Solved Need help with malware removal, Followed the 7 steps

Status
Not open for further replies.

chrisserra92

Posts: 24   +0
I'm having a whole bunch of problems with my Dell Studio 1558 laptop running Windows 7. An extra iexplore.exe keeps popping up whenever I open up Internet Explorer, and sometimes a process named 'pcdrcui.exe' shows up and takes up the most memory out of all my processes.

I've ran into some situations where even explorer.exe takes up a lot more memory than usual, and ends up taking up the most memory as well. I also get a lot of glitchy playback in iTunes, and always have trouble watching videos online, such as on Youtube or Facebook, I'm assuming these issues are probably also related to whatever virus or malware I have in my system.

Anyway, I followed the seven steps given in the boards, and have the files for the logs attached to this post. Malwarebytes didn't find anything when I scanned it today; the only time it found something was when I first downloaded it in March, so I figured I'd attach that log instead of the one from today, hopefully that'll help somewhat more. Any help is greatly appreciated!
 

Attachments

  • gmer.log
    50.2 KB · Views: 0
  • DDS.txt
    19.9 KB · Views: 0
  • Attach.txt
    15.1 KB · Views: 0
  • mbam-log-2011-03-26 (13-07-22).txt
    1.4 KB · Views: 0
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Please, follow posting rules.
All logs have to be pasted, not attached.
 
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6175

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/26/2011 1:07:22 PM
mbam-log-2011-03-26 (13-07-22).txt

Scan type: Quick scan
Objects scanned: 169581
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-11 14:53:14
Windows 6.1.7600
Running: 7meoo0gh.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ??????????????????????????????????????????X??????k???t??tunnel???????????????e???e???????????????????????????????????????B???????????z???e?????????????????? "??????????????????? ?????????????????????,?????????? ?&????????????????????1??@nettun.inf,%msft%;Microsoft?????????????????????????????m??e ??? ??????????????d?????????????????????????????N??????0?????D}"???????????????5????2Local Area Connection* 67????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????4Microsoft 6to4 Adapter #58????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ?????????????????????????????????????????????????-??????es???????????2??sg???????????????????????????????????????????????B??????????????????????? ????????????????????8??????9??????42??{4d36e972-e325-11ce-bfc1-08002be10318}\0377?Ne???????B??????????????16??????????????????????????in??????????13???????????????????_???????s??Type????????????????????????????????????? ???????U?????????????,????????$???<???????????????????????????????B2??? ?????????????????????,????????z?????#UNN??Microsoft 6to4 Adapter #358?un??? $??????????????????????????????????????????????3??}"????????????????????????????8?????????????IS????N????????????D24??????????????Microsoft???????????????? P???????????????????????????X??????????t????8??????F??????FF???????????}??*6to4mp???????????????`???????????????????`?????????????????????????????x???????????????????@nettun.inf,%msft%;Microsoft????Microsoft 6to4 Adapter #359??????????????_??????????????????????????FF??????????????9C??9C??? ???????U?????????????,????????$???<??????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ????????????????????????? ?????????????????????0?????????????????????????????????????????????????0????????(??????_??????????????4m???????????????B??? ???????c??????????*6to4mp?????6to4mp.ndi??????6to4mp.ndi???z??????1???? ??????????????????????????????????????????? ?????????????????????0?????????????????????????????????????4??????Type?????????????????????????????F??FF????.?????????????????????$????i??????????ROOT\*6TO4MP\0028???? ?????????????????????0????????????????????6.1.7600.16385???k??? ?????????????????????0?????????????????????????????2??0B??6.1.7600.16385??????? ????????????????????????????????????????????s?"???? ??????????????????????????????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0046?? ??? ?????????????????????0????????????&????????????????????4???????????A??????????????????????? ???????Z?????????????0????????????&???????????????????????? ?????????????????????0??????*?4??? ??????nel??????????????????????d ??????#????r????????????4?????????????Local Area Connection* 35??????
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c44619f299ef
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ? ???????m???????l?m?l??????? ???????j?????k?????k????????????<????????S????????????????????????? ???????k??????????????????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}???????????????????????????k?k?k?k?l???l???m?m???????????k?&????N?????????????????LegacyDriver?????????l????????????N??k????????D???????6?????????A8?????????????k?&??? ???????j?????k?????k????????????=????????L????11??13??????96??????? ???????k??????????????????????N???????????LegacyDriver????????????????????????????????????????? ???k???n??????????USB??????????????6?????????????k?&??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????????????????t???*6to4mp?????????????????t???????????????????tunnel???????k?k? ???k???????????????????k??????? ??????????? ???????????????????8???????y?????????????????s?????????????????????????u??????????????????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? ??k?????????dyB???l??????? r??????????????s???????????5????????????N??k????????DCC0??Storage volumes????????????????????? ????????h???????e??*6to4mp????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????????D?????s\M???????????????????????????????????????s???????????D?????s\n??3&4f11e61&0?????volume_install???????k?k?8???????k???????????k?k?????????k??????.N???????????D?????s\a???U?k?k?k?????-????N??m???0????De10??Network???????????????N??????D????DS\a??? V??????D?????S\q??VgaSave?-2???l?l?l???k?k?k?????????????????s?????????????e??T_???????????????????????????????t??????32???k?k?k???????u??volmgr????????N??m???6??????????????????????t???? B??s??????????????????????????????????? ???????j?????k?????k?????????????????????C?????????????????????5??? ???????k??????????????????????Z????????????????????????-???????j???????e?????k?&???????y??????????????????????Microsoft????????j?????g?????????????????????z?{?y?????????????????????????? ????r?????sE2????X??k???5???5????N??k???5??????????ms_pppoeminiport????WUDFRd???????????p??MBRES????k??????????????Network??????k??? ???????j?????k?????j???????????????????????E???????????????????????k??? ???????k???????????j??????????b???????????? ???????k???????????h?
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???????????????????????????????????????????????????????????????s?????k??????????????????&???LegacyDriver?????k???????????????????????????????5?????s? ???h?j?k?k?k?k?k???|???k???k???????????3??????ow??? V??l???????????????????j??????s???????AP??8&24b49707&0?h???????j???????????k???k???????????????????????????????????????h???-???e????X??????????????k???k??LegacyDriver??????N??k????????D??5??7&172aab4&0??6???????????????????B??????B)????N??k???????????????????1???????????????????????????k??????s????????????????????????k???S??se??{00000000-0000-0000-0000-000000000000}?781???l?l?1??????ut???|???k???k?k?????????????????????}?????sis??Broadcom????mfewfpk?????????????????????????? h??????????????????????k??????????????? j??n???6?????6?6??????????????????mfeavfk???????N??k????????D??5???h?h?j?j?k?k?i??MRxDAV???????k??????????nettun.inf???????k???????????g?k?k?k????s????h?i?k?k????????????????????t??????k?&??? ???????j?????k?????k?????????????? ???????????????????????????????? ???????k???????????j??????????Z??????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ? ???????n?n?n??????????? ???????????????????????????????????????f???n?n????? ?????????????n???????0??L????????? ??????????????n???n????? ???????n?????n???????0????????????&???????????????????????? ???????n?????n???????0????????????????????????????? ???????n???????????n?0?????????????????????????????????????????n??????????ksfilter.inf:Microsoft.NTamd64:MSPCLOCK:6.1.7600.16385:sw\{97ebaacc-95bd-11d0-a3ea-00a0c9223196}?????n?n???????n????? ???????n?????n???????0?????????????????????n?n?????m??? ???????n???????????n?0?????????????????????????????????????????n?????????????????????n????? ???????n?????n???????0???????????????????????n???n???n????????? ???????n???????????n?0????????????????????????????????ms???????n???????????n?n???????n????? ???????n?????m???????0????????????&??????????????????????????n???n????? ???????n?????n???????0????????????????????? ???????n???????????n?0?????????????????????????????????????????n???????????????????n?n???????n????? ???????n?????n???????0????????????????????MSPCLOCK????? ?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ?????????????y??PNP_TDI???????X??????B???????z???y??????????? ????????????????????????????????N??k????????D?? ???????k???C??sr???? ??U???e???e???????k????????????4??o?????????e??????P??t?????????n?????k???????u??????S????????o??????????????????.N???????????????????8???1??????????????????????????????????t????????f??????p????k??*6to4mp??????????k???t??sr??WPD?????LegacyDriver? ????N??k????????D????????? ??????????sin??? ???????j?????k?????k?????????????????????P????usbaudio?l??text?e??? ???????k???????????k??????????V????????????????????????5????"??p??????p??????k?&???????????e?????sIN??????????????????tunnel???|??Type?????????????8??????v_???????k??????s????????k???_??s.?????????????????s?????????k??????????????????????????LegacyDriver?????????j????????????s??????k??????????????????BTHUSB??????? ???????j?????k?????k???????????????????????Y???????????,???????.??? ???????k???????????k??????????b???????????Broadcom???????????????????????????????k?&???? ??U???6???e??????????????t???t??????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ? ???????l?l? ????>????????g?????j?kHI???????Z???a????????N??????????????4??? ???j??????????8????????j???????3????N??k????????Dpor??mferkdet?????????k???????????k?k?????j?j?|??????s????|??? ???????????????????k?k?????????j??????????KSecDD???????k?k?k?????????????????s?????j?j?j??????????????????ROOT\vdrvroot??3?????????????l??? ???????k????????????????????????????????????s?????? ???????k???????????????????????????????f??? ???????k?????k???????0??L????????? ??????????????k???k???k????????? ???????k?????k???????0????????????&???????????????????????? ???????k?????k???????0????????????????????? ???????k???????????j?0????????????????????compositebus.inf:Microsoft.NTamd64:CompositeBus_Device:6.1.7600.16385:root\compositebus?16???????k???3??????.NT????????k????? ???????k?????k???????0????????????????????????rd??????? ???????k???????????j?0?????????????????????????k???3????????2??k???????????k?k???????k????? ???????k?????k???????0???????????????????????k???k???k?????????k?k?????k??????????????? ???????k???????????k?
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Bind ??????????:??????3?g33??? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0??????????????????????.?????????????????????nettun.inf?53???? ??????????????????6to4mp.ndi??????? ??????????????????tunnel????????????????????????????????????????????????`?????????????? ??????????????n???????????????? ?????????????????????,????????????&????????????????????1??? ????????????????????????????????????????4Local Area Connection* 173???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????6Microsoft 6to4 Adapter #163???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Route ????????????text????????? ?????????????????????????????????????????????(??????~?????????????x???? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????69????????????????? ??????????????w??lA??????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????.???????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????? ?????????????????????0????????????????????????????? ?????????????????????0????????????????????????????????????????????????????????????????????? ?????????????????????0?????????????????????????????? ??????9??5b???????????6?????e16??????????????*6to4mp?????????????? ?????????????????????,??????????7?&????????????????????&??? ???????e??????dn?????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage@Export ?????????????????0?????s?????????y???????????????}???????????????n??????????????????????????????????????????PCI\VEN_8086&CC_088000?PCI\VEN_8086&CC_0880?PCI\VEN_8086?PCI\CC_088000?PCI\CC_0880??-E??????????????????????????????????IDE Channel?????{4d36e972-e325-11ce-bfc1-08002be10318}\0028?????? ???y??????????????????????? f??????????????????????l??????????? <??????????????????????????;?????s?????????????????????????????????????????????????????????????????????????? ??????????????????????????????????????????????? ??????????????????????????????????????????????? ?????? ????????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ?????? ??? ????????? ?????????????????????????? ??????????????????????????????????????????????? ?????????????????????????????????????????????????IO:HAL,MBRES;MEM:HAL,MBRES??????Microsoft 6to4 Adapter #24?13???USB??????????p???????e??????????????????@nettun.inf,%msft%;
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Bind ????????????????????????????????? ???????9??????d8???????s??int?????????????????? ????????????????????????"?????p?Q?????????????????????@F???????????0??????????????? ???????????????????????????????????l??????? ?????????????????????????????????????????????d?d??? ??R????d???????d??? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????d?d?????????????????e?e??? ?????????????????????0????????????&???????????????????? ??? ?????????????????????0????????????????????? ?????????????????????0????????~???????????nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?URE??? ?????????????????????0????????????&????????????????????e??? ?????????????????????0????????????????????? ?????????????????????0????????????????????6.1.7600.16385??????????????? ?????????????????????,????????????&????????????????????0??? ???????F??????d3??????????-9??????Microsoft 6to4 Adapter #238???????8?????????????16??tunnel?e?e????8?????????????????????????????????????? .????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Route ?????????????????_??????????? ??{4d36e972-e325-11ce-bfc1-08002be10318}\0088??????j??????????????????????? ???????????????????j?0????????????????????? ?????????????????????0?????????????????????????????j??????????????????????????????????3???????????????????????????????????????????????????\\?\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Apple&Prod_iPod&Rev_1.62#000A270013AE7551&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???????????????? ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A270013AE7551&0#?????\\?\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.62#000A270013AE7551&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}??????????#???? ???????U?????????????,????????N???Q?????????????????????????????????????????}?????USB\VID_05AC&PID_1261\000A270013AE7551?rew??? ?????????????????????,???
Reg HKLM\SYSTEM\CurrentControlSet\services\NetBT\Linkage@Export ?????????????????????t??????????? ??????????????????????????4???Net?????? ??????????????????????????????????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&???????????????????????? ??????????????????????? ????????????????????????V?????????&???????????????????????? ??????????????????????????????????+???????????????????????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&????????????????????F??????????? ?????e????? ???????m?????T\*???????????????????????????|???????|???????l???????k??????????{00000000-0000-0000-0000-000000000000}?n=A???? ??????????????????????y???????????????????????t??????B3??? ????????????????????????V?????????&???????????????????????? ??????????????????????????????????+??????????????????????0????? ?????????????????????,??????????A?&????????????????????e??? ?????????????????????,????????????&????????????????????C???????????r???????s????????N???????????D???????????????????`????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Bind ????????text????????? ???????y??????????tunnel???e??? ?????????????????????0??????????????????????<??????r??????? ???????|???????????j?:????????????&????????????????????3??{4d36e972-e325-11ce-bfc1-08002be10318}??????{93BFC1DA-6F59-44E9-BE19-8DDA3931143D}???4????$?????????????????? ??????????????????????????????????????????????????Type????????? ?????????????????????0????????????&???????????????????????? ???????????????????k?0??????*?4??? ??????????????????????????d?????????????&??????????? ???????????????????p??????????<???????????? ???????????????????????????????????????6??? ??????????????????????????? ??????????6.1.7600.16385??????e????????????3???????????????T???????s??\Device\{E4520241-D9AE-450B-B01B-20F2E17FBAED}??M???? P??????F?????2E7??}???? ???????@????????????????????$?N?*???????????????????????????????N??????d??????????{93BFC1DA-6F59-44E9-BE19-8DDA3931143D}???4???????????????e??????????????????????????????11???????????e??????:????1???????~??? ???????U?????????????,????????$???<??????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Route ????1F??????????tunnel??????? ???????N??????????????????????????????????????Net???????N??????y?????z?y???????y??????????? ??????????dr???????"??????????????????????????4 ??? ??????????????????????????????????????????????ew??? ???????????????????y?0????????????????????????????????? ?????????????????????0????????????????????? ???????????????????k?0????????????????????????????nettun.inf?|?5??????????????????????? ?????????????????????0????????????????????? ???????????????????y?0?????????????????????????????????????l??PI??????????????????Microsoft????????????0??????????????????? ??????????????????6-21-2006???????????????????? ?????????????????????0????????????????????????????????????????????????????? ???????????????????y?0????????????????????????????????????????????????????? ??????????????n???6.1.7600.16385??????? ?????????????????????0?????????????????????????????????????????-????,??????_??nn??????????? ?????????????????????0????????????????????????????????t??????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\Smb\Linkage@Export ????????? ????????????????????????"?????p?|?????????? ????????????????????????"?????p????????????????????:???????????????|???????????????????????????????????????????????B??????????? ????????????????????????"?????p?}?????\T??? ???????2??????????6-21-2006????????????c??{7??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp??h????????????????????????????1??????????????????????????????????????11???????????????????????????-???????.??????????????????int?46??????????*6to4mp?????????????????? ????????????????????????????????????????????sMFE??? ??~????O??????xL??? ???????????????????????????????????????f??? ?????????????????????0??L????????? ?????????????????????????FFFF??????????? ????????????????????????????????????????????s?????? ??}???????????x???? ??????????????????????????????????????????? ?????????????????????0??L????????? ??????69?????????????????E579??? ?????????????????????0????????????&????????????????????6??? ?????????????????????0????????????????????? ?????????????????????0????????~??????????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Bind ?????????????????????}?}?}?}?}?}?}??????? ????????????????????????V?????????&????????????????????A??? ??????????????????????????????????+??????????????????????0? ??????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&???????????????????????? ?????????????????????,????????????&???????????????????????? ??????????????d???? ?????????????????????,????????????&????????????????????i??? ??????????????d???? ?????????????????????,????????????&????????????????????T??? ??????????????d???????????????? p?????????????????????????????Microsoft????????????????????????????????????????????????????????????????????????B???????????&???????????????????????????????&???????E??????????????????????synpd.inf_amd64_neutral_de2c8943900c17e2?V??? ???????w??????????s????????y??? ???????_?????l????????? ??????? ????????????????????`?????????????? *????????????(?????????????????????????0???i??????tunnel??????????????? ???????|?????????????:????????????&????????????????????????????????o?????
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Route ????????*6to4mp??????????????v???e????????????????????????????????????N??????d???????????????????????5?????e?????????y??????????????????? ???????|???????????s?:????????????&????????????????????-????????????????6?????????0-??????????????????????????????????????????????*6to4mp?????? ?????????????????????0????????????&???????????????????????? ?????????????????????0????????????????????????????????????text????? ????????????????????????????????????????????s2}-??????????????????Local Area Connection* 132?p6_????????????????????????$?????????????????ROOT\*6TO4MP\0120??????????????????d????????? ???????????????????????????????????????f??? ?????????????????????0??L????????? ??????69??????????????????d?d??? ?????????????????????0????????????&????????????????????5??????????? ?????????????????????0????????????????????????????? ?????????????????????0????????~?????????????~??????D??-4??nettun.inf:Microsoft.NTamd64:6to4mp.ndi:6.1.7600.16385:*6to4mp?"{9??????????? ?????????????????????0????????????&???????????????????????? ?
Reg HKLM\SYSTEM\CurrentControlSet\services\TCPIP6\Linkage@Export ????????????????????????????????????????????????????nt??@nettun.inf,%msft%;Microsoft?F??? ????????????????????N??????|?????{s?????N?????????????????tunnel?s?????????????????????????????????????????????s??? ???@???d??????????????????Microsoft 6to4 Adapter #144???????:??????a?g?&??*6to4mp?????? 0??????????????????????????????????????????????????1??A7??{00000000-0000-0000-FFFF-FFFFFFFFFFFF}??????Microsoft 6to4 Adapter #181?????;M???????????????????????e??*6to4mp?????? ???@???c????????????????????X??????y??????????????????????@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter?-4????N??????_????Dl????????????????????????????Microsoft?????:????????g????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?819??? p??????e?????e?e???????}???????e???k?k????????????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}\0154?????{00000000-0000-0000-FFFF-FFFFFFFFFFFF}?F-7??tunnel???f??????????????,-??,-??Type????????????????????{4d36e972-e325-11ce-bfc1-08002be10318}????????N???????????D???????N??????|???????|??*6to4mp????????????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind ???/?@??? ???????/???????????/?,??????????????#5a1???????/???d??????-0????2??/???}???????????/???????????V??\\?\ACPI#ThermalZone#TZ00#{4afa3d51-74a7-11d0-be5e-00a0c9062857}?????/??? ??????? ?????????????,??????????'?&???????????????????????? ???????2?????,?????2?,????????"???;??????????????????????????????}????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ??????????????????????????????0?????????????????H?????????????????????????????????????PxHlpa64????? ??????????????????????????????????????????et???&??{8ECC055D-047F-11D1-A537-0000F8753ED1}?D_1??msisadrv?F???/?/?/?/?/?/?4??? ???????/?????8???????0??L????????? ????????,?????/???.???/????????? ???????/?????/???????0????????????&???????????????????????? ???????/?????????????0?????????????????????5?5?5??????????? ???????,?????/?????/?,????????2???C??????????????????????????????????}?????/??? ???????/???????????/?,??????????????#-A5??ACPI\PNP0C0D\2&daba3ff&1?/???/???/???/??????????????? ???????/?????
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route ???/?e????\??7??????????????@%SystemRoot%\system32\atimuixx.dll,-101,ATI PowerPlay Settings??????????????????????????????????????????????????????????/???;?????????????5?&???????/???????e???/???/???????????????????????????????m??pci?????*6to4mp?????Mouse???? ??????????????????? ???????????????????0??NDProxy?ag???????????/????????????????????????? ?,??????? ?????????????2?? ????,??????&??????????a??? ???????,?????????????,??????????????????????t?????? ???????/?????/???????,????????????????????pci??:??? ???????/?????/???????,????????????????D??????/????? ???????/???????????/?,?????? ??????????0?????/?????????????????????????/??? ???????/?????/???????,?????????????????E?????/???/????? ???????/???????????/?,?????? ??????????0???????????????????????/??????????????????? ?????????????????????2?/??????????????????8fabd06f????? ???????/???????????/?0????????H??????????l????? ???????????????????/?2?/??????????????1???8f2e862c????? ???/??????????????????????????? ???????????????????/?2?/?????????????G????49a29d9b3d??? ?
Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export ???A???????????????8?????????????????????8??????????????????????????????1????????????????5???????Z?????????????????????8????hdc???????N??@??????????0 1 2 3 4???? ???????8?????????????0????????????????????? ???V??????????s???MEDIA??????????????????????_?[??IDT??0???????????`?`?`?????8????????p.??hdc??????????????8??????????????????1394????????????????1????????A??? ???????8?????????????0????????????????????hdc????????4????????>????4??????42??STHDA????????@??????????????????????????100?????? ??????????????s?????????????????????"??8??????????????????????????1???????????Root\SYSTEM\0000??????????????????????y??????????@???????????????????????@?A????pci?????64??????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ???????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ???????????????????$???4????? ??????? ??????????????? ??????????? ????????????????????????????????????????? ????????????????$???8?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c44619f299ef (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ? ???????`??%SystemRoot%\System32\LogFiles\AIT\AitEventLog.etl?????????????????????r?????`?`?`?`?`?`?`?`?`?`?`????N??d???????????????:??????s??????? ????????x????b??`??????????%SystemRoot%\System32\LogFiles\SQM\SQMLogger.etl???????????????????e????????????????t???? ??@?????????????????????????????????????????????N??`??????????btwl2cap????????@???????????????? ?????????????????????????????e????Application????????????????????e??????????????????e??????????????????????`??{639eade2-9051-5ddc-d208-b51afd9e984b}??????? ???`??????????l????????????????????`??????@???????????????? ???????????????????????????*???*???`?????????????????r?????`?`?`?`?`?`?`?`?`?`?`????X??e???&???&???????0??????s????k?s?s????N??`??????????{22CE9747-3778-4811-841F-8361B920F596}??????%SystemRoot%\System32\WDI\LogFiles\WdiContextLog.etl?????????;????????????????????????t?????????????????t???????????????????????{00000000-0000-0000-ffff-ffffffffffff}??{3??? .??e???8?????e68??btwavdt??????$|??`??????????????????????????ACPI\FixedButton?*FixedButt
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???s????\SystemRoot\system32\drivers\iaStorV.sys? ???????s??????p???????????al?????s?????s??SCSI Miniport?????V??????????????d???????????!???e????@??????8?????e?????????????t??t????????s???????:????????????????????????R??s????????h???????????????????????????????????????????????????N??s????????h?????? ???????s???????????r????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h?????"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPriv
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ?????????t??t????????s???????:????????????????????????R??s????????h???????????????????????????????????????????????????N??s????????h?????? ???????s???????????r????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h?????"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?s???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ? ??????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? <??????????????????????????i?????s?-????8??l???????????????????k????:????????g?????k?l?????????h???????????k?l?2??? ???????j?????k?????k????????????Q??????????G???????????????????????????U???e???e?????????????g?????k??? ???????j?????k?????k????????????1????????S????? \?????????????????? ???????k??????????????????????N???????????{8ECC055D-047F-11D1-A537-0000F8753ED1}??????{8ECC055D-047F-11D1-A537-0000F8753ED1}???5???k?????k?&???????k??????s????k???????k???5??sb??????????????????????LegacyDriver???????????????????s????*6to4mp?????? ???????j?????k?????k????????????2??????????V??cfwids?pip???k???k??? ???????k??????????????????????N???????????Net?????Sftredir?x?????????????????????????????k?&??LegacyDriver?l???k??RasPppoe?????????"???????u???k??????????MBRES????k??????????????? ???????j?????k?????k????????????F? ???????R???? ???????k???????????k??????????P???????????????????LegacyDriver????int?1??????k?&??? ???????j?????k?????k????????????3? ????????T?????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ??????????????????????????????????????????????N??s????????h?????? ???????s???????????r????????&????? ??????????????????????????????e????? ???????n?????s?? ??s????????$?????????c????????s?????????e????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193??????????????????????????s?????????s????????h?????"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"?????????????????t??????s?????s?????? ????????????????s?????????n????@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192????????s???+??????? ???s??????????????LocalSystem?????????????????????????????????????t????s???????s??????????????????SeTcbPrivilege?SeAssignPrimaryTokenPrivilege?SeTakeOwnershipPrivilege?SeBackupPrivilege?SeRestorePrivilege?SeImpersonatePrivilege?????????,??s???????????????????????????????????????s?s?s?s?s?s?s?s?s?s????? ???????s???????????s??????????????????????????????0????????????????p?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ? ????????^??t?????????e?????????{??????os???????????????????????????????????????y???????????????????k??????p???????? ???????n?????s?????s????????$???????????????R??s?????????e????@%SystemRoot%\system32\iphlpsvc.dll,-500??????Z??s????????h?????%SystemRoot%\System32\svchost.exe -k NetSvcs??????R??s?????????n????@%SystemRoot%\system32\iphlpsvc.dll,-501????? ???s??????????????LocalSystem??????????????:??????????????????????????????????t???????????????t??????? ?????????????:??s???????????e??RpcSS?Tdx?winmgmt?tcpip?nsi???????,??s???????????????????????????????????????s??????????????????SeCreateGlobalPrivilege?SeImpersonatePrivilege?SeLoadDriverPrivilege?????s?s?s?s?s?s?s?s?s?s?s??????????????????????????? ???????s?????????????:????????????????????? ???????s?????????????:???????????? ???????????? ???????s?????p?????h?:??????,?F??? ???????????? F??s??????????????%SystemRoot%\System32\iphlpsvc.dll?????????????????????????????????s???s???s???s????? ???????s?????????????:?????????????????S??? ???????s?????k?????s?:???
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Bind ?????t??USB??&??11?????????g???g??????N??????????????????????d???4?g?4??tunnel???????????f???????????g?g0???? ???h???1?????roo???????d??????s??????g?????g?g????? ???????f?????g?????????????????? ??????4??? ???????f?????g?????????????????????????9??? ???????g?????g??????????"?????????????????????*6to4mp?????tunnel?????????g????? X????????????~???????g????{00000000-0000-0000-ffff-ffffffffffff}?HUB??FltMgr?5?5??????? ??? ???h???2?????1?2????????????????????N??????t????D?????????????????????Volume?86&??Local???????????????????Channel 0, Target 0, Lun 0???5??tunnel???????????????-??57?????????????????s?????g?g?????g?g????????????????????????tunnel????????N??g???4???????????????????0??????? ???h???e?????325??? ^??h?????????5?????????g???D???e????p??????4????????|??????6??????????? ????:??????4?g?4???????????????????????????????t??? ???????g???????????g????????$???????????????s0.1???????????4??????????Vo??? ???????g???????????g????????"?h????????f????h??g ?????????????????h???????????????????????????b???b??????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Route ??????????*??????2????d"{C??@nettun.inf,%6to4mp.displayname%;Microsoft 6to4 Adapter????????|??????????????????????X??????&???????????????4??6}??????????????????????????????????????????int?????????????????t????????????-?????e00??Microsoft 6to4 Adapter #110??2??Microsoft 6to4 Adapter #123??2??? ???????|???????????k?:????????????&????????????????????i???????????F?????e4}??\Device\{F0C9D886-FBEC-43AF-8705-0665C663793D}??-9??????????????????}???????????????????????Net??????????????????????????????}??????????????????????????????Net?????? ???????%?????oso???????????????e??{4d36e972-e325-11ce-bfc1-08002be10318}\0118?0#??@nettun.inf,%msft%;Microsoft????????????????????????*6to4mp?????11???????????????????e???????????????e??Microsoft???11??????????????11???????????????.???e????8?????????????_M???????????????s??Microsoft 6to4 Adapter #111??????????????????m??*6to4mp???????????????N???????????D???????????????????????N???????????D?????Net??????????????????????????????????????t??{4d36e972-e325-11ce-bfc1-08002be10318}?(???
Reg HKLM\SYSTEM\ControlSet002\services\NetBIOS\Linkage@Export ????????????????????? ????????????????????^????????????n????????????????????????????????????????????????????????????eN???m?n?????n??????????\Device\{9A00EA00-FA34-467A-A73F-3D3BB6898866}??os??? ????????????????????????V?????????&????????????????????a?????????{??????????????????N??????p?????D??????????????????????X??????e???t??? ??????????????????????????????<???????????? ???????E?????682??????????????????????????????????????????????? p?????????????????????????? ??????????????????????????????? ??????????????????????????????????+???????????????????????????{9A00EA00-FA34-467A-A73F-3D3BB6898866}-{A01C1BDB-44E5-4C3E-9AC9-C456C184A812}-0000??#0??? ???????????????????????????????????????f????$??????5???????9??Root\*6TO4MP\0164???? ??????????????????????C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe?\??\\?\STORAGE#VOLUMESNAPSHOT#HARDDISKVOLUMESNAPSHOT26#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}???????????????l??????????????????????? ??????????????????system32\DRIVERS\termdd.sys?\termdd.sys
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Bind ???kp???Microsoft???{00000000-0000-0000-0000-000000000000}?les??{8ECC055D-047F-11D1-A537-0000F8753ED1}??????? 6??????????????????????k???????5?????????????? ????????????????????k???????????k??? ??????????????????????S??????????????????????????? ????5?????s????PNP_TDI??????k???k??{8ECC055D-047F-11D1-A537-0000F8753ED1}?5?????????k????????????N??n?????????D?????k???????k??? ???????j?????k?????k???????????????????????_???????????????????k??? ???????k???????????j??????????N???????0c???k?k?k?k?????k???????????????????????????????????????0?????sus???i?j?k?k?k?k?j?????????????k?&?????k?&??? ???????k???????????j??????????\???????????????????????t????????y??PrinterBusEnumerator?????????k????????????<??l?????g????Sftredir?????k??? ???????j?????k?????k???????????????????????O???????????????????k??? ???????k???????????h??????????b???????????6to4mp.ndi?????????? ?????????????????X??t?????????e?????k???????y??Network?????????p??????????????k?&??NDProxy?????LegacyDriver?????k????N??n?????????D????LegacyDriver?S??? ???j???V?
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Route ????????????????????????Net?????????????t???????????????????????????????15??????????????ge??????????????????????????????? ??????????????d?????????????????????????????????????????????????????6???????????h??????????????V??e0??????????????? ??????????????????????????????????????LegacyDriver?????????q??????????????ISATAP.ndi??????????????????????????????????VolumeSnapshot???????? ??????_??????????????????????sF???????????I???O??? ???????N??????dp??????????????????????????????????????*ISATAP?????Net???????????????????N??????????????????????????B???????????????????????????????????0??????Microsoft 6to4 Adapter Driver???? ??????????????????? "??????I???????????? ??????2???e??ROOT\*6TO4MP\0172???????????????????????????? ?????????????????????0????????????????????????????????????6.1.7600.16385??????? ???%,?????? ?????????????????????0????????????????????Microsoft 6to4 Adapter?????????????????????s????? P??????1???????&??tunnel??????? ????????????????????????????????????????????s?????? ?????????????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\NetBT\Linkage@Export ????????????????? ??????????????d?????????????????????????????????????????????????????6???????????h??????????????V??e0??????????????? ??????????????????????????????????????LegacyDriver?????????q??????????????ISATAP.ndi??????????????????????????????????VolumeSnapshot???????? ??????_??????????????????????sF???????????I???O??? ???????N??????dp??????????????????????????????????????*ISATAP?????Net???????????????????N??????????????????????????B???????????????????????????????????0??????Microsoft 6to4 Adapter Driver???? ??????????????????? "??????I???????????? ??????2???e??ROOT\*6TO4MP\0172???????????????????????????? ?????????????????????0????????????????????????????????????6.1.7600.16385??????? ???%,?????? ?????????????????????0????????????????????Microsoft 6to4 Adapter?????????????????????s????? P??????1???????&??tunnel??????? ????????????????????????????????????????????s?????? ????????????????????????????????????????????X?????????????????????????????????11?? ???????????????????? ??????????????????int????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Bind ???o?x??system32\DRIVERS\btwavdt.sys?????????o???p?????e????system32\DRIVERS\btwl2cap.sys????????????????????????????????????????????????o???????????????`???????????????????6??????-1????????????????????6??t????????h??????????z??????????????int???????<??o???S????hpip?????????????g????????????????????????????????*6to4mp??e???????????B??Microsoft????????p???p??????????????????????????????????????????????????????????????@FirewallAPI.dll,-23501??????????????????????????&??????????????????????????????%SystemRoot%\System32\svchost.exe -k netsvcs????CD-ROM Driver????????????????????????o?????????????????????????????????????????#????????????????????@FirewallAPI.dll,-23501??????????????????????????????o???B??p9???o???o??CD/DVD File System Reader???system32\DRIVERS\cdrom.sys?S\cdrom.sys???????????????p?y????LocalSystem??????????????????n??????????????????????????ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)???????o??????????????????????????????????Microsoft????p?p?????&???o?????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Route ???p?v??????????????????????????????Net??????????o???6???????y??System Bus Extender??????????????s??????????????????????????????t????????????????????????????????????????r?r???????p???p??????????????????????4??p???????????????????p????????????<??p????????h??????????????????????????r?r?p??????? ???????p???????????p?,????????8??? ?????????????8??p??????????????\SystemRoot\System32\config?????? ??????????????l???????????????????????? ???????p???????????p?????????????????????????????????t???(??????P???????W????????????????????? ??????????? ???????P???????W???????P???????W???????? ???????n???????????p????????$???N?????????????????????SeCreateGlobalPrivilege?SeChangeNotifyPrivilege?SeIncreaseBasePriorityPrivilege?SeIncreaseQuotaPrivilege????Microsoft .NET Framework NGEN v2.0.50727_X86??????z??p????????h???????<??p?????????n????? ???o????????????????????????????????????????????Z??p?????????e???????????p???p????%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe????Microsoft .NET Framework NGEN??????????????
Reg HKLM\SYSTEM\ControlSet002\services\Smb\Linkage@Export ?????x???????j???????????? ??A???????e??????????? ??????? ???????j?????j?????;????(???????????????????sort??volsnap?????????????????????????s???s???? ???????j?????j???????3????????????????????????????? ???????j???????????j?3?????????????????????y?????????????????????????j????? ???????j???????????i?,??????2??????????0?????? ???????????????????? ?????????????????????j??????????????????????????d?????????????????????????????????????????????*6to4mp????????j???j????? ???????j???????????????????????????????f??? ???????j?????????????0??L????????? ??????????????j???j???j????Mi??? ???????j?????j???????0????????????&???????????????????????? ???????j?????j???????0????????????????????ATA Channel 1??????j?????????j???????????j?j?????j??????????????? ???????j???????????f?0????????????????????internal_ide_channel?????????j??????????Microsoft???PCI\VEN_8086&DEV_2C9C&REV_04?PCI\VEN_8086&DEV_2C9C?PCI\VEN_8086&CC_060000?PCI\VEN_8086&CC_0600?PCI\VEN_8086?PCI\CC_060000?PCI\CC_0600????3???????d??????s???????????????????PNP_TDI????
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Bind ???q?y??11??????system32\DRIVERS\kbdhid.sys?\kbdhid.sys?????????????FSFilter Bottom??????????????????????????????????????????y??@%SystemRoot%\system32\drivers\fileinfo.sys,-100??????<??q??????????????Cryptography?????????y???????y???????q??????p????????q??????????????????system32\drivers\fltmgr.sys??????q???????y??*isatap?t???system32\drivers\fileinfo.sys?????b??r?????????n?????????????????????????????u???U?V?????????g???q?q????? ???????p???????????q?,?????? ?F????????????????????????????????????q????F??q??????????????%systemroot%\system32\sdengin2.dll???????q?q????? ???????p???????????q???????? ?<????????????????g????<??q??????????????%SystemRoot%\System32\wer.dll????????????????????????q?q????? ???????p???????????q?,??????&?N?????????????????????N??q??????????????{CA4E628D-8567-4896-AB6B-835B221F373F}???????????????????????????q?q?q??? ??????????????t?????B??q?????????????e????%systemroot%\system32\tquery.dll?????q?q?q?q?q????B??q??????????????%systemroot%\system32\tquery.dll????? ???????p???????????q?,???
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Route ???b?u???????h???*??s4??11??????????58???????????????????????????????????????????????????????????????????????e???????????????????????????????????:???5??s5???????t???????????????????????????????t??????e???? ???????t???????????s???????????????????e??\Device\{9B4F5092-62CB-4FE4-B3A8-3B200F75FCA3}?\Device\{3B876CB9-E6CC-4EC6-BD51-D4500FBA599B}??057??"{9B4F5092-62CB-4FE4-B3A8-3B200F75FCA3}"?"{3B876CB9-E6CC-4EC6-BD51-D4500FBA599B}"??BD5???????????}?????????t????? ???????n?????t???????,????????R????????n??????????????p????????????????????v?v?v???????????????????????????????????????????????????????e??????????????????????????????????????????????????????????????d4??@%SystemRoot%\system32\drivers\partmgr.sys,-100???????:??????????????????_???z???????????????????t??????????? ???????t???????????s???????????????????e??\Device\{78032B7E-4968-42D3-9F37-287EA86C0AAA}?\Device\{8E301A52-AFFA-4F49-B9CA-C79096A1A056}?\Device\{DF4A9D2C-8742-4EB1-8703-D395C4183F33}?\Device\{E43D242B-9EAB-4626-A952-46649FBB939A}?\Device\{71F897D7-E
Reg HKLM\SYSTEM\ControlSet002\services\TCPIP6\Linkage@Export ???y?y??11???????{?{?{???y??????????????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|App=%ProgramFiles%\Windows Media Player\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|?BT_??v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|???????????y???????????????????????y???;???????????P???????????????y?????????????????e??????4??y?????????e????tunnel???????????y???r?????P\M??????????????????????t????????????????????????e???{?{?{??v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\system32\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|????v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\system32\svchost.exe|
 
---- Files - GMER 1.0.15 ----

File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{671CCD3D-C59C-4EBE-AD44-C14A3F3AAA32}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{0A7B4F47-7D0C-446E-BE7E-D6AFFEAC41B1}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{5393BB87-5E9D-4C3A-936A-AD313BB41742}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{3A5E8611-6066-4980-9B8D-3A0F63EEF496}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{8AD92C75-604B-439D-BA27-2E09D0B406AB}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{D0A7C592-AED4-4F44-B630-E01B93217AAA}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{7433881E-BA69-4118-A0A6-28F52298B9AA}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{9B6D21CC-233C-41CA-A66A-CB17F151B6C0}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{6EEC6C21-DAD9-44A9-B19A-49EF1EF3B73E}.jpg 55363 bytes
File C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\{D436E629-9A23-4C38-85A7-078C190AC488}.jpg 55363 bytes

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-06-11.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Chris at 14:55:16 on 2011-06-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8125.5626 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [FAStartup]
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\05348553030303 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\0575E4 : DhcpNameServer = 172.26.27.11 172.26.27.10
TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\540595A463 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\551475962756C65637378456C607 : DhcpNameServer = 169.226.1.100 169.226.1.103
TCP: Interfaces\{529211FA-9C90-4F5A-973F-2155A77D0B7F}\75D2C416E64463640313 : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll
BHO-X64: scriptproxy - No File
BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: FAIESSO Helper Object - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [FAStartup]
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2011-06-11 15:48:45 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-10 20:03:31 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6982D6C-233D-460A-AF9E-34BD3C4FFFB5}\mpengine.dll
2011-06-10 15:52:13 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-06-10 15:52:13 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-06-10 15:52:13 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-06-10 15:51:31 -------- d-----w- C:\Program Files\iPod
2011-06-10 15:51:29 -------- d-----w- C:\Program Files\iTunes
2011-06-10 15:07:51 -------- d-----w- C:\Users\Chris\AppData\Local\PackageAware
2011-06-10 13:55:12 -------- d-----w- C:\ProgramData\iolo
2011-06-10 02:48:21 -------- d-----w- C:\Program Files\Bonjour
2011-06-10 02:48:21 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-25 20:12:38 -------- d-----w- C:\Program Files\Dell Support Center
2011-05-25 20:09:00 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-21 22:38:04 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-21 22:38:04 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-15 05:22:30 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-06-11 16:34:11 52224 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2011-06-11 16:34:11 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2011-06-11 16:33:56 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2011-06-11 16:33:56 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-06 20:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 20:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 20:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 20:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 20:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
============= FINISH: 14:56:49.97 ===============
 
.
DDS (Ver_2011-06-11.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/4/2010 1:06:13 AM
System Uptime: 6/11/2011 12:33:43 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0874P6
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | U2E1 | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 472.227 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP166: 6/3/2011 11:13:24 AM - Windows Update
RP167: 6/7/2011 9:34:57 PM - Windows Update
RP168: 6/9/2011 12:51:41 PM - Removed Apple Mobile Device Support
RP169: 6/10/2011 10:07:55 AM - Removed Dell DataSafe Local Backup - Support Software
RP170: 6/10/2011 10:08:35 AM - Removed Dell DataSafe Local Backup
RP171: 6/10/2011 10:09:01 AM - Removed Dell DataSafe Online.
RP172: 6/10/2011 10:41:17 AM - Removed Accelerometer
RP173: 6/10/2011 10:43:18 AM - Removed LoJack for Laptops Notifier.
RP174: 6/10/2011 10:44:47 AM - Removed Apple Mobile Device Support
RP175: 6/10/2011 10:46:22 AM - Removed Banctec Service Agreement
RP176: 6/10/2011 10:47:24 AM - Removed PaperPort Image Printer 64-bit
RP177: 6/10/2011 10:50:46 AM - Windows Live Essentials
RP178: 6/10/2011 10:51:36 AM - WLSetup
RP179: 6/10/2011 11:00:49 AM - Removed Windows Live Mesh ActiveX Control for Remote Connections
RP180: 6/10/2011 11:02:11 AM - Removed Windows Live Sync
RP181: 6/10/2011 11:03:33 AM - Removed Apple Application Support
RP182: 6/10/2011 11:04:07 AM - Removed Apple Application Support
RP183: 6/10/2011 11:18:00 AM - Removed Microsoft Office Outlook Connector
RP184: 6/10/2011 11:18:30 AM - Removed Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
RP185: 6/10/2011 11:26:58 AM - Removed iTunes
RP186: 6/10/2011 11:33:57 AM - Removed QuickTime
RP187: 6/10/2011 11:50:41 AM - Installed iTunes
RP188: 6/10/2011 11:56:32 AM - Removed Apple Mobile Device Support
RP189: 6/10/2011 4:02:46 PM - Windows Update
RP190: 6/11/2011 12:01:45 PM - Removed Adobe Reader 9.4.4.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Advanced Audio FX Engine
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Audacity 1.2.6
BitZipper 2010
Brother MFL-Pro Suite MFC-J615W
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Definition update for Microsoft Office 2010 (KB982726)
Dell Webcam Central
DirectXInstallService
EMC 10 Content
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 24
LAME v3.98.2 for Audacity
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee SecurityCenter
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD DX
QuickTime
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
ScanSoft PaperPort 11
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skins
Skype™ 5.1
Sonic CinePlayer Decoder Pack
Sound Blaster X-Fi MB
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
.
==== Event Viewer Messages From Past Week ========
.
6/9/2011 12:12:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 12:12:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 12:11:16 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 12:10:16 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/9/2011 1:20:18 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/7/2011 11:18:06 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
6/7/2011 11:17:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000117 (0xfffffa80077c9010, 0xfffff88001ccef68, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\060711-29889-01.dmp. Report Id: 060711-29889-01.
6/7/2011 10:58:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
6/7/2011 10:57:50 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
6/11/2011 12:34:51 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter
6/11/2011 12:34:11 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.
6/11/2011 12:34:09 PM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified.
6/11/2011 12:31:50 PM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
6/10/2011 3:38:49 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
6/10/2011 2:23:56 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 2:23:56 PM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 11:56:55 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/10/2011 10:08:28 AM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:
 
2011/06/12 12:25:55.0276 3564 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/12 12:25:56.0424 3564 ================================================================================
2011/06/12 12:25:56.0424 3564 SystemInfo:
2011/06/12 12:25:56.0424 3564
2011/06/12 12:25:56.0424 3564 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/12 12:25:56.0424 3564 Product type: Workstation
2011/06/12 12:25:56.0424 3564 ComputerName: CHRIS-PC
2011/06/12 12:25:56.0425 3564 UserName: Chris
2011/06/12 12:25:56.0425 3564 Windows directory: C:\Windows
2011/06/12 12:25:56.0425 3564 System windows directory: C:\Windows
2011/06/12 12:25:56.0425 3564 Running under WOW64
2011/06/12 12:25:56.0425 3564 Processor architecture: Intel x64
2011/06/12 12:25:56.0425 3564 Number of processors: 8
2011/06/12 12:25:56.0425 3564 Page size: 0x1000
2011/06/12 12:25:56.0425 3564 Boot type: Normal boot
2011/06/12 12:25:56.0425 3564 ================================================================================
2011/06/12 12:25:57.0704 3564 Initialize success
2011/06/12 12:26:11.0749 5796 ================================================================================
2011/06/12 12:26:11.0749 5796 Scan started
2011/06/12 12:26:11.0749 5796 Mode: Manual;
2011/06/12 12:26:11.0749 5796 ================================================================================
2011/06/12 12:26:13.0557 5796 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/12 12:26:13.0626 5796 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
2011/06/12 12:26:13.0722 5796 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/12 12:26:13.0774 5796 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/12 12:26:13.0833 5796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/12 12:26:13.0864 5796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/12 12:26:13.0906 5796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/12 12:26:13.0997 5796 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/12 12:26:14.0055 5796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/12 12:26:14.0106 5796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/12 12:26:14.0166 5796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/12 12:26:14.0229 5796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/12 12:26:14.0252 5796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/12 12:26:14.0315 5796 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/06/12 12:26:14.0401 5796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/12 12:26:14.0448 5796 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/06/12 12:26:14.0541 5796 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/12 12:26:14.0598 5796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/12 12:26:14.0641 5796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/12 12:26:14.0708 5796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/12 12:26:14.0740 5796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/12 12:26:14.0805 5796 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/06/12 12:26:15.0284 5796 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/12 12:26:15.0862 5796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/12 12:26:15.0946 5796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/12 12:26:15.0998 5796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/12 12:26:16.0100 5796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/12 12:26:16.0169 5796 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/12 12:26:16.0260 5796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/12 12:26:16.0304 5796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/12 12:26:16.0396 5796 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\Windows\system32\DRIVERS\BrSerIb.sys
2011/06/12 12:26:16.0482 5796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/12 12:26:16.0510 5796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/12 12:26:16.0535 5796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/12 12:26:16.0554 5796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/12 12:26:16.0581 5796 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
2011/06/12 12:26:16.0677 5796 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/12 12:26:16.0713 5796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/12 12:26:16.0745 5796 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/12 12:26:16.0777 5796 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/06/12 12:26:16.0819 5796 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/12 12:26:16.0881 5796 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
2011/06/12 12:26:16.0982 5796 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
2011/06/12 12:26:17.0055 5796 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/06/12 12:26:17.0163 5796 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/06/12 12:26:17.0240 5796 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/06/12 12:26:17.0334 5796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/12 12:26:17.0421 5796 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/12 12:26:17.0519 5796 cfwids (3b8a124d87ee9d229d1f07f518da9a4c) C:\Windows\system32\drivers\cfwids.sys
2011/06/12 12:26:17.0539 5796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/12 12:26:17.0603 5796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/12 12:26:17.0757 5796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/12 12:26:17.0790 5796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/12 12:26:17.0850 5796 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/12 12:26:17.0909 5796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/12 12:26:17.0981 5796 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/12 12:26:18.0411 5796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/12 12:26:18.0529 5796 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
2011/06/12 12:26:18.0665 5796 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/12 12:26:18.0699 5796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/12 12:26:18.0761 5796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/12 12:26:18.0840 5796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/12 12:26:18.0938 5796 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/12 12:26:19.0178 5796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/12 12:26:19.0713 5796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/12 12:26:19.0806 5796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/12 12:26:19.0924 5796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/12 12:26:19.0976 5796 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
2011/06/12 12:26:20.0116 5796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/12 12:26:20.0183 5796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/12 12:26:20.0246 5796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/12 12:26:20.0263 5796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/12 12:26:20.0287 5796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/12 12:26:20.0313 5796 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/12 12:26:20.0351 5796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/12 12:26:20.0377 5796 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/12 12:26:20.0439 5796 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/12 12:26:20.0483 5796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/12 12:26:20.0577 5796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/12 12:26:20.0682 5796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/12 12:26:20.0744 5796 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/12 12:26:20.0782 5796 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/06/12 12:26:20.0842 5796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/12 12:26:20.0873 5796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/12 12:26:20.0935 5796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/12 12:26:21.0012 5796 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/12 12:26:21.0063 5796 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/12 12:26:21.0102 5796 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/12 12:26:21.0134 5796 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/12 12:26:21.0202 5796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/12 12:26:21.0295 5796 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/06/12 12:26:21.0378 5796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/12 12:26:21.0434 5796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/12 12:26:21.0480 5796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/12 12:26:21.0531 5796 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/12 12:26:21.0589 5796 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/12 12:26:21.0615 5796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/12 12:26:21.0683 5796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/12 12:26:21.0730 5796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/12 12:26:21.0801 5796 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/12 12:26:21.0863 5796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/12 12:26:21.0898 5796 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/12 12:26:21.0987 5796 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/12 12:26:22.0081 5796 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/12 12:26:22.0185 5796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/12 12:26:22.0265 5796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/12 12:26:22.0336 5796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/12 12:26:22.0367 5796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/12 12:26:22.0385 5796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/12 12:26:22.0418 5796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/12 12:26:22.0459 5796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/12 12:26:22.0554 5796 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/12 12:26:22.0725 5796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/12 12:26:22.0800 5796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/12 12:26:22.0891 5796 mfeapfk (0d8a2ccd9fb7a18114ffa13bb681f362) C:\Windows\system32\drivers\mfeapfk.sys
2011/06/12 12:26:22.0988 5796 mfeavfk (58e891f01db2b41ef1a1296fe63ed74c) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/12 12:26:23.0136 5796 mfebopk (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
2011/06/12 12:26:23.0259 5796 mfefirek (74c4bf6c59a8a900c25ee892d3771f73) C:\Windows\system32\drivers\mfefirek.sys
2011/06/12 12:26:23.0329 5796 mfehidk (bcd060ddc1ea7d2f84e75d17c8e2c88c) C:\Windows\system32\drivers\mfehidk.sys
2011/06/12 12:26:23.0458 5796 mfenlfk (27f5b2b6261d018cbce0f2250d812be5) C:\Windows\system32\DRIVERS\mfenlfk.sys
2011/06/12 12:26:23.0572 5796 mferkdet (537d31cf8d41222be5bfa56a5ec35ceb) C:\Windows\system32\drivers\mferkdet.sys
2011/06/12 12:26:23.0667 5796 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
2011/06/12 12:26:23.0758 5796 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
2011/06/12 12:26:23.0872 5796 mfewfpk (5c07cb165074c6114616d8473cdd0938) C:\Windows\system32\drivers\mfewfpk.sys
2011/06/12 12:26:24.0034 5796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/12 12:26:24.0105 5796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/12 12:26:24.0161 5796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/12 12:26:24.0217 5796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/12 12:26:24.0294 5796 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/12 12:26:24.0316 5796 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/12 12:26:24.0342 5796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/12 12:26:24.0414 5796 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/12 12:26:24.0461 5796 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/12 12:26:24.0515 5796 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/12 12:26:24.0577 5796 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/12 12:26:24.0649 5796 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/12 12:26:24.0741 5796 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/12 12:26:24.0803 5796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/12 12:26:24.0861 5796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/12 12:26:24.0894 5796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/12 12:26:24.0970 5796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/12 12:26:25.0004 5796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/12 12:26:25.0030 5796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/12 12:26:25.0056 5796 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/12 12:26:25.0096 5796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/12 12:26:25.0133 5796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/12 12:26:25.0177 5796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/12 12:26:25.0211 5796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/12 12:26:25.0379 5796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/12 12:26:25.0457 5796 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/12 12:26:25.0515 5796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/12 12:26:25.0593 5796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/12 12:26:25.0651 5796 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/12 12:26:25.0683 5796 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/12 12:26:25.0766 5796 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/12 12:26:25.0814 5796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/12 12:26:25.0846 5796 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/12 12:26:26.0301 5796 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/06/12 12:26:26.0618 5796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/12 12:26:26.0676 5796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/12 12:26:26.0697 5796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/12 12:26:26.0852 5796 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/06/12 12:26:26.0935 5796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/12 12:26:27.0014 5796 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/06/12 12:26:27.0108 5796 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/06/12 12:26:27.0227 5796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/12 12:26:27.0273 5796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/12 12:26:27.0357 5796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/12 12:26:27.0395 5796 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/12 12:26:27.0536 5796 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
2011/06/12 12:26:27.0600 5796 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/12 12:26:27.0639 5796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/12 12:26:27.0690 5796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/12 12:26:27.0721 5796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/12 12:26:27.0756 5796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/12 12:26:27.0903 5796 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/12 12:26:27.0944 5796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/12 12:26:28.0014 5796 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/12 12:26:28.0079 5796 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/12 12:26:28.0182 5796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/12 12:26:28.0253 5796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/12 12:26:28.0292 5796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/12 12:26:28.0355 5796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/12 12:26:28.0423 5796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/12 12:26:28.0460 5796 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/12 12:26:28.0493 5796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/12 12:26:28.0520 5796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/12 12:26:28.0551 5796 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/12 12:26:28.0587 5796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/12 12:26:28.0638 5796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/12 12:26:28.0663 5796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/12 12:26:28.0683 5796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/12 12:26:28.0750 5796 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/12 12:26:28.0852 5796 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/12 12:26:28.0941 5796 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/12 12:26:28.0985 5796 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
2011/06/12 12:26:29.0090 5796 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
2011/06/12 12:26:29.0398 5796 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
2011/06/12 12:26:29.0749 5796 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
2011/06/12 12:26:29.0877 5796 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
2011/06/12 12:26:29.0950 5796 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
2011/06/12 12:26:30.0070 5796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/12 12:26:30.0144 5796 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/06/12 12:26:30.0254 5796 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/12 12:26:30.0286 5796 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/12 12:26:30.0360 5796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/12 12:26:30.0420 5796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/12 12:26:30.0473 5796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/12 12:26:30.0524 5796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/12 12:26:30.0622 5796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/12 12:26:30.0692 5796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/12 12:26:30.0837 5796 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/12 12:26:30.0920 5796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/12 12:26:31.0173 5796 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/06/12 12:26:31.0464 5796 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/06/12 12:26:31.0666 5796 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/06/12 12:26:31.0880 5796 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/06/12 12:26:32.0011 5796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/12 12:26:32.0050 5796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/12 12:26:32.0093 5796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/12 12:26:32.0164 5796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/12 12:26:32.0224 5796 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/12 12:26:32.0303 5796 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/12 12:26:32.0375 5796 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/12 12:26:32.0495 5796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/12 12:26:32.0586 5796 STHDA (caf5a9708671b14b9670260735b22c4e) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/06/12 12:26:32.0659 5796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/12 12:26:32.0764 5796 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/12 12:26:33.0116 5796 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/06/12 12:26:33.0523 5796 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/12 12:26:33.0700 5796 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/12 12:26:33.0764 5796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/12 12:26:33.0795 5796 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/12 12:26:33.0841 5796 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/12 12:26:33.0873 5796 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/12 12:26:33.0920 5796 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/12 12:26:33.0985 5796 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/12 12:26:34.0049 5796 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
2011/06/12 12:26:34.0381 5796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/12 12:26:34.0443 5796 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/12 12:26:34.0554 5796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/12 12:26:34.0579 5796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/12 12:26:34.0614 5796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/12 12:26:34.0673 5796 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/12 12:26:34.0781 5796 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/06/12 12:26:34.0878 5796 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/12 12:26:34.0927 5796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/12 12:26:35.0001 5796 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/12 12:26:35.0082 5796 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/12 12:26:35.0149 5796 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/12 12:26:35.0226 5796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/12 12:26:35.0296 5796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/12 12:26:35.0346 5796 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/12 12:26:35.0447 5796 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/12 12:26:35.0524 5796 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/12 12:26:35.0637 5796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/12 12:26:35.0718 5796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/12 12:26:35.0753 5796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/12 12:26:35.0787 5796 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/12 12:26:35.0828 5796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/12 12:26:35.0938 5796 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/12 12:26:35.0997 5796 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/12 12:26:36.0032 5796 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/12 12:26:36.0166 5796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/12 12:26:36.0308 5796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/12 12:26:36.0401 5796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/12 12:26:36.0460 5796 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/06/12 12:26:36.0498 5796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/12 12:26:36.0564 5796 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/12 12:26:36.0578 5796 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/12 12:26:36.0685 5796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/12 12:26:36.0745 5796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/12 12:26:37.0157 5796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/12 12:26:37.0215 5796 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/06/12 12:26:37.0280 5796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/12 12:26:37.0390 5796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/12 12:26:37.0453 5796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/12 12:26:37.0528 5796 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/06/12 12:26:37.0632 5796 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/12 12:26:37.0754 5796 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/12 12:26:37.0767 5796 ================================================================================
2011/06/12 12:26:37.0767 5796 Scan finished
2011/06/12 12:26:37.0767 5796 ================================================================================
2011/06/12 12:26:37.0778 5668 Detected object count: 0
2011/06/12 12:26:37.0778 5668 Actual detected object count: 0
 
aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-12 12:27:37
-----------------------------
12:27:37.274 OS Version: Windows x64 6.1.7600
12:27:37.274 Number of processors: 8 586 0x1E05
12:27:37.274 ComputerName: CHRIS-PC UserName: Chris
12:27:38.678 Initialize success
12:27:53.014 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:27:53.014 Disk 0 Vendor: SAMSUNG_HM641JI 2AJ10001 Size: 610480MB BusType: 11
12:27:55.074 Disk 0 MBR read successfully
12:27:55.074 Disk 0 MBR scan
12:27:55.074 Disk 0 unknown MBR code
12:27:55.074 Service scanning
12:27:58.506 Disk 0 trace - called modules:
12:27:58.521 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:27:58.521 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d4c790]
12:27:58.537 3 CLASSPNP.SYS[fffff880015b043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007bb1060]
12:27:58.537 Scan finished successfully
12:28:16.474 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Documents\MBR.dat"
12:28:16.474 The log file has been saved successfully to "C:\Users\Chris\Documents\aswMBR.txt"
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 11-06-11.01 - Chris 06/12/2011 16:38:47.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8125.6290 [GMT -4:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))
.
.
2011-06-12 20:37 . 2011-06-12 20:37 -------- d-----w- C:\32788R22FWJFW
2011-06-11 15:48 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-10 20:03 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6982D6C-233D-460A-AF9E-34BD3C4FFFB5}\mpengine.dll
2011-06-10 15:52 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-10 15:52 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-06-10 15:52 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-06-10 15:51 . 2011-06-10 15:51 -------- d-----w- c:\program files\iPod
2011-06-10 15:51 . 2011-06-10 15:52 -------- d-----w- c:\program files\iTunes
2011-06-10 15:49 . 2011-06-10 15:49 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-06-10 15:07 . 2011-06-10 15:07 -------- d-----w- c:\users\Chris\AppData\Local\PackageAware
2011-06-10 13:55 . 2011-06-10 14:48 -------- d-----w- c:\programdata\iolo
2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\program files\Bonjour
2011-06-10 02:48 . 2011-06-10 02:48 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-25 20:12 . 2011-06-08 23:52 -------- d-----w- c:\program files\Dell Support Center
2011-05-25 20:09 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 22:38 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-21 22:38 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-15 05:22 . 2011-06-01 18:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-12 20:52 . 2011-04-15 19:01 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2011-06-12 20:52 . 2010-08-07 17:33 52224 ----a-w- c:\windows\SysWow64\rpcnet.dll
2011-06-12 20:52 . 2011-04-15 19:01 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2011-06-12 20:52 . 2011-04-15 19:01 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-05-29 13:11 . 2011-03-26 17:01 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 15:08 . 2011-05-10 15:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-10 15:08 . 2011-05-10 15:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-10 15:08 . 2011-05-10 15:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-10 15:08 . 2011-05-10 15:08 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-10 15:08 . 2011-05-10 15:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-10 15:08 . 2011-05-10 15:08 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-10 15:08 . 2011-05-10 15:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-10 15:08 . 2011-05-10 15:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-10 15:08 . 2011-05-10 15:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-10 15:08 . 2011-05-10 15:08 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-10 15:08 . 2011-05-10 15:08 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-10 15:08 . 2011-05-10 15:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-10 15:08 . 2011-05-10 15:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-10 15:08 . 2011-05-10 15:08 448512 ----a-w- c:\windows\system32\html.iec
2011-05-10 15:08 . 2011-05-10 15:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-10 15:08 . 2011-05-10 15:08 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-10 15:08 . 2011-05-10 15:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-10 15:08 . 2011-05-10 15:08 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-10 15:08 . 2011-05-10 15:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-10 15:08 . 2011-05-10 15:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-10 15:08 . 2011-05-10 15:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-10 15:08 . 2011-05-10 15:08 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-05-10 15:08 . 2011-05-10 15:08 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-10 15:08 . 2011-05-10 15:08 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-05-10 15:08 . 2011-05-10 15:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-10 15:08 . 2011-05-10 15:08 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-10 15:08 . 2011-05-10 15:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-10 15:08 . 2011-05-10 15:08 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-10 15:08 . 2011-05-10 15:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-10 15:08 . 2011-05-10 15:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-10 15:08 . 2011-05-10 15:08 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-10 15:08 . 2011-05-10 15:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-10 15:08 . 2011-05-10 15:08 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-10 15:08 . 2011-05-10 15:08 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-10 15:08 . 2011-05-10 15:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-10 15:08 . 2011-05-10 15:08 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-10 15:08 . 2011-05-10 15:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-10 15:08 . 2011-05-10 15:08 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-10 15:08 . 2011-05-10 15:08 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-10 15:08 . 2011-05-10 15:08 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-10 15:08 . 2011-05-10 15:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-10 15:08 . 2011-05-10 15:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-09 06:45 . 2011-05-12 15:16 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-12 15:16 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-12 15:16 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-06 20:26 . 2011-04-06 20:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-07-01 1484856]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.EXE" [2010-09-02 2045440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-04-04 15:43 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-21 79360]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-21 79360]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-06-01 244840]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-06-01 148520]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7729.cfxxe" [X]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
Wow6432Node-HKLM-Run-dellsupportcenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\program files (x86)\Brother\ControlCenter3\brccMCtl.exe
.
**************************************************************************
.
Completion time: 2011-06-12 17:05:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-12 21:05
.
Pre-Run: 506,525,835,264 bytes free
Post-Run: 506,598,920,192 bytes free
.
- - End Of File - - 88635814D21ABCA74D65583B8A775232
 
Looks good :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 6/12/2011 5:57:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.96% Memory free
15.87 Gb Paging File | 13.95 Gb Available in Paging File | 87.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 471.91 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/12 17:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/08/07 13:30:08 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/04 11:44:10 | 000,095,560 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/04/04 11:44:08 | 001,992,008 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/02/23 11:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/12 17:55:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/31 20:32:58 | 000,244,840 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/05/31 20:32:58 | 000,199,032 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/05/31 20:32:58 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/04/15 09:45:10 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/01/20 16:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/18 01:45:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 16:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/08/17 22:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 14:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/08/07 13:30:08 | 000,052,224 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/07/04 01:28:15 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/06/21 16:04:07 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/06/21 16:03:02 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/04 11:43:38 | 002,409,800 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 11:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/05/12 14:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/05/31 20:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/05/31 20:32:58 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/05/31 20:32:58 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/05/31 20:32:58 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/01/20 16:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/18 02:21:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 23:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV:64bit: - [2009/11/02 23:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/29 21:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/08/28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/24 02:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 07:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 20:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 06:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/07/01 00:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 00:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 00:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/25 05:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 04:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 04:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/18 10:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 03:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/24 15:18:12 | 000,000,000 | ---D | M]

[2011/03/06 18:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2010/08/23 00:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/06 18:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\2o629txw.default\extensions
[2011/05/10 11:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/22 11:12:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/24 15:18:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/22 21:37:04 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/06/12 16:53:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100912002416.dll (McAfee, Inc.)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 17:05:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/12 16:53:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/12 16:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/12 16:37:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/12 16:37:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/12 16:37:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/12 16:37:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/12 16:37:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/12 16:37:17 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/11 11:48:45 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/11 11:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/10 11:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/10 11:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/10 11:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/10 11:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/06/10 11:49:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/06/10 11:49:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/10 11:07:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\PackageAware
[2011/06/10 09:55:12 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2011/06/09 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/09 22:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/25 16:13:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/05/25 16:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2010/08/07 13:29:16 | 011,376,088 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Chris\AppData\Roaming\LoJackSetup.exe
[1 C:\Users\Chris\Documents\*.tmp files -> C:\Users\Chris\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 17:54:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/12 17:54:28 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2011/06/12 17:01:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 17:01:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/12 16:53:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/12 16:52:19 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/06/12 16:52:18 | 000,052,224 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2011/06/12 16:52:12 | 2094,424,063 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 16:52:03 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/06/12 12:28:16 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Documents\MBR.dat
[2011/06/11 14:10:21 | 000,084,082 | ---- | M] () -- C:\Users\Chris\Documents\drawing board.rtf
[2011/06/07 13:29:06 | 000,736,690 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/07 13:29:06 | 000,144,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/07 13:29:06 | 000,005,432 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/01 23:32:36 | 000,456,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/25 16:34:27 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\Users\Chris\Documents\*.tmp files -> C:\Users\Chris\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 16:37:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/12 16:37:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/12 16:37:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/12 16:37:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/12 16:37:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/12 12:28:16 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Documents\MBR.dat
[2011/05/25 16:13:39 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/15 15:01:33 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/04/15 15:01:17 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/03/06 18:52:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/14 21:19:35 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/09/20 11:49:52 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/09/20 11:49:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/09/20 11:46:47 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/20 11:44:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010/09/20 11:44:24 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010/09/20 11:37:18 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/08/25 01:33:06 | 000,005,632 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 13:28:51 | 000,000,046 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\FactoryInstaller.xml
[2010/07/04 01:34:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/21 17:21:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/21 16:05:34 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/06/21 16:05:34 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/06/21 16:05:34 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/06/21 16:05:19 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/06/21 16:05:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/04/04 11:45:06 | 000,089,416 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/04/04 11:44:12 | 000,059,208 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/04/04 11:42:44 | 000,247,624 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/08/07 13:35:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Absolute
[2010/12/16 15:14:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Absolute_Software
[2010/07/04 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\acccore
[2010/10/24 23:12:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BitZipper
[2010/10/29 01:22:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Hardcore
[2011/03/03 16:09:20 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PCDr
[2010/07/14 00:10:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlayFirst
[2011/06/10 11:19:37 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoftGrid Client
[2011/06/01 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\SoundSpectrum
[2010/07/04 01:35:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TP
[2011/05/25 16:34:27 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/06/09 12:10:13 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/06/12 17:05:16 | 000,023,080 | ---- | M] () -- C:\ComboFix.txt
[2010/06/21 18:08:18 | 000,004,453 | RH-- | M] () -- C:\dell.sdr
[2011/06/12 16:52:12 | 2094,424,063 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/04 15:53:13 | 000,000,346 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/06/12 16:52:11 | 4224,225,279 | -HS- | M] () -- C:\pagefile.sys
[2011/06/10 10:08:34 | 000,026,144 | ---- | M] () -- C:\RPSetup.exe.log
[2011/06/12 12:27:07 | 000,071,754 | ---- | M] () -- C:\TDSSKiller.2.5.4.0_12.06.2011_12.25.55_log.txt
[2011/04/17 10:57:09 | 000,001,094 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/02/20 01:17:55 | 000,001,622 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/10 11:14:09 | 000,000,221 | -HS- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >
[2010/10/21 00:23:26 | 000,000,698 | ---- | M] () -- C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/06 10:23:29 | 000,000,402 | -HS- | M] () -- C:\Users\Chris\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/07/12 15:40:52 | 000,000,003 | RH-- | M] () -- C:\ProgramData\LoJackNotifier.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >
 
========== Files - Unicode (All) ==========
[2010/07/23 20:44:50 | 000,119,479 | ---- | M] ()(C:\Users\Chris\Documents\pop?reggae?reggaeton?techno tracklist.docx) -- C:\Users\Chris\Documents\popreggaereggaetontechno tracklist.docx
[2010/07/23 20:37:56 | 000,119,479 | ---- | C] ()(C:\Users\Chris\Documents\pop?reggae?reggaeton?techno tracklist.docx) -- C:\Users\Chris\Documents\popreggaereggaetontechno tracklist.docx
[2010/07/23 20:33:47 | 000,128,139 | ---- | M] ()(C:\Users\Chris\Documents\country?dance?latin?oldies tracklist.docx) -- C:\Users\Chris\Documents\countrydancelatinoldies tracklist.docx
[2010/07/23 20:33:45 | 000,128,139 | ---- | C] ()(C:\Users\Chris\Documents\country?dance?latin?oldies tracklist.docx) -- C:\Users\Chris\Documents\countrydancelatinoldies tracklist.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 92 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.metadatakMDItemWhereFroms
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\what it's worth.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\to be or not to be.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\the pit.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\temptation.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\so serious.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\secret lovers.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rude girl.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #2 tracklist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #1 playlist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #2 tracklist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #1 tracklist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #3 tracklist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #2 tracklist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #1 tracklist.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\pouring down.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\outta my business.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\ny girls.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\no games.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my style.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my chick bad.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\moment for life remix.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\mixed.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\make her say.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\latino.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\knockin boots.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\in the morning.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\im gettin it.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i need a beat.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i miss you.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\hypnotized.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\handle biz.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\guess who.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin uphill.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin down.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\gangsta party.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\down for whatever.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\deuces.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\darkness before dawn.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\close your eyes.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\call me savior.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\being myself.docx:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\back to the boogie.rtf:AFP_AfpInfo
@Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\amazing.rtf:AFP_AfpInfo
@Alternate Data Stream - 11 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.TextEncoding

< End of report >
 
OTL Extras logfile created on: 6/12/2011 5:57:58 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.96% Memory free
15.87 Gb Paging File | 13.95 Gb Available in Paging File | 87.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.48 Gb Total Space | 471.91 Gb Free Space | 81.16% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1336D61B-1D48-4E5C-9E39-35444B00EE3D}" = FastAccess
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity_is1" = Audacity 1.2.6
"BitZipper_is1" = BitZipper 2010
"Dell Webcam Central" = Dell Webcam Central
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2011 10:50:47 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Disk Filter Driver for Accelerometer. System Error: The system cannot find
the file specified. .

Error - 6/10/2011 10:51:36 AM | Computer Name = Chris-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary Disk Filter Driver for Accelerometer. System Error: The system cannot find
the file specified. .

Error - 6/10/2011 11:35:34 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: MsiExec.exe, version: 5.0.7600.16385, time
stamp: 0x4a5bc3e6 Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0,
time stamp: 0x4cf4536a Exception code: 0xc0000005 Fault offset: 0x67d8bb89 Faulting
process id: 0x8a4 Faulting application start time: 0x01cc2784079d8ceb Faulting application
path: C:\Windows\syswow64\MsiExec.exe Faulting module path: QuickTime.qts Report
Id: 47f65bea-9377-11e0-8c4f-d8c1d8dffdf5

Error - 6/10/2011 11:40:57 AM | Computer Name = Chris-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 6/10/2011 2:23:45 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
id: 0x734 Faulting application start time: 0x01cc2784fa23f4b9 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: c62b03a7-938e-11e0-9348-a5b2074425ef

Error - 6/11/2011 3:34:04 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mcshield.exe, version: 14.2.0.723, time
stamp: 0x4b437b54 Faulting module name: mcshield.exe, version: 14.2.0.723, time
stamp: 0x4b437b54 Exception code: 0xc000041d Fault offset: 0x000000000000976a Faulting
process id: 0xa9c Faulting application start time: 0x01cc2855653971e1 Faulting application
path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Faulting module
path: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe Report Id: c3b4173b-9461-11e0-90ab-be0154a50efa

Error - 6/11/2011 4:13:50 PM | Computer Name = Chris-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 350 Start
Time: 01cc287002ba6d55 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 6/11/2011 4:44:20 PM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
id: 0x5a0 Faulting application start time: 0x01cc28770ff6ffa2 Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: 943c346e-946b-11e0-8910-ddfacceaabf2

Error - 6/12/2011 2:39:46 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
id: 0x31c Faulting application start time: 0x01cc2890d6a58a2e Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: c2a02e8d-94be-11e0-9603-d4e26e09fbf3

Error - 6/12/2011 3:09:07 AM | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McSvHost.exe, version: 1.5.109.0, time
stamp: 0x4b97baf1 Faulting module name: mpfsvc.dll, version: 11.5.135.0, time stamp:
0x4c575e72 Exception code: 0xc00000fd Fault offset: 0x0000000000081e29 Faulting process
id: 0x75c Faulting application start time: 0x01cc28ce1164f3ba Faulting application
path: C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe Faulting module
path: c:\PROGRA~1\mcafee\mpf\mpfsvc.dll Report Id: dc516b2a-94c2-11e0-921f-b0c39bf750e7

[ Dell Events ]
Error - 9/30/2010 2:54:32 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/30/2010 2:54:32 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/29/2010 1:39:45 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/29/2010 1:39:45 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/7/2010 9:06:18 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 11/7/2010 9:06:18 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/16/2010 5:22:15 PM | Computer Name = Chris-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 6/12/2011 4:41:53 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/12/2011 4:50:58 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/12/2011 4:51:06 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/12/2011 4:52:15 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Dock Login Service service failed to start due to the following
error: %%2

Error - 6/12/2011 4:52:19 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 6/12/2011 4:53:05 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 6/12/2011 4:55:38 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
Description =

Error - 6/12/2011 4:55:49 PM | Computer Name = Chris-PC | Source = DCOM | ID = 10010
Description =

Error - 6/12/2011 5:01:07 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%31

Error - 6/12/2011 5:54:28 PM | Computer Name = Chris-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.


< End of report >
 
In the processes tab, when I go on Internet Explorer, a 2nd iexplore.exe shows up when I only have one window open. At times, random processes (iTunes, Internet Explorer, explorer.exe, and mcagent.exe) use up a lot more memory than they should, and slow down the computer.
Almost everytime I run windows, a process called 'pcdrcui.exe' eventually shows up and it's memory seems to grow more and more until I notice it on Task Manager and end the process (which is my temporary solution for these problems, they return soon enough).
Also, when I run iTunes, song playback is shoddy, glitchy, and almost sounds like the mp3 itself is slowing down. When I try watching videos online, such as on Youtube, I'll end up seeing a glitch on the screen, whatever audio is playing freezes and then the screen goes black, leaving me with no other option but to manually shut off and restart my computer. It has to do with the ATI driver, but uninstall/reinstall hasn't worked at all, so I assume it's involved with a bug in my system.
 
In the processes tab, when I go on Internet Explorer, a 2nd iexplore.exe shows up when I only have one window open.
This is normal. Starting with IE8, when you start IE, it'll open two iexplore.exe processes from the get go. Each new open tab will add another process.

pcdrcui.exe is a part of PC-Doctor included in Dell Support Center.
Dell Support Center is worthless resource hog and you can safely uninstall it.

=======================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2791717763-1036088866-559952292-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [EKIJ5000StatusMonitor] File not found
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [1 C:\Users\Chris\Documents\*.tmp files -> C:\Users\Chris\Documents\*.tmp -> ]
    @Alternate Data Stream - 92 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.metadata"kMDItemWhereFroms
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\what it's worth.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\to be or not to be.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\the pit.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\temptation.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\so serious.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\secret lovers.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rude girl.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #2 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rock cd #1 playlist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #2 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rnb cd #1 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #3 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #2 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\rap cd #1 tracklist.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\pouring down.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\outta my business.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\ny girls.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\no games.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my style.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\my chick bad.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\moment for life remix.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\mixed.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\make her say.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\latino.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\knockin boots.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\in the morning.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\im gettin it.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i need a beat.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\i miss you.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\hypnotized.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\handle biz.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\guess who.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin uphill.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\goin down.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\gangsta party.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\down for whatever.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\deuces.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\darkness before dawn.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\close your eyes.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\call me savior.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\being myself.docx:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\back to the boogie.rtf:AFP_AfpInfo
    @Alternate Data Stream - 60 bytes -> C:\Users\Chris\Documents\amazing.rtf:AFP_AfpInfo
    @Alternate Data Stream - 11 bytes -> C:\Users\Chris\Documents\New Wave.txt:com.apple.TextEncoding
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2791717763-1036088866-559952292-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EKIJ5000StatusMonitor deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Chris\Documents\~WRL3981.tmp deleted successfully.
Unable to delete ADS C:\Users\Chris\Documents\New Wave.txt:com.apple.metadata"kMDItemWhereFroms .
ADS C:\Users\Chris\Documents\what it's worth.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\to be or not to be.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\the pit.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\temptation.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\so serious.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\secret lovers.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rude girl.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rock cd #2 tracklist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rock cd #1 playlist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rnb cd #2 tracklist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rnb cd #1 tracklist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rap cd #3 tracklist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rap cd #2 tracklist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\rap cd #1 tracklist.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\pouring down.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\outta my business.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\ny girls.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\no games.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\my style.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\my chick bad.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\moment for life remix.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\mixed.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\make her say.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\latino.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\knockin boots.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\in the morning.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\im gettin it.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\i need a beat.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\i miss you.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\hypnotized.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\handle biz.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\guess who.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\goin uphill.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\goin down.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\gangsta party.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\down for whatever.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\deuces.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\darkness before dawn.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\close your eyes.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\call me savior.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\being myself.docx:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\back to the boogie.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\amazing.rtf:AFP_AfpInfo deleted successfully.
ADS C:\Users\Chris\Documents\New Wave.txt:com.apple.TextEncoding deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: .TemporaryItems
->Temp folder emptied: 0 bytes

User: All Users

User: Chris
->Temp folder emptied: 1307245 bytes
->Temporary Internet Files folder emptied: 588519330 bytes
->Java cache emptied: 10617379 bytes
->FireFox cache emptied: 48393984 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 504 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 119119 bytes
RecycleBin emptied: 5095778 bytes

Total Files Cleaned = 624.00 mb


[EMPTYFLASH]

User: .TemporaryItems

User: All Users

User: Chris
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.24.0 log created on 06132011_164049

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee SecurityCenter
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Status
Not open for further replies.
Back