:04:12 | 002,768,896 | ---- | M] () -- C:\Users\owner\s-1-5-21-417765125-1604902435-2956440555-1000.rrr
[2010/10/11 13:38:27 | 000,001,848 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/10/11 13:38:26 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk

========== Files Created - No Company Name ==========

[2010/10/19 20:06:05 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/18 17:22:04 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/18 15:58:09 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/18 15:58:09 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/10/18 15:40:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/10/17 22:42:01 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010/10/17 21:38:58 | 000,002,975 | ---- | C] () -- C:\Users\owner\Desktop\HiJackThis.lnk
[2010/10/17 20:57:08 | 000,001,258 | ---- | C] () -- C:\Users\owner\Desktop\Spybot - Search & Destroy.lnk
[2010/10/13 19:04:12 | 002,768,896 | ---- | C] () -- C:\Users\owner\s-1-5-21-417765125-1604902435-2956440555-1000.rrr
[2010/10/10 21:12:56 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/10 21:12:56 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/10 21:12:56 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2010/01/02 01:32:59 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2009/12/22 17:21:17 | 000,000,178 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\QSwitch.txt
[2009/12/22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\DSwitch.txt
[2009/12/22 17:21:16 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\AtStart.txt
[2009/10/25 23:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/10/16 09:50:52 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/10/16 09:50:43 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/10/16 09:50:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/10/16 09:49:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/10/16 09:49:15 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/15 08:53:41 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/15 08:50:03 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/15 08:48:33 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/15 08:47:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\Iticheck.dll

========== LOP Check ==========

[2010/10/11 20:12:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Azureus
[2010/07/07 11:21:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GrabPro
[2010/07/07 11:35:47 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Orbit
[2010/10/13 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Registry Mechanic
[2009/12/27 22:17:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Sports Interactive
[2010/10/20 21:44:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spotify
[2010/10/18 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spyware Terminator
[2010/02/09 14:43:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Trusteer
[2010/02/06 21:56:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WildTangent
[2009/12/27 14:53:28 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\_MDLogs
[2010/08/20 11:25:08 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/23 16:33:12 | 2211,598,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 15:34:57 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/10/23 16:33:15 | 2948,800,512 | -HS- | M] () -- C:\pagefile.sys
[2010/06/15 10:25:31 | 000,000,184 | ---- | M] () -- C:\setup.log
[2010/10/18 15:40:26 | 000,000,084 | ---- | M] () -- C:\SYNTPAD.LOG

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/22 17:26:11 | 000,000,221 | -HS- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/07/07 11:39:28 | 008,288,706 | ---- | M] () -- C:\Users\owner\Desktop\ipdl.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 21:50:15 | 000,000,402 | -HS- | M] () -- C:\Users\owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >
 
< %ALLUSERSPROFILE%\*.dat /x >
[2010/10/23 16:34:40 | 000,000,178 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2009/10/16 09:50:43 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/15 08:53:57 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/10/16 09:49:57 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/15 08:49:52 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/10/16 09:49:15 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/10/16 09:50:27 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/15 08:48:23 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/15 08:53:31 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/10/16 09:50:53 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
 
OTL Extras logfile created on: 10/23/2010 5:02:43 PM - Run 1
OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\owner\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.23 Gb Total Space | 128.68 Gb Free Space | 58.70% Space Free | Partition Type: NTFS
Drive D: | 13.36 Gb Total Space | 2.22 Gb Free Space | 16.65% Space Free | Partition Type: NTFS
Drive E: | 2.30 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"EasyBits Magic Desktop" = Magic Desktop
"Efficient WMA MP3 Converter_is1" = Efficient WMA MP3 Converter v0.99.7
"Football Manager 2010" = Football Manager 2010
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"N360" = Norton 360
"PCFriendly" = PCFriendly
"Rapport_msi" = Rapport
"Spotify" = Spotify
"Spyware Terminator_is1" = Spyware Terminator
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Really sorry, but 4 notepad files came up!

I started a scan before I copy and pasted the stuff you told me to do. So maybe that's why?!

Sorry, hope I've done it right!

As for the computer, it seems to be working OK. I haven't really been on it that much because whenever it's been on I've been doing those really long scans! But not once have I noticed an IE ad pop up. So who knows, maybe it's fixed?!
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
543
Mark Fuller
M
Z
Microsoft could soon sneak (more) Start menu ads into Windows
Replies
13
Views
178
user478318
user478318
D
Google is cracking down on third-party apps that block YouTube ads
2
Replies
25
Views
290
Underdog
Underdog

Latest posts

Back