Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Researcher Discloses "Unpatchable" Nintendo Switch Exploit

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Google search being redirected in Firefox

Started by hootmon , Feb 23 2010 05:48 PM

This topic is locked

21 replies to this topic

#1 hootmon

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 23 February 2010 - 05:48 PM

For the past several days my Google search results on Firefox 3.6 are being randomly redirected to other sites. I have tried disabling the Firefox extensions but that does not change the search behavior. I am running Win 7 Home Premium on a three month old x64 computer; security software is McAfee Security Center which has not detected a problem.

Successfully ran dds.scr and created both reports. Ran gmer.exe but did not run to completion: error message said "C:\Windows\System32\config\system: the system cannot find the file specified"

Here is the dds file. Attach.zip is attached.

DDS (Ver_09-12-01.01) - NTFSX64
Run by Rob at 14:07:14.37 on Tue 02/23/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8183.5956 [GMT -8:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Zune\ZuneLauncher.exe
K:\Minor Programs\A-M\Copernic\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files (x86)\FairStars Recorder\FSRecSched.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\NMSAccessU.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\notepad.exe
K:\Minor Programs\A-M\EditPadLite\EditPadLite.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\PayPal\PayPal Plug-In\RBroker.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
K:\Communications\Agent\agent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rob\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nytimes.com/
uSearch Bar = res://c:\program files (x86)\copernic agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~2\copern~1\COPERN~1.DLL
uURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mURLSearchHooks: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files (x86)\paypal\paypal plug-in\PayPalHelper.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files (x86)\paypal\paypal plug-in\OToolbar.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - k:\minor programs\a-m\copernic\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
TB: MyAshampoo Toolbar: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - c:\program files (x86)\myashampoo\tbMyAs.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files (x86)\copernic agent\CopernicAgentExt.dll
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - k:\minor programs\a-m\copernic\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files (x86)\copernic agent\CopernicAgentExt.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - k:\minor programs\a-m\copernic\copernic desktop search - home\DeskbandIntegration302010008.dll
EB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\program files (x86)\copernic agent\CopernicAgentExt.dll
uRun: [Copernic Desktop Search - Home] "k:\minor programs\a-m\copernic\copernic desktop search - home\DesktopSearchService.exe" /tray
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [nvrsctl97] rundll32.exe "c:\users\rob\appdata\local\nvrsctl97\nvrsctl97.dll", DllInit
uRun: [MNEI] c:\directory\msupdt\install\ms89321.exe
uRun: [Device Detector] DevDetect.exe -autorun
uRun: [WindowsNT Service] WindowsNT Service.exe
uRun: [Windows File Protection] Windows File Protection.exe
mRun: [ShwiconXP9106] c:\program files (x86)\multimedia card reader(9106)\ShwiconXP9106.exe
mRun: [VolPanel] "c:\program files (x86)\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [KEWN] c:\directory\msupdt\install\ms89321.exe
mRun: [TrueImageMonitor.exe] c:\program files (x86)\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
uExplorerRun: [Policies] c:\directory\msupdt\install\ms89321.exe
mExplorerRun: [Policies] c:\directory\msupdt\install\ms89321.exe
StartupFolder: c:\users\rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\rob\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\fairst~1.lnk - c:\program files (x86)\fairstars recorder\FSRecSched.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - k:\majorp~1\msoffice\office10\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files (x86)\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~2\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~2\copern~1\COPERN~1.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
mASetup: {8V3B1XIV-VJ27-24OT-06GW-L5MF5SD3IGDQ} - c:\directory\msupdt\install\ms89321.exe
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
TB-X64: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun-x64: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\kwunhbd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files (x86)\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - component: k:\minor programs\a-m\copernic\copernic desktop search - home\firefoxconnector\components\CSPXPCOMBridge.dll
FF - plugin: c:\program files (x86)\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2010-1-9 151072]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-29 55280]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-2-10 1477728]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-2-2 308296]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe [2010-2-10 2480048]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe [2010-2-3 110312]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-2-2 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-2-2 155456]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-2-10 251488]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-10-29 317480]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-2-2 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-2-2 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-2-2 49480]
R3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-10-29 639512]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-11-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-10-29 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\MT6Licensing.exe [2009-11-7 79360]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-1-2 51120]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-2-2 40904]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]

=============== Created Last 30 ================

2010-02-23 01:38:36 32 ----a-w- c:\users\rob\defogger_reenable
2010-02-21 20:08:06 6521737931 ----a-w- c:\windows\MEMORY.DMP
2010-02-21 18:14:27 0 d-----w- c:\program files (x86)\common files\Copernic
2010-02-21 18:14:26 109782 ----a-w- c:\windows\CopernicAgentUninstall.exe
2010-02-21 18:14:26 0 d-----w- c:\program files (x86)\Copernic Agent
2010-02-17 22:29:58 0 d-----w- c:\program files (x86)\FairStars Recorder
2010-02-16 20:12:12 0 d-----w- c:\users\rob\appdata\roaming\GlarySoft
2010-02-16 20:12:11 0 d-----w- c:\program files (x86)\Absolute Uninstaller
2010-02-14 23:55:29 0 d-----w- c:\users\rob\appdata\roaming\Foxit
2010-02-14 23:55:02 0 d-----w- c:\program files (x86)\Foxit Software
2010-02-13 22:37:34 0 d-----w- c:\users\rob\appdata\roaming\Icons and Cursors
2010-02-13 22:27:26 0 d-----w- c:\program files\Microangelo Toolset 6
2010-02-10 16:07:41 0 d-----w- c:\programdata\Acronis
2010-02-10 15:46:14 251488 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-02-10 15:46:11 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-02-10 15:46:08 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-02-10 15:45:58 257120 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-02-10 04:15:42 0 d-----w- c:\users\rob\appdata\roaming\ACD Systems
2010-02-10 04:13:24 0 d-----w- c:\programdata\ACD Systems
2010-02-10 04:12:57 0 d-----w- c:\program files (x86)\common files\ACD Systems
2010-02-10 04:12:57 0 d-----w- c:\program files (x86)\ACD Systems
2010-02-10 04:09:31 385024 ----a-w- c:\users\rob\appdata\roaming\2354676.exe
2010-02-10 04:04:14 57633800 ----a-w- c:\users\rob\appdata\roaming\setup.exe
2010-02-10 04:04:04 175104 ----a-w- c:\users\rob\appdata\roaming\SQLite3.dll
2010-02-10 04:03:59 0 d-----w- C:\directory
2010-02-03 17:03:43 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-02-03 17:03:43 0 d-----w- c:\program files (x86)\MagicDisc
2010-02-03 16:16:48 4199784 ----a-w- c:\windows\syswow64\cdintf400.dll
2010-02-03 03:23:20 15863 ----a-w- c:\windows\system32\Config.MPF
2010-02-03 03:23:05 0 d-----w- c:\programdata\SiteAdvisor
2010-02-03 03:21:16 40904 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-03 03:21:14 49480 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-03 03:21:14 308296 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-03 03:21:14 102472 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-03 03:21:10 176144 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-02-03 03:20:42 0 d-----w- c:\program files (x86)\common files\McAfee
2010-02-03 03:20:41 0 d-----w- c:\program files\McAfee
2010-02-03 03:20:40 0 d-----w- c:\program files\common files\McAfee
2010-02-03 03:20:38 0 d-----w- c:\program files (x86)\McAfee.com
2010-02-03 01:46:34 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-02-03 00:42:59 65536 --sha-w- c:\users\rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TM.blf
2010-02-03 00:42:59 524288 --sha-w- c:\users\rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
2010-02-03 00:42:59 524288 --sha-w- c:\users\rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
2010-02-03 00:22:36 0 d-----w- c:\users\rob\appdata\roaming\SmartDraw
2010-02-03 00:16:33 0 d-----w- C:\SmartDraw 2010
2010-02-01 23:35:58 65536 --sha-w- c:\users\rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TM.blf
2010-02-01 23:35:58 524288 --sha-w- c:\users\rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
2010-02-01 23:35:58 524288 --sha-w- c:\users\rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
2010-01-31 19:54:58 71096 ----a-w- c:\windows\syswow64\NMSAccessU.exe
2010-01-31 19:54:58 17408 ----a-w- c:\windows\syswow64\SyncBackPro.dll
2010-01-31 19:54:57 0 d-----w- c:\program files (x86)\2BrightSparks
2010-01-31 19:06:16 65536 --sha-w- c:\users\rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TM.blf
2010-01-31 19:06:16 524288 --sha-w- c:\users\rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
2010-01-31 19:06:16 524288 --sha-w- c:\users\rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
2010-01-27 17:05:31 0 d-----r- c:\users\rob\Podcasts
2010-01-27 15:04:16 758272 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-01-27 15:04:16 547840 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2010-01-27 14:58:34 2870272 ----a-w- c:\windows\explorer.exe
2010-01-27 14:58:33 389632 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 14:58:33 352256 --sh--r- c:\users\rob\appdata\roaming\Windows File Protection.exe
2010-01-27 14:58:33 2614272 ----a-w- c:\windows\syswow64\explorer.exe
2010-01-27 14:58:33 188416 --sh--r- c:\users\rob\appdata\roaming\WindowsNT Service.exe

==================== Find3M ====================

2010-02-23 21:46:39 242214 ---ha-w- c:\users\rob\appdata\roaming\logs.dat
2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-01-12 23:27:13 868848 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-09 17:11:20 128045 ----a-w- c:\windows\cscmon.bin
2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-07 23:24:16 470240 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 17:26:54 22280 ----a-w- c:\windows\system32\cnat.exe
2010-01-06 01:38:06 151072 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2010-01-04 20:11:24 61224 ----a-w- c:\users\rob\GoToAssistDownloadHelper.exe
2009-12-20 04:05:48 249856 ------w- c:\windows\Setup1.exe
2009-12-20 04:05:46 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-18 08:09:00 36168 ----a-w- c:\windows\system32\uxtD29A.tmp
2009-12-16 19:50:36 87552 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2009-12-16 19:50:36 56832 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2009-12-16 19:50:36 346624 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2009-12-16 19:50:36 19968 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2009-12-16 19:50:36 188416 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2009-12-16 19:50:36 13312 ----a-w- c:\windows\system32\ZunePTDNS.dll
2009-12-01 02:02:40 171144 ----a-w- c:\windows\syswow64\xliveinstall.dll
2009-12-01 02:02:38 72840 ----a-w- c:\windows\syswow64\xliveinstallhost.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 14:07:41.19 ===============

Attached Files

Attach.zip 2.91KB 10 downloads

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:06:03 AM

Posted 24 February 2010 - 10:04 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

We need to create an OTL Report

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
Copy and Paste the following code into the textbox. Do not include the word "Code"

CODE
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
Push
A report will open. Copy and Paste that report in your next reply.
Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

=============

With your next post please provide:

* OTL.txt
* Extra.txt

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 24 February 2010 - 11:07 PM

OTL logfile created on: 2/24/2010 7:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 11.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.98 Gb Total Space | 332.69 Gb Free Space | 85.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 276.93 Gb Free Space | 59.46% Space Free | Partition Type: NTFS
Drive K: | 76.17 Gb Total Space | 75.02 Gb Free Space | 98.49% Space Free | Partition Type: NTFS
Drive L: | 78.05 Gb Total Space | 24.37 Gb Free Space | 31.23% Space Free | Partition Type: NTFS

Computer Name: HOME-PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/24 19:30:31 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2010/02/10 07:46:12 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/02/04 07:25:56 | 003,089,920 | ---- | M] (Copernic Inc.) -- K:\Minor Programs\A-M\Copernic\Copernic Desktop Search - Home\DesktopSearch.exe
PRC - [2010/02/04 07:25:44 | 001,594,368 | ---- | M] (Copernic Inc.) -- K:\Minor Programs\A-M\Copernic\Copernic Desktop Search - Home\DesktopSearchService.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/11/12 03:49:16 | 000,361,632 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/12 03:48:30 | 005,106,904 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/11/03 14:03:04 | 000,603,472 | ---- | M] (ACD Systems International Inc.) -- C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\explorer.exe
PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/07/17 13:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/06/24 17:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/01 12:53:08 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\PayPal\PayPal Plug-In\RBroker.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/02/03 08:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Windows\SysWOW64\NMSAccessU.exe
PRC - [2008/02/20 01:04:26 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\FairStars Recorder\FSRecSched.exe
PRC - [2008/02/18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/02/24 19:30:31 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/13 17:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/11/04 16:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/10/28 11:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2009/10/23 19:44:42 | 002,430,304 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2009/07/13 17:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 17:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 17:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 17:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 17:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 17:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 17:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 17:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 17:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 17:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 17:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 17:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 17:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 17:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/07/13 17:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV:64bit: - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/02/10 07:46:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/12/08 14:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/12 03:50:24 | 000,894,136 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/11/07 06:10:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/11/07 06:08:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 09:59:21 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 19:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 12:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/26 08:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 12:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/30 09:59:38 | 000,074,392 | ---- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/02/28 17:07:48 | 000,529,704 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008/02/18 16:29:12 | 000,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2006/12/19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/10 07:46:14 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/02/10 07:46:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010/02/10 07:46:08 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010/02/10 07:45:58 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/01/12 15:27:13 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/05 17:38:06 | 000,151,072 | ---- | M] (COMODO Security Solutions Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2009/12/17 14:58:04 | 000,145,360 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/11/04 16:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/11/04 16:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/11/04 16:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV:64bit: - [2009/10/21 01:04:36 | 000,051,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2009/07/26 22:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/07/16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 17:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 17:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 17:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 17:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 17:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/07/13 16:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 16:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 16:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 16:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 16:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 16:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 16:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 16:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/07/13 16:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 16:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUSB)
DRV:64bit: - [2009/07/13 16:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 16:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 16:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 16:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 16:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 15:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 15:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 15:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 15:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 15:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 15:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 15:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/20 04:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/01 13:50:52 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUSB)
DRV - [2009/07/13 17:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/26 07:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)
DRV - [2009/06/10 13:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 13:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-320342441-919425061-4168697645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-320342441-919425061-4168697645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
IE - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-320342441-919425061-4168697645-1000\S-1-5-21-320342441-919425061-4168697645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {2bfc8624-5b8a-4060-b86a-e78ccbc38509}:2.0
FF - prefs.js..extensions.enabledItems: CLEO@guid.customsoftwareconsult.com:4.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.5
FF - prefs.js..extensions.enabledItems: {83D65D9A-9CCA-439B-9E4A-EC1FE481B443}:3.0.3.12
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: locationbar2@design-noir.de:1.0.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.47
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: paypalfirefoxplugin@orbiscom:2.2.26.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.3.3rc3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5b1
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.2
FF - prefs.js..extensions.enabledItems: {748c4950-24f2-11de-8c30-0800200c9a66}:2.0.6

FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files (x86)\PayPal\PayPal Plug-In [2010/02/15 21:52:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/02/17 22:09:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/01/21 11:22:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/14 15:55:29 | 000,000,000 | ---D | M]

[2009/12/15 20:12:32 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2009/12/15 20:12:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/12/16 19:15:22 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Newest profiles\Profiles\5y8v0wdf.default\extensions
[2010/02/23 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions
[2010/01/31 11:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/01/17 17:21:19 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/12/16 19:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe80}
[2010/02/23 21:06:55 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/12/22 09:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{2bfc8624-5b8a-4060-b86a-e78ccbc38509}
[2009/12/16 19:25:08 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/12/16 19:25:08 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/01/26 19:46:40 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010/02/13 11:16:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/22 20:37:29 | 000,000,000 | ---D | M] (Stratini) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{748c4950-24f2-11de-8c30-0800200c9a66}
[2010/01/21 11:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2010/02/22 20:37:29 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009/12/16 19:25:09 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/01/08 09:04:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/16 19:25:13 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2009/12/16 19:25:03 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\CLEO@guid.customsoftwareconsult.com
[2010/01/08 21:12:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\locationbar2@design-noir.de
[2010/02/22 20:37:35 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\noia2_option@kk.noia
[2010/01/21 11:38:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\personas@christopher.beard
[2010/02/06 19:07:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\silvermel@pardal.de
[2010/02/06 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\silvermelxt@pardal.de
[2010/02/22 20:37:35 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\extensions\sxipper@sxip.com
[2009/10/04 20:14:54 | 000,002,172 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\bing.xml
[2008/06/12 08:31:12 | 000,002,452 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\google-windows-related-site-search.xml
[2010/02/24 08:51:56 | 000,002,097 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\ngindex-files.xml
[2010/02/24 08:51:56 | 000,002,145 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\ngindex-nfos.xml
[2010/02/24 08:51:56 | 000,002,091 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\ngindex-sets.xml
[2007/07/13 15:15:06 | 000,002,386 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\siteadvisor.xml
[2008/06/12 08:32:30 | 000,001,473 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\searchplugins\windowssecretscom.xml
[2009/12/16 19:15:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/14 15:54:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files (x86)\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - K:\Minor Programs\A-M\Copernic\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000315.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files (x86)\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KEWN] c:\directory\msupdt\install\ms89321.exe (qFyiPSnPTis)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-320342441-919425061-4168697645-1000..\Run: [Copernic Desktop Search - Home] K:\Minor Programs\A-M\Copernic\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKU\S-1-5-21-320342441-919425061-4168697645-1000..\Run: [Device Detector] File not found
O4 - HKU\S-1-5-21-320342441-919425061-4168697645-1000..\Run: [MNEI] C:\directory\msupdt\install\ms89321.exe (qFyiPSnPTis)
O4 - HKU\S-1-5-21-320342441-919425061-4168697645-1000..\Run: [nvrsctl97] C:\Users\Rob\AppData\Local\nvrsctl97\nvrsctl97.DLL ()
O4 - HKU\S-1-5-21-320342441-919425061-4168697645-1000..\Run: [Windows File Protection] File not found
O4 - HKU\S-1-5-21-320342441-919425061-4168697645-1000..\Run: [WindowsNT Service] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\msupdt\install\ms89321.exe (qFyiPSnPTis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = c:\directory\msupdt\install\ms89321.exe (qFyiPSnPTis)
O7 - HKU\S-1-5-21-320342441-919425061-4168697645-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-320342441-919425061-4168697645-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - K:\Major Programs\MSOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - K:\Major Programs\MSOffice\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-320342441-919425061-4168697645-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/13 13:36:13 | 000,000,067 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 19:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {466D9A41-089B-285B-04B7-75D7865A60EB} - Microsoft Windows Media Player 12.0
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8V3B1XIV-VJ27-24OT-06GW-L5MF5SD3IGDQ} - c:\directory\msupdt\install\ms89321.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: VIDC.ACDV - ACDV.dll File not found
Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 19:30:30 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2010/02/24 09:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Copernic Agent
[2010/02/23 20:32:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/02/23 20:32:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/02/23 20:32:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/02/23 20:32:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/02/23 20:32:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/02/23 20:32:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/02/23 20:32:10 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/23 20:32:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/23 20:32:02 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/02/23 20:32:02 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/02/23 20:32:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/02/23 20:32:02 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/02/23 20:32:02 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/02/23 20:32:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/02/23 20:32:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/02/21 12:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/21 10:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Copernic
[2010/02/17 21:20:34 | 000,000,000 | R-SD | C] -- L:\Data Files\My Documents\My Stationery
[2010/02/17 14:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FairStars Recorder
[2010/02/16 12:12:12 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\GlarySoft
[2010/02/16 12:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Uninstaller
[2010/02/14 15:55:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Foxit
[2010/02/14 15:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010/02/13 14:37:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Microangelo Toolset 6
[2010/02/13 14:37:34 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Icons and Cursors
[2010/02/13 14:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microangelo Toolset 6
[2010/02/12 12:57:47 | 000,000,000 | ---D | C] -- L:\Data Files\My Documents\MyBackups
[2010/02/10 08:42:32 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/10 08:42:32 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/10 08:42:32 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/10 08:42:32 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/10 08:42:32 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/10 08:42:32 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/10 08:42:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/10 08:42:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/10 08:42:32 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/10 08:42:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/10 08:42:32 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/10 08:42:32 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/10 08:42:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/10 08:42:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/10 08:42:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/10 08:42:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/10 08:42:31 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/02/10 08:42:31 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/10 08:42:31 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/10 08:42:31 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/10 08:42:31 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/10 08:42:31 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/02/10 08:42:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/02/10 08:42:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/02/10 08:42:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/10 08:08:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Acronis
[2010/02/10 08:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/02/10 07:46:14 | 000,251,488 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/02/10 07:46:11 | 001,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010/02/10 07:46:08 | 000,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/02/10 07:45:58 | 000,257,120 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/02/10 07:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010/02/10 07:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010/02/09 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ACD Systems
[2010/02/09 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\ACD Systems
[2010/02/09 20:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2010/02/09 20:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems
[2010/02/09 20:12:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems
[2010/02/09 20:09:31 | 000,385,024 | ---- | C] (qFyiPSnPTis) -- C:\Users\Rob\AppData\Roaming\2354676.exe
[2010/02/09 20:04:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Downloaded Installations
[2010/02/09 20:04:14 | 057,633,800 | ---- | C] (ACD Systems International Inc. ) -- C:\Users\Rob\AppData\Roaming\setup.exe
[2010/02/09 20:03:59 | 000,000,000 | ---D | C] -- C:\directory
[2010/02/03 09:03:43 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010/02/03 09:03:43 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010/02/03 09:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010/02/03 08:16:48 | 004,199,784 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2010/02/02 19:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2010/02/02 19:21:16 | 000,040,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdk.sys
[2010/02/02 19:21:14 | 000,308,296 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2010/02/02 19:21:14 | 000,102,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/02/02 19:21:14 | 000,049,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfesmfk.sys
[2010/02/02 19:21:10 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2010/02/02 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/02/02 19:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/02/02 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/02/02 19:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/02/02 16:22:36 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\SmartDraw
[2010/02/02 16:16:33 | 000,000,000 | ---D | C] -- C:\SmartDraw 2010
[2010/01/31 11:54:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\2BrightSparks
[2010/01/31 11:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2BrightSparks
[2010/01/27 09:05:31 | 000,000,000 | R--D | C] -- C:\Users\Rob\Podcasts
[2010/01/27 07:04:16 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PortableDeviceApi.dll
[2010/01/27 07:04:16 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PortableDeviceApi.dll
[2010/01/27 06:58:34 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/01/27 06:58:33 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/01/27 06:58:33 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/01/27 06:58:33 | 000,352,256 | RHS- | C] (Windows NT Kernel) -- C:\Users\Rob\AppData\Roaming\Windows File Protection.exe
[2010/01/27 06:58:33 | 000,188,416 | RHS- | C] (Symantec GmBH) -- C:\Users\Rob\AppData\Roaming\WindowsNT Service.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 19:46:19 | 003,145,728 | -HS- | M] () -- C:\Users\Rob\ntuser.dat
[2010/02/24 19:41:00 | 000,276,299 | -H-- | M] () -- C:\Users\Rob\AppData\Roaming\logs.dat
[2010/02/24 19:30:31 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2010/02/24 19:26:22 | 000,016,183 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/02/24 19:25:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/24 09:46:02 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\COMODO System Cleaner Update.job
[2010/02/24 09:23:30 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 09:23:30 | 000,019,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 09:16:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/24 09:16:06 | 2140,495,871 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/24 09:15:11 | 006,291,456 | -H-- | M] () -- C:\Users\Rob\AppData\Local\IconCache.db
[2010/02/24 09:14:58 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/02/23 14:10:12 | 000,002,979 | ---- | M] () -- C:\Users\Rob\Desktop\Attach.zip
[2010/02/22 19:06:59 | 000,284,915 | ---- | M] () -- C:\Users\Rob\Desktop\gmer.zip
[2010/02/22 18:44:04 | 000,524,288 | ---- | M] () -- C:\Users\Rob\Desktop\dds.scr
[2010/02/22 17:38:36 | 000,000,032 | ---- | M] () -- C:\Users\Rob\defogger_reenable
[2010/02/22 17:35:25 | 000,050,477 | ---- | M] () -- C:\Users\Rob\Desktop\Defogger.exe
[2010/02/21 12:08:06 | 2226,770,634 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/17 14:30:00 | 000,001,107 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FairStars Record Schedule.lnk
[2010/02/15 01:17:12 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/02/12 15:38:19 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\Word Docs.job
[2010/02/10 07:46:14 | 000,251,488 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010/02/10 07:46:11 | 001,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010/02/10 07:46:08 | 000,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010/02/10 07:45:58 | 000,257,120 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010/02/09 20:09:55 | 057,633,800 | ---- | M] (ACD Systems International Inc. ) -- C:\Users\Rob\AppData\Roaming\setup.exe
[2010/02/09 20:09:31 | 000,385,024 | ---- | M] (qFyiPSnPTis) -- C:\Users\Rob\AppData\Roaming\2354676.exe
[2010/02/09 20:04:04 | 000,175,104 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\SQLite3.dll
[2010/02/03 14:24:40 | 000,000,991 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/02/03 14:22:02 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/02/03 08:16:46 | 000,000,166 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2010/02/02 16:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
[2010/02/02 16:49:33 | 000,524,288 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
[2010/02/02 16:49:33 | 000,065,536 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TM.blf
[2010/02/02 16:40:44 | 000,524,288 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
[2010/02/02 16:40:44 | 000,524,288 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
[2010/02/02 16:40:44 | 000,065,536 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TM.blf
[2010/02/01 15:34:01 | 000,524,288 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
[2010/02/01 15:34:01 | 000,524,288 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
[2010/02/01 15:34:01 | 000,065,536 | -HS- | M] () -- C:\Users\Rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TM.blf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/24 09:37:13 | 000,109,782 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2010/02/24 09:14:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/02/23 14:10:12 | 000,002,979 | ---- | C] () -- C:\Users\Rob\Desktop\Attach.zip
[2010/02/22 19:07:36 | 000,293,376 | ---- | C] () -- C:\Users\Rob\Desktop\gmer.exe
[2010/02/22 19:06:58 | 000,284,915 | ---- | C] () -- C:\Users\Rob\Desktop\gmer.zip
[2010/02/22 18:43:59 | 000,524,288 | ---- | C] () -- C:\Users\Rob\Desktop\dds.scr
[2010/02/22 17:38:36 | 000,000,032 | ---- | C] () -- C:\Users\Rob\defogger_reenable
[2010/02/22 17:37:23 | 000,050,477 | ---- | C] () -- C:\Users\Rob\Desktop\Defogger.exe
[2010/02/21 12:08:06 | 2226,770,634 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/17 14:30:00 | 000,001,107 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FairStars Record Schedule.lnk
[2010/02/12 15:36:01 | 000,000,428 | ---- | C] () -- C:\Windows\tasks\Word Docs.job
[2010/02/09 20:04:04 | 000,175,104 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\SQLite3.dll
[2010/02/03 09:04:15 | 000,000,991 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/02/02 19:23:20 | 000,016,183 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/02/02 19:20:59 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/02/02 19:20:54 | 000,000,314 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/02/02 16:42:59 | 000,524,288 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
[2010/02/02 16:42:59 | 000,524,288 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
[2010/02/02 16:42:59 | 000,065,536 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{8213f01c-0f8a-11df-b9ec-002564d9d515}.TM.blf
[2010/02/01 15:35:58 | 000,524,288 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
[2010/02/01 15:35:58 | 000,524,288 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
[2010/02/01 15:35:58 | 000,065,536 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{ab098773-0e9b-11df-9229-002564d9d515}.TM.blf
[2010/01/31 11:54:58 | 000,071,096 | ---- | C] () -- C:\Windows\SysWow64\NMSAccessU.exe
[2010/01/31 11:54:58 | 000,017,408 | ---- | C] () -- C:\Windows\SysWow64\SyncBackPro.dll
[2010/01/31 11:06:16 | 000,524,288 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TMContainer00000000000000000002.regtrans-ms
[2010/01/31 11:06:16 | 000,524,288 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TMContainer00000000000000000001.regtrans-ms
[2010/01/31 11:06:16 | 000,065,536 | -HS- | C] () -- C:\Users\Rob\ntuser.dat{eceac09d-0e9a-11df-beb2-002564d9d515}.TM.blf
[2009/12/30 14:54:29 | 000,000,042 | ---- | C] () -- C:\Windows\smr14ShlExt.ini
[2009/12/20 07:32:12 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/12/10 21:55:22 | 000,002,120 | ---- | C] () -- C:\Users\Rob\AppData\Local\rx_audio.Cache
[2009/12/10 21:55:22 | 000,000,072 | ---- | C] () -- C:\Users\Rob\AppData\Local\rx_image32.Cache
[2009/11/17 13:52:52 | 000,007,609 | ---- | C] () -- C:\Users\Rob\AppData\Local\resmon.resmoncfg
[2009/11/16 13:19:44 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\sablot.dll
[2009/11/16 13:19:44 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2009/11/15 19:24:30 | 000,024,744 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\addons.dat
[2009/11/14 19:12:03 | 000,004,608 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 15:26:46 | 000,000,091 | ---- | C] () -- C:\Users\Rob\AppData\Local\fusioncache.dat
[2009/11/09 15:23:47 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/11/07 16:08:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/11/07 15:19:06 | 000,000,166 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/10/29 10:00:01 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009/10/29 10:00:01 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009/10/29 09:59:57 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009/10/29 09:59:57 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009/10/29 09:59:57 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009/10/29 09:59:57 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009/10/29 09:59:57 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009/10/29 09:59:57 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009/10/29 09:59:57 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009/10/29 09:59:57 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009/10/29 09:59:57 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009/10/29 09:59:57 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009/10/29 09:59:57 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009/10/29 09:59:57 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009/10/29 09:59:57 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009/10/29 09:59:57 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009/10/29 09:59:57 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009/10/29 09:59:57 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009/10/29 09:59:57 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009/10/29 09:59:57 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009/10/29 09:59:57 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009/10/29 09:59:57 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009/08/26 05:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/10/07 06:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 06:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 06:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2005/04/07 18:16:43 | 000,276,299 | -H-- | C] () -- C:\Users\Rob\AppData\Roaming\logs.dat

========== LOP Check ==========

[2010/02/09 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ACD Systems
[2010/02/12 12:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Acronis
[2010/01/16 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo
[2010/01/11 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\BitTorrent
[2010/02/24 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Copernic
[2010/01/12 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Pro
[2009/12/22 09:07:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FairStars Audio Converter Pro
[2009/11/15 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FairStars Recorder
[2009/11/09 13:51:01 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Forte
[2010/02/14 15:55:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Foxit
[2009/12/26 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GHISLER
[2010/02/16 12:14:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GlarySoft
[2010/02/13 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Icons and Cursors
[2009/11/15 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\JGsoft
[2010/02/22 17:44:31 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\KeePass
[2009/12/10 16:34:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\MusicBrainz
[2009/12/10 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Musicmatch
[2009/12/29 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OverDrive
[2009/12/19 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\RGSystemFonts
[2009/11/28 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\runic games
[2010/02/02 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SmartDraw
[2010/02/23 22:16:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SolSuite
[2009/12/09 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SuperMP3Download
[2009/12/26 06:46:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TuneUp Software
[2009/12/16 09:07:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Uniblue
[2009/11/07 21:06:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2010/02/15 01:17:12 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/02/03 14:22:02 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/13 21:08:49 | 000,028,038 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/12 15:38:19 | 000,000,428 | ---- | M] () -- C:\Windows\Tasks\Word Docs.job

========== Purity Check ==========

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/02/09 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ACD Systems
[2010/02/12 12:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Acronis
[2009/11/07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Adobe
[2010/01/16 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ashampoo
[2010/01/11 20:24:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\BitTorrent
[2010/01/09 09:44:03 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ComodoGroup
[2010/02/24 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Copernic
[2009/11/06 16:28:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\CyberLink
[2010/01/12 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Pro
[2009/11/06 15:49:59 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Dell
[2009/12/22 09:07:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FairStars Audio Converter Pro
[2009/11/15 19:51:14 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FairStars Recorder
[2009/11/09 13:51:01 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Forte
[2010/02/14 15:55:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Foxit
[2009/12/26 07:24:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GHISLER
[2010/02/16 12:14:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GlarySoft
[2010/02/13 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Icons and Cursors
[2009/11/06 15:49:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Identities
[2009/11/08 15:39:08 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\InstallShield
[2009/11/09 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Intuit
[2009/11/15 19:14:52 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\JGsoft
[2010/02/22 17:44:31 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\KeePass
[2009/11/06 16:09:22 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Macromedia
[2009/12/22 09:19:22 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\McAfee
[2009/07/13 23:44:38 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Media Center Programs
[2010/01/01 09:16:33 | 000,000,000 | --SD | M] -- C:\Users\Rob\AppData\Roaming\Microsoft
[2009/11/06 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla
[2009/12/10 16:34:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\MusicBrainz
[2009/12/10 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Musicmatch
[2009/12/20 08:35:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Nero
[2009/12/29 21:50:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OverDrive
[2009/12/19 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\RGSystemFonts
[2010/02/02 11:14:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Roxio
[2009/11/28 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\runic games
[2010/02/02 16:41:59 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SmartDraw
[2010/02/23 22:16:16 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SolSuite
[2009/12/09 21:33:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SuperMP3Download
[2009/11/06 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Talkback
[2009/12/26 06:46:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TuneUp Software
[2009/12/16 09:07:36 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Uniblue
[2009/11/07 21:06:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2009/11/11 10:51:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010/02/09 20:09:31 | 000,385,024 | ---- | M] (qFyiPSnPTis) -- C:\Users\Rob\AppData\Roaming\2354676.exe
[2010/02/09 20:09:55 | 057,633,800 | ---- | M] (ACD Systems International Inc. ) -- C:\Users\Rob\AppData\Roaming\setup.exe
[2009/10/30 21:45:39 | 000,352,256 | RHS- | M] (Windows NT Kernel) -- C:\Users\Rob\AppData\Roaming\Windows File Protection.exe
[2009/10/30 21:45:39 | 000,188,416 | RHS- | M] (Symantec GmBH) -- C:\Users\Rob\AppData\Roaming\WindowsNT Service.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ClickCleaner.exe
[2009/11/17 10:12:52 | 000,017,542 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ContextMenuManager.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\DiskAnalyzer.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\DuplicateFilesFinder.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\FileSecurity.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\FileSplitter.exe
[2009/11/17 10:12:52 | 000,017,542 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\FreeMemory.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\IEManager.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\JunkFileCleaner.exe
[2009/11/17 10:12:52 | 000,005,430 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\LiveUpdate.exe
[2009/11/17 10:12:52 | 000,013,262 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\OptimizationWizard.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\PrivacyProtector.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ProcessManager.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RegistryCleaner.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RegistryDefrag.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RepairCenter.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\RunShortcutCreator.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\ServiceManager.exe
[2009/11/17 10:12:52 | 000,017,542 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\SmartUninstaller.exe
[2009/11/17 10:12:52 | 000,015,086 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\StartupManager.exe
[2009/11/17 10:12:52 | 000,010,134 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\SystemFolder_msiexec.exe
[2009/11/17 10:12:52 | 000,007,886 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\SystemInfo.exe
[2009/11/17 10:12:52 | 000,017,542 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\TaskSchedulerManager.exe
[2009/11/17 10:12:52 | 000,017,542 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\VisualCustomizer.exe
[2009/11/17 10:12:52 | 000,092,560 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\Windows7Manager.exe
[2009/11/17 10:12:52 | 000,013,262 | R--- | M] () -- C:\Users\Rob\AppData\Roaming\Microsoft\Installer\{D86B6C32-49BD-4A02-9C43-14E497018498}\WinUtilities.exe
[2010/02/20 09:13:27 | 000,177,024 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\kwunhbd7.default\FlashGot.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Drivers\storage\R230360\IaStor.sys
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 17:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
< End of report >

------------------

OTL Extras logfile created on: 2/24/2010 7:42:30 PM - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Users\Rob\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 11.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.98 Gb Total Space | 332.69 Gb Free Space | 85.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 276.93 Gb Free Space | 59.46% Space Free | Partition Type: NTFS
Drive K: | 76.17 Gb Total Space | 75.02 Gb Free Space | 98.49% Space Free | Partition Type: NTFS
Drive L: | 78.05 Gb Total Space | 24.37 Gb Free Space | 31.23% Space Free | Partition Type: NTFS

Computer Name: HOME-PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-320342441-919425061-4168697645-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- K:\Minor Programs\A-M\EditPadLite\EditPadLite.exe (Just Great Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "K:\Major Programs\MSOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "K:\Major Programs\MSOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "K:\Music Programs\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "K:\Music Programs\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "K:\Music Programs\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "K:\Major Programs\MSOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "K:\Major Programs\MSOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "K:\Music Programs\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "K:\Music Programs\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "K:\Music Programs\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{7E7F1A4F-781C-11DE-9EB8-005056C00008}" = Paragon Disk Wiper™ 2010
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{858CCC22-7029-4426-B4D5-58C38742EBD3}" = Diskeeper 2010 Pro Premier
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BD19E69F-0F87-46CD-AD8D-7A93903B01AC}" = O&O UnErase
"{C4763E4B-A575-4248-9411-CE3953D8512E}" = O&O PartitionManager Professional
"{CE63DE9D-2CBA-4B01-B3CF-FF06497403AD}" = Microangelo Toolset 6 (x64)
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{D86BF639-AFA1-462A-AB44-593F71A4D7E2}" = O&O SafeErase
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{12076ED5-921B-4231-9883-157092E6F2DA}" = Quicken Medical Expense Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259D789C-2A51-4CCE-AF8A-3377A6C1DF60}" = dtSearch
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{73317C31-2B6E-4B88-9865-B97C1331A39D}" = PayPal Plug-In
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DF0BE48-16F0-4E36-814D-9B4FDFFAF25F}" = PayPal Plug-In
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8
"{C7705C79-92DE-4B48-A64B-98C56E336191}" = COMODO System - Cleaner
"{C93170A0-CBF9-481F-B972-B4FA5AEE0E06}" = Sound Blaster X-Fi
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.8.0.636
"Active@ KillDisk FREE Suite" = Active@ KillDisk FREE Suite
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Ashampoo Music Studio 3" = Ashampoo Music Studio 3
"Ashampoo Music Studio 3_is1" = Ashampoo Music Studio 3 3.50
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.60
"AudioCS" = Creative Audio Control Panel
"BitTorrent" = BitTorrent
"CATraxx_is1" = CATraxx
"Copernic Agent Basic" = Copernic Agent Basic
"CopernicDesktopSearch2" = Copernic Desktop Search - Home
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DFX for Winamp" = DFX for Winamp
"Diagnostics 4_5" = Creative Diagnostics
"EditPad Lite" = Just Great Software EditPad Lite 6.5.2
"FairStars Audio Converter Pro_is1" = FairStars Audio Converter Pro 1.18
"FairStars Recorder_is1" = FairStars Recorder 3.32
"Forte Agent" = Forté Agent
"Foxit Reader" = Foxit Reader
"Host OpenAL" = Host OpenAL
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"jv16 PowerTools 2008_is1" = jv16 PowerTools 2008
"Karen's Directory Printer" = Karen's Directory Printer
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.09
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MoffCalc2_is1" = Moffsoft Calculator 2
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSC" = McAfee SecurityCenter
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"QuickPar" = QuickPar 0.9
"Ricochet Infinity_is1" = Ricochet Infinity
"Runic Games Torchlight" = Torchlight
"SolSuite Graphics Pack Volume 1_is1" = SolSuite Graphics Pack Volume 1 - v1.21
"SolSuite Graphics Pack Volume 2_is1" = SolSuite Graphics Pack Volume 2 - v2.13
"SolSuite_is1" = SolSuite 2008 v8.5
"SyncBackPro_is1" = SyncBackPro
"Tag&Rename_is1" = Tag&Rename 3.5.4
"TagScanner_is1" = TagScanner 5.1 build 555
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VueScan" = VueScan
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-320342441-919425061-4168697645-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ultra Tag Editor" = Ultra Tag Editor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/14/2010 4:30:21 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error - 2/14/2010 4:30:22 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 2/14/2010 4:30:22 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

Error - 2/14/2010 4:32:55 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/14/2010 4:33:38 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll".Error in manifest or policy
file "c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
on line 2. Invalid Xml syntax.

Error - 2/14/2010 8:28:39 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DevDetect.exe, version: 5.1.197.0, time
stamp: 0x4af0a891 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00720070 Faulting process id: 0xe58 Faulting application
start time: 0x01caadd5cca1936d Faulting application path: C:\Program Files (x86)\Common
Files\ACD Systems\EN\DevDetect.exe Faulting module path: unknown Report Id: 0fb05b0c-19c9-11df-ae4c-002564d9d515

Error - 2/14/2010 8:28:55 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3667, time
stamp: 0x4b5102f0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x24077bde Faulting process id: 0x1030 Faulting application
start time: 0x01caadd5da3ae65d Faulting application path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: 1940bfd5-19c9-11df-ae4c-002564d9d515

Error - 2/14/2010 8:28:55 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3667, time
stamp: 0x4b5102f0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x240d7bde Faulting process id: 0x1038 Faulting application
start time: 0x01caadd5da3ae65d Faulting application path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: 194098c5-19c9-11df-ae4c-002564d9d515

Error - 2/14/2010 8:28:55 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 1.9.2.3667, time
stamp: 0x4b5102f0 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x240d7bde Faulting process id: 0x1020 Faulting application
start time: 0x01caadd5da3ae65d Faulting application path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Faulting module path: unknown Report Id: 1940e6e5-19c9-11df-ae4c-002564d9d515

Error - 2/14/2010 8:28:55 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.16450,
time stamp: 0x4aeba271 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x24017bde Faulting process id:
0xcc4 Faulting application start time: 0x01caadd5d3667d35 Faulting application path:
C:\Windows\SysWOW64\explorer.exe Faulting module path: unknown Report Id: 1942fa25-19c9-11df-ae4c-002564d9d515

[ System Events ]
Error - 2/10/2010 12:07:28 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 2/10/2010 12:31:59 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 2/10/2010 12:54:19 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 2/10/2010 12:54:20 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 2/10/2010 7:20:07 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 2/10/2010 11:15:57 PM | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/11/2010 1:00:08 PM | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/11/2010 5:15:03 PM | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/11/2010 5:20:50 PM | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 2/12/2010 8:00:10 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee Inc. mferkdk service failed to start due to the following
error: %%127

< End of report >

#4 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:06:03 AM

Posted 25 February 2010 - 09:45 AM

Hello,

Please note....

P2P Warning

Your log indicates that you have Bitorrent installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Bitorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Please do this.........

Send me a copy of a suspicious file(s) for analysis

Please download the Suspicious File Packer.

Unzip it to the desktop and run it.
Copy and paste the contents of the codebox into the Suspicious File Packer window:

CODE

C:\Users\Rob\AppData\Local\nvrsctl97\nvrsctl97.DLL
C:\Users\Rob\AppData\Roaming\2354676.exe
C:\Users\Rob\AppData\Roaming\setup.exe

Allow SFP to pack the files. This will generate a CAB archive on your desktop.

Please go to here.
Where it asks for the "Link to topic where this file was requested" copy and paste the contents of the codebox.

CODE
http://www.bleepingcomputer.com/forums/t/298055/google-search-being-redirected-in-firefox/
Where it says "Browse to the file you want to submit", browse to the CAB archive that was created on your desktop.
The cab file will be called requested-files*.cab (the * stands for the date and hour).
Press the Send File button.

==========

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox. Do not include the word "Code"
CODE
:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"

:Commands
[emptytemp]
[Reboot]
Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

==========

With your next post please provide:

* Upload files successfully?
* OTL fix log
* MBAM log
* ESET log
* Still redirected?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#5 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 25 February 2010 - 11:21 PM

Uninstalled Bitorrent

---------------

Downloaded and ran SFP. When trying to send the .cab file there was a transmission error. Filled out and sent the contact form to bleepingcomputer.com. The cab file is requested-files[2010-02-25 19 17].cab; the size 54206KB.

---------------

Ran OTL: here is the report

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: AppData

User: ASPNET

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Public

User: Rob
->Temp folder emptied: 14180622 bytes
->Temporary Internet Files folder emptied: 271388912 bytes
->Java cache emptied: 37964772 bytes
->FireFox cache emptied: 116163234 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 36168 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531825 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68488 bytes
RecycleBin emptied: 679324776 bytes

Total Files Cleaned = 1,068.00 mb

OTL by OldTimer - Version 3.1.30.2 log created on 02252010_195037

Files\Folders moved on Reboot...
C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Rob\AppData\Local\Temp\~DF4F81BD13A8D3EE5E.TMP not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\~DFB876B7DD8D4972CA.TMP not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\~DFD2843052B377493E.TMP not found!
File\Folder C:\Users\Rob\AppData\Local\Temp\~DFF166D4328A7E83F8.TMP not found!
File\Folder C:\Windows\temp\mcafee_HhvMNqL3Cg1UJ0z not found!
File\Folder C:\Windows\temp\mcmsc_BXXIVjJCUYwixGa not found!
File\Folder C:\Windows\temp\mcmsc_ddFDIhtdfTX9hy7 not found!
File\Folder C:\Windows\temp\mcmsc_uAfHJXqj2yIplv1 not found!
File\Folder C:\Windows\temp\sqlite_9Cq6Vx0i70WrVmY not found!
File\Folder C:\Windows\temp\sqlite_DrxBXVTw2qjQ15T not found!
File\Folder C:\Windows\temp\sqlite_eMSR9dsQggyTLVh not found!
File\Folder C:\Windows\temp\sqlite_tQUZELlrbZtj0lf not found!

Registry entries deleted on Reboot...

#6 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 26 February 2010 - 12:19 AM

Will send MBAM and ESET next post tomorrow.

#7 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 26 February 2010 - 11:31 PM

~t

The mbam ran to completion and several infections were removed: some during processing and the rest on reboot.

Eset completed with no threats found.

And Google is running normally with zero redirections today. The problem seems to be completely solved.

I am really impressed with the help you have given me and happy to have found bleepingcomputer.com. I would like to send a donation to support bleepingcomputer.com if you could tell me of a way to do so. Thanks again for your help!

--------------

Here is the mbam report:

Malwarebytes' Anti-Malware 1.44
Database version: 3794
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/25/2010 8:31:21 PM
mbam-log-2010-02-25 (20-31-21).txt

Scan type: Quick Scan
Objects scanned: 116867
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 8
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8v3b1xiv-vj27-24ot-06gw-l5mf5sd3igdq} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnei (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kewn (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvrsctl97 (Password.Stealer.FB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowsnt service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\OLE\windowsnt service (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows file protection (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\directory\msupdt\install (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
C:\Users\Rob\Local Settings\Application Data\nvrsctl97 (Password.Stealer.FB) -> Delete on reboot.

Files Infected:
c:\directory\msupdt\install\ms89321.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Users\Rob\Local Settings\Application Data\nvrsctl97\nvrsctl97.dll (Password.Stealer.FB) -> Delete on reboot.
C:\Users\Rob\AppData\Roaming\WindowsNT Service.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Roaming\Windows File Protection.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.
C:\Users\Rob\AppData\Roaming\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\nvrsctl97\nvrsctl97.dll (Adware.Agent.N) -> Delete on reboot.

#8 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:06:03 AM

Posted 27 February 2010 - 03:46 PM

Well done.

QUOTE

I am really impressed with the help you have given me and happy to have found bleepingcomputer.com. I would like to send a donation to support bleepingcomputer.com if you could tell me of a way to do so. Thanks again for your help!

You are very welcome. It is my pleasure to assist you. All the helpers around here work independently. Some take donations. I do not. I do this because I enjoy helping others and like to share my expertize.

I do have a request though. Please give serious consideration to donating your organs when you pass. You have no use of them when your gone. They will save a life (lives)!!!!

If you live in the States then please either sign the back of your drivers license, tell a significant other you wishes or register here http://organdonor.gov/donor/index.htm

Ask a friend to do the same please

Thanks you so very much for considering it.

==========

Few more things to do...

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
- Update Malwarebytes' Anti-Malware <--- Important!!
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

C:\Users\Rob\AppData\Local\nvrsctl97\nvrsctl97.DLL
C:\Users\Rob\AppData\Roaming\2354676.exe
C:\Users\Rob\AppData\Roaming\setup.exe

If you get...

QUOTE

This file has been scanned before. The results for this previous scan are listed below.

Please choose "Scan Again"!!!!!!!!!

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

==========

With your next post please provide:

* Upload results
* MBAM log
* Any further troubles?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#9 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 27 February 2010 - 07:56 PM

~t

I ran MBAM again per your instructions and, as you will see in the scan log below, several infections were again found. I don't understand why since my system checked ok yesterday evening with SFP.

I ran jotti with the three files you listed and these were the results:
1--I was unable to find NVRSCTL98.DLL or its folder
2--Filename: 2354676.exe
Status:
Scan finished. 3 out of 20 scanners reported malware.
Scan taken on: Sun 28 Feb 2010 01:02:20 (CET) Permalink

Additional info
File size: 385024 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 172ec9a72c369e99d91cd18a8b6db16c
SHA1: edd3e22a6c997aaaf310b162f7a4271f5c99d2ef
3--Setup.exe would not upload--20mb limit and file is 56mb

I have not found any other problems on my system; everything seems to be running as it should

Regarding your suggestion on organ donation I agree with you and signed up several years ago.

Here is the latest MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/27/2010 3:01:47 PM
mbam-log-2010-02-27 (15-01-47).txt

Scan type: Quick Scan
Objects scanned: 117413
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnei (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\directory\msupdt\install (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Files Infected:
C:\directory\msupdt\install\ms89321.exe (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Rob\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Delete on reboot.
C:\Users\Rob\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Delete on reboot.

#10 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:06:03 AM

Posted 27 February 2010 - 11:30 PM

Hi,

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox. Do not include the word "Code"
CODE
:Files
C:\Users\Rob\AppData\Local\nvrsctl97
C:\Users\Rob\AppData\Roaming\2354676.exe
C:\Users\Rob\AppData\Roaming\setup.exe
C:\directory\msupdt
C:\Users\Rob\AppData\Local\Temp\MSN.abc
C:\Users\Rob\AppData\Roaming\logs.dat
C:\Users\Rob\AppData\Local\Temp\UuU.uUu
C:\Users\Rob\AppData\Local\Temp\XxX.xXx

:Reg
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnei]

:Commands
[emptytemp]
[Reboot]
Push
OTL may ask to reboot the machine. Please do so if asked.
Click .
A report will open. Copy and Paste that report in your next reply.

==========

Re-run MBAM and post a log

==========

With your next post please provide:

* OTL fix log
* MBAM log

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#11 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 28 February 2010 - 12:45 PM

~t

Here's this morning's OTL log followed by the MBAM log

All processes killed
========== FILES ==========
File\Folder C:\Users\Rob\AppData\Local\nvrsctl97 not found.
C:\Users\Rob\AppData\Roaming\2354676.exe moved successfully.
C:\Users\Rob\AppData\Roaming\setup.exe moved successfully.
C:\directory\msupdt\install folder moved successfully.
C:\directory\msupdt folder moved successfully.
File\Folder C:\Users\Rob\AppData\Local\Temp\MSN.abc not found.
C:\Users\Rob\AppData\Roaming\logs.dat moved successfully.
File\Folder C:\Users\Rob\AppData\Local\Temp\UuU.uUu not found.
C:\Users\Rob\AppData\Local\Temp\XxX.xXx moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnei\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: AppData

User: ASPNET

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Public

User: Rob
->Temp folder emptied: 258925 bytes
->Temporary Internet Files folder emptied: 21083427 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 91199098 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 225242 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 368791744 bytes

Total Files Cleaned = 471.00 mb

OTL by OldTimer - Version 3.1.30.3 log created on 02282010_092008

Files\Folders moved on Reboot...
C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_OPJql3XXIPDfPCI not found!
File\Folder C:\Windows\temp\mcmsc_0FbrUoHtx6Q3baE not found!
File\Folder C:\Windows\temp\mcmsc_52obAZB2NwWAs47 not found!
File\Folder C:\Windows\temp\mcmsc_8GZIWXPyviwJ50E not found!
File\Folder C:\Windows\temp\sqlite_5cEHGkBRSqW4kfp not found!
File\Folder C:\Windows\temp\sqlite_9NQBFsAXPO8rs0m not found!
File\Folder C:\Windows\temp\sqlite_SdWVwztsFOefKfO not found!
File\Folder C:\Windows\temp\sqlite_Z8pez6vm9ne7Bag not found!

Registry entries deleted on Reboot...

-----------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3807
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2/28/2010 9:43:19 AM
mbam-log-2010-02-28 (09-43-19).txt

Scan type: Quick Scan
Objects scanned: 117165
Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mnei (Backdoor.SpyNet.M) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:06:03 AM

Posted 28 February 2010 - 03:46 PM

Alright.

We need to try booting into an alternative operating system so I can nuke that registry entry that keeps getting recreated. Also take a look at some logs while your OS is quiescent. Here is what I want you to do.

First...

Download Sophos Anti-rootkit & save it to your desktop.
Be sure to read the Sophos Anti-Rookit User Manual. A copy of this manual sarman.pdf can also be found inside the program folder after installation.

Double-click sarsfx.exe to begin the installation, read the license agreement and click Accept.
Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes.
Make sure the following are checked:
Click "Start scan".
Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
- Files tagged as Removable: No are not marked for removal and cannot be removed.
- Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
- Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
A pop up window will appear advising the cleanup will be done when you restart your computer. Click "Restart Now".
After reboot, a dialog box displays the files you selected for removal and the action taken.
Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.

Note: If the scan is performed while the computer is in use, false positives may appear in the scan results. This is caused by files or registry entries being deleted, including temporary files being deleted automatically.

==========

Next.........

Please download OTLPE Network-ISO from this location:
http://ottools.noahdfear.net/OTLPE_Network.iso
Save it to your desktop.
- Download BurnCDCC
  http://www.hiren.info/download/freeware/BurnCDCC.zip
- Unzip and run BurnCDCC
- Select "Browse" and choose the OTLPE ISO
- Check "Read verify", "Finalize" and "Auto eject"
- Choose 32x speed and press "Start"

After you have successfully burned the OTLPE ISO to disc you will need to boot from it.

Insert the CD-ROM into the CD-ROM drive, and then restart the computer.
If your PC is not booting from the CD, you need to change the boot order:
- Restart your PC
- As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
- Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
- Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
- The tab should now show your current boot order.
  If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
- Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
- Your PC should now boot from your CD.
- Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
Please be patient as "Windows" loads
Your system should now display a REATOGO-X-PE desktop.
Double click on the icon on your desktop.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
- Copy and Paste the following code into the textbox. Do not include the word "Code"
  
  Please note: Double click the Firefox Icon on the desktop to connect to this thread if you have a Wired connection otherwise you can use a flash drive and copy this script into a txt file or you can save it to a familiar location on you c:\drive and reboot into normal Windows to access it.
  
  CODE
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %SYSTEMDRIVE%\*.exe
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  nvstor32.sys
  ahcix86s.sys
  /md5stop
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
- Push
- When finished, the file will be saved in drive C:\OTL.txt
- Please post the contents of the C:\OTL.txt file in your next reply.
- Copy this file to your USB or your c:\ drive if you do not have an internet connection.
Next........
Navigate here to the forum and click this link.
Download the program and save it to the REATOGO-X-PE desktop.
Once saved, close all other windows then double click the program to run it.
When completed, a log will open.
Save the log to the desktop using File>Save as, then post the log in a reply.

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#13 hootmon

Topic Starter

Members
13 posts
OFFLINE

Local time:03:03 AM

Posted 01 March 2010 - 11:53 AM

~t

Yesterday I downloaded and installed the Sophos Anti-Rootkit. When it ran, the first of the three selections (Running processes) was grayed out and unavailable for use. The other two were checked:Windows Registry and Local Hard Drives. The results showed 14 items listed as "unknown hidden file" and none were checked for removal. I did reboot and checked for the sarscan.log but did not find it and assume it was not created.

I downloaded the OTLPE Network-ISO file ok but couldn't find the BurnCDCC at the site given but did search and find it at terabyteunlimited.com which seems to be the creator of this program. After burning the disk and loading REATOGO-X-PE successfully, I started OTL but only got a brief listing of "My Computer" partitions. None of the questions you listed were shown and the program did not run.

#14 thcbytes

Malware Response Team
14,790 posts
OFFLINE

Gender:Male
Local time:06:03 AM

Posted 01 March 2010 - 01:03 PM

When you boot up Reatogo and get the My Computer prompt I would like you to go to c:\windows and select enter.
Success?

With Sophos...

Could you rerun it and export a log or take a screen shot of the detections?

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image