Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet pages redirected & new tab popups


  • This topic is locked This topic is locked
13 replies to this topic

#1 JDuck

JDuck

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 27 November 2010 - 10:15 PM

My computer has been having problems while on the net. I mostly use Firefox but have also tried Microsoft IE. While using Firefox (if I can get it to start up) It will out of the blue bring up another tab all by it self and it usually consists of a ad talking about being a winner of a Wal-mart gift card, but not always. I was also having problems with redirects when going to links chosen from a Google search. I have tried a number of scanners to try to find & get rid of the problem(s) but still no luck. I am at a point where I don't know what to do.

I am running Windows 7 - 64 bit

I saw a different thread on this sight and have downloaded and ran the "MBRCheck.exe" thinking it will help with my problem(s). I will post the results for this below.

Thank you for all of your help.


MBRCheck, version 1.2.3
© 2010, AD


Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv9700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 209):
0x02E58000 \SystemRoot\system32\ntoskrnl.exe
0x02E0F000 \SystemRoot\system32\hal.dll
0x00BA5000 \SystemRoot\system32\kdcom.dll
0x00CDF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CEC000 \SystemRoot\system32\PSHED.dll
0x00D00000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E4F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EF3000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F02000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F59000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F62000 \SystemRoot\system32\drivers\fltmgr.sys
0x00FAE000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FB8000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FEB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E1E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D5E000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E3F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DBA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DCA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E46000 \SystemRoot\system32\DRIVERS\atapi.sys
0x010DD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01107000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01112000 \SystemRoot\system32\drivers\fileinfo.sys
0x01126000 \SystemRoot\system32\drivers\PCTCore64.sys
0x0124C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01161000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0148E000 \SystemRoot\system32\drivers\ndis.sys
0x01580000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0142B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01475000 \SystemRoot\System32\Drivers\spldr.sys
0x011BF000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E0000 \SystemRoot\System32\Drivers\mup.sys
0x015F2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01871000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018AB000 \SystemRoot\system32\DRIVERS\disk.sys
0x018C1000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01927000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01951000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0197E000 \SystemRoot\System32\Drivers\Null.SYS
0x01987000 \SystemRoot\System32\Drivers\Beep.SYS
0x0198E000 \SystemRoot\System32\drivers\vga.sys
0x0199C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019C1000 \SystemRoot\System32\drivers\watchdog.sys
0x019D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019DA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019E3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019EC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01800000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01811000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0182F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02C22000 \SystemRoot\system32\drivers\afd.sys
0x02CAC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02CF1000 \SystemRoot\system32\DRIVERS\vsdatant.sys
0x02D86000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D8F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DB5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DCB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0183C000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03CAA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03CFB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03D07000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03D12000 \SystemRoot\System32\drivers\discache.sys
0x03D21000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D3F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D50000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03D76000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x03D8D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03D92000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x03D95000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03DAE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03DB7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03DC0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x03DCA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03C67000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03C74000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03A1E000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03A5C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03A7C000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03A8F000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03AA6000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x03AFD000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
0x0424E000 \SystemRoot\system32\DRIVERS\athrx.sys
0x043A6000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04A4A000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x03E37000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03F2B000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03F71000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03F8F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03F9E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03FF1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03E0F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03E1F000 \SystemRoot\system32\DRIVERS\serscan.sys
0x03E27000 \SystemRoot\system32\drivers\ksthunk.sys
0x05384000 \SystemRoot\system32\drivers\ks.sys
0x053C7000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043B3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A24000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x053DD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04200000 \SystemRoot\System32\Drivers\pcouffin.sys
0x03E2D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04215000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04227000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x03B61000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04235000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03BBB000 \SystemRoot\system32\drivers\CHDRT64.sys
0x05628000 \SystemRoot\system32\drivers\portcls.sys
0x05665000 \SystemRoot\system32\drivers\drmk.sys
0x05687000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x04409000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x056D9000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x0457D000 \SystemRoot\system32\drivers\modem.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x0458C000 \SystemRoot\System32\drivers\Dxapi.sys
0x04598000 \SystemRoot\System32\Drivers\crashdmp.sys
0x045A6000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x045B2000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x045BB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x045CE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x045EB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x057A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x057B1000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00450000 \SystemRoot\System32\TSDDD.dll
0x00600000 \SystemRoot\System32\cdd.dll
0x05600000 \SystemRoot\system32\drivers\luafv.sys
0x03DD5000 \SystemRoot\system32\drivers\WudfPf.sys
0x03A00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x034A5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x034F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0350B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03523000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0x0352F000 \SystemRoot\system32\drivers\HTTP.sys
0x03400000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0341E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03436000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x058E0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0592E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05951000 \SystemRoot\system32\DRIVERS\aksdf.sys
0x05961000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05997000 \??\C:\Windows\system32\drivers\iPodDrv.sys
0x0599F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x05800000 \SystemRoot\system32\drivers\peauth.sys
0x058A6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x058B1000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x059A4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x059B6000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x06E4C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06EB3000 \SystemRoot\System32\DRIVERS\srv.sys
0x06FBA000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06FC5000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x06FD5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x779E0000 \Windows\System32\ntdll.dll
0x481B0000 \Windows\System32\smss.exe
0xFFD00000 \Windows\System32\apisetschema.dll
0xFFB80000 \Windows\System32\autochk.exe
0xFFCD0000 \Windows\System32\sechost.dll
0x778E0000 \Windows\System32\user32.dll
0xFFC30000 \Windows\System32\comdlg32.dll
0x77BB0000 \Windows\System32\normaliz.dll
0xFFB90000 \Windows\System32\msvcrt.dll
0xFFB40000 \Windows\System32\Wldap32.dll
0xFF960000 \Windows\System32\setupapi.dll
0xFF830000 \Windows\System32\rpcrt4.dll
0xFF7C0000 \Windows\System32\gdi32.dll
0xFF790000 \Windows\System32\imm32.dll
0x77BA0000 \Windows\System32\psapi.dll
0xFF530000 \Windows\System32\iertutil.dll
0xFF520000 \Windows\System32\nsi.dll
0xFF410000 \Windows\System32\msctf.dll
0xFF3C0000 \Windows\System32\ws2_32.dll
0xFF1B0000 \Windows\System32\ole32.dll
0xFF1A0000 \Windows\System32\lpk.dll
0x777C0000 \Windows\System32\kernel32.dll
0xFF180000 \Windows\System32\imagehlp.dll
0xFF0B0000 \Windows\System32\usp10.dll
0xFEFD0000 \Windows\System32\oleaut32.dll
0xFEEF0000 \Windows\System32\advapi32.dll
0xFEE70000 \Windows\System32\shlwapi.dll
0xFED40000 \Windows\System32\wininet.dll
0xFEBC0000 \Windows\System32\urlmon.dll
0xFEB40000 \Windows\System32\difxapi.dll
0xFEAA0000 \Windows\System32\clbcatq.dll
0xFDD10000 \Windows\System32\shell32.dll
0xFDCD0000 \Windows\System32\cfgmgr32.dll
0xFDCB0000 \Windows\System32\devobj.dll
0xFDC70000 \Windows\System32\wintrust.dll
0xFDBD0000 \Windows\System32\comctl32.dll
0xFDA60000 \Windows\System32\crypt32.dll
0xFD9F0000 \Windows\System32\KernelBase.dll
0xFD9E0000 \Windows\System32\msasn1.dll
0x76920000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
520 csrss.exe
576 C:\Windows\System32\wininit.exe
592 csrss.exe
648 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\winlogon.exe
852 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\nvvsvc.exe
972 C:\Windows\System32\svchost.exe
1020 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
752 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\rundll32.exe
1436 C:\Windows\System32\svchost.exe
1528 C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
1952 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
1300 C:\Windows\System32\spoolsv.exe
1452 C:\Windows\System32\svchost.exe
1600 C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
1284 C:\Windows\SysWOW64\svchost.exe
1480 C:\Windows\System32\taskhost.exe
1844 C:\Windows\System32\taskeng.exe
2084 C:\Windows\System32\dwm.exe
2116 C:\Windows\explorer.exe
2232 C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
2648 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2732 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2772 C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
2820 C:\Windows\System32\rundll32.exe
2840 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2876 C:\Program Files\Microsoft Security Essentials\msseces.exe
2912 C:\Program Files\Windows Sidebar\sidebar.exe
3048 C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
3064 C:\Windows\System32\svchost.exe
2368 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2472 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
2688 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
1044 C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
2548 C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
3112 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3300 C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
3416 C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
3512 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
3540 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3552 C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
3568 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3724 C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
3856 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
4032 C:\Windows\System32\svchost.exe
4068 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
3176 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
3444 C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
3248 C:\Windows\System32\svchost.exe
2984 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
4236 C:\Windows\System32\SearchIndexer.exe
4296 C:\Program Files\iPod\bin\iPodService.exe
4512 C:\Windows\System32\svchost.exe
4880 C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
5040 C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
4548 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5064 C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
5128 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
5260 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
5272 C:\Program Files\Windows Media Player\wmpnetwk.exe
5320 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
5696 C:\Windows\System32\svchost.exe
6052 C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
73884 WmiPrvSE.exe
81860 C:\Windows\System32\notepad.exe
82920 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
82160 C:\Windows\System32\taskmgr.exe
83660 C:\Windows\System32\svchost.exe
82516 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
83900 C:\Windows\explorer.exe
83936 C:\Windows\SysWOW64\notepad.exe
84228 C:\Windows\System32\SearchProtocolHost.exe
83244 C:\Windows\System32\SearchFilterHost.exe
85004 WmiPrvSE.exe
85604 C:\Windows\System32\audiodg.exe
85844 C:\Users\David\Desktop\Computer Cleaning Tools\MBRCheck.exe
85852 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: ST9500420ASG, Rev: 0002SDM1
PhysicalDrive0 Model Number: ST9500420AS, Rev: 0001SDM1

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 04 December 2010 - 04:15 PM

Hi JDuck, and welcome to Bleeping Computer.

Firstly,
Ensure MBRCheck is placed in that folder on your Desktop: Computer Cleaning Tools

Then, open an Elevated Command Prompt...
In the command prompt write (or copy and right-click paste) these commands (click Enter after every one of them):

cd "Desktop\Computer Cleaning Tools"
MBRCheck -s 1 -d dump.dat ("select drive 1, dump to 'dump.dat')


In the folder Computer Cleaning Tools a new file should appear: dump.dat - attach it to your next post... (Add Reply --> see Attachments under the text area...)

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Thirdly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 JDuck

JDuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 04 December 2010 - 06:14 PM

Hi, thank you for your help. I am having trouble getting past the first request.

"Firstly,
Ensure MBRCheck is placed in that folder on your Desktop: Computer Cleaning Tools

Then, open an Elevated Command Prompt...
In the command prompt write (or copy and right-click paste) these commands (click Enter after every one of them):

cd "Desktop\Computer Cleaning Tools"
MBRCheck -s 1 -d dump.dat ("select drive 1, dump to 'dump.dat')"


What am I doing wrong? Here is what I get when I run the cmd.exe as Admin

Posted Image

#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 05 December 2010 - 06:06 AM

Hi again JDuck!!.. :)

Hi, thank you for your help. I am having trouble getting past the first request.
(...)
What am I doing wrong? Here is what I get when I run the cmd.exe as Admin


You do nothing wrong - that was an error on my part - I wasn't aware of the fact that a Command prompt presents you a different patch if you start it differently...

Proceed with the first step (and then with other steps), but as the first command to be pasted into the Command prompt, use:

cd "C:\Users\David\Desktop\Computer Cleaning Tools"
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 JDuck

JDuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 05 December 2010 - 10:16 PM

When I try to load the .dat file I get the message that "You aren't permitted to upload this kind of file."

Now what?

Posted Image

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 06 December 2010 - 08:38 AM

Hi again JDuck!!.. :)

When I try to load the .dat file I get the message that "You aren't permitted to upload this kind of file."

Sorry... If you rename the file to: dump.txt, you should be able to upload it successfully...

Then, proceed with the rest of instructions...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 JDuck

JDuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 December 2010 - 10:43 AM

OTL.Txt

OTL logfile created on: 12/5/2010 7:51:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 51.37 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 25.65 Gb Free Space | 5.51% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/05 19:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
PRC - [2010/11/02 06:33:35 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/08 18:08:06 | 002,338,896 | ---- | M] (AG Entertainment Inc) -- C:\Users\David\AppData\Local\Audiogalaxy\Audiogalaxy.exe
PRC - [2010/09/15 12:18:42 | 000,053,096 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2010/09/15 12:18:42 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/06/04 18:42:15 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/05/30 17:00:25 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe
PRC - [2010/02/25 23:10:20 | 021,979,992 | ---- | M] () -- C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2009/12/22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009/12/21 17:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/11/02 12:17:08 | 000,604,888 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
PRC - [2009/11/02 12:17:06 | 002,195,160 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe
PRC - [2009/11/02 12:17:04 | 000,430,808 | ---- | M] (TiVo Inc.) -- C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
PRC - [2009/10/15 04:06:52 | 000,053,064 | ---- | M] (TechSmith Corporation) -- C:\Program Files\SnagIt\SnagitPortable\App\Snagit\TscHelp.exe
PRC - [2009/10/15 04:06:50 | 000,066,888 | ---- | M] (TechSmith Corporation) -- C:\Program Files\SnagIt\SnagitPortable\App\Snagit\SnagPriv.exe
PRC - [2009/10/15 04:06:46 | 007,168,328 | ---- | M] (TechSmith Corporation) -- C:\Program Files\SnagIt\SnagitPortable\App\Snagit\SnagitEditor.exe
PRC - [2009/10/15 04:06:46 | 006,287,176 | ---- | M] (TechSmith Corporation) -- C:\Program Files\SnagIt\SnagitPortable\App\Snagit\Snagit32.exe
PRC - [2009/09/25 12:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/08/27 17:22:18 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
PRC - [2009/08/27 17:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2009/08/22 04:31:06 | 005,148,672 | ---- | M] () -- C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
PRC - [2009/07/13 19:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/06/11 13:14:02 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/05/26 16:46:10 | 001,159,168 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2010/12/05 19:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
MOD - [2010/09/10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\Windows\SysWOW64\guard32.dll
MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 19:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 19:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/10 23:41:42 | 002,528,856 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2010/01/07 15:24:16 | 000,470,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/01/07 15:24:06 | 007,700,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/11 13:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2010/11/30 19:16:13 | 003,020,376 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_5632d69.dll -- (Akamai)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009/12/12 17:00:43 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/02 12:17:00 | 001,098,968 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2009/09/25 12:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/08/27 17:21:32 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\MaVc2K.sys -- (MaVctrl)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lmimirr.sys -- (lmimirr)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\easytthr.sys -- (easytether)
DRV:64bit: - [2010/09/10 23:40:42 | 000,020,864 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2010/08/04 15:41:04 | 000,014,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\iPodDrv.sys -- (iPodDrv)
DRV:64bit: - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/12/11 22:05:00 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/10/26 15:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/10/09 20:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/10/09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 16:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:16:08 | 000,029,696 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2009/01/29 16:16:08 | 000,029,696 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2008/03/04 02:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2007/07/11 02:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006/11/18 13:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 17:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2006/11/16 01:59:52 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2006/06/17 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/11/06 14:14:11 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/01 19:26:38 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/01/16 10:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\MaVc2K.sys -- (MaVctrl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 36 8E B7 5D 79 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12


FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009/12/11 18:53:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/27 20:03:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 07:13:22 | 000,000,000 | ---D | M]

[2010/10/24 07:31:37 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2010/02/11 18:07:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/12/05 19:45:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions
[2010/11/19 07:11:23 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/10/24 16:53:32 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/11/04 06:05:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/12/05 19:45:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/24 07:38:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/03/31 21:03:40 | 000,000,000 | ---D | M] (TVHarmony AutoPilot) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{FE76A1D3-DF55-4527-8BB7-07A3C6ABE9D6}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {B0D3D090-CE97-4E3E-A388-CFD55B1F5E63} - No CLSID value found.
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Audiogalaxy] C:\Users\David\AppData\Local\Audiogalaxy\Audiogalaxy.exe (AG Entertainment Inc)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe (TiVo Inc.)
O4 - HKCU..\Run: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Multiply AutoUploader.lnk = C:\Program Files (x86)\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files (x86)\SnagIt\SnagitPortable\App\Snagit\Snagit32.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems Incorporated)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/09 22:27:29 | 000,000,000 | ---D | M] - D:\Autopano_Giga_2.0.6 -- [ NTFS ]
O33 - MountPoints2\{e9a06f92-b93f-11df-a363-001b24f55d16}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found


Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/05 19:43:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2010/11/28 21:29:02 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2010/11/28 21:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/11/28 20:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2010/11/28 20:13:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/11/28 20:00:23 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/11/28 19:15:18 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/11/28 19:12:04 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/11/28 18:53:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/28 18:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/27 20:32:31 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Computer Cleaning Tools
[2010/11/18 18:32:28 | 000,000,000 | ---D | C] -- C:\Users\David\A CHRISTMAS CAROL_TU
[2010/11/18 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\David\A CHRISTMAS CAROL_G
[2010/11/18 16:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/18 16:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/18 16:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/15 19:43:00 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\dvdcss
[2010/11/12 12:46:58 | 004,280,320 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2010/11/12 07:16:16 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\FFSJ
[2010/11/11 22:34:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\vlc
[2010/11/11 22:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2009/12/11 22:05:00 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\David\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/05 19:46:41 | 001,249,184 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010/12/05 19:46:30 | 001,230,433 | ---- | M] () -- C:\Users\David\Desktop\tdsskiller.zip
[2010/12/05 19:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2010/12/05 19:36:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 19:36:01 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/05 19:34:55 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/12/05 19:34:55 | 000,632,946 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/12/05 19:34:55 | 000,110,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/12/05 19:27:38 | 000,001,355 | ---- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Multiply AutoUploader.lnk
[2010/12/05 19:27:18 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010/12/05 19:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/05 19:26:44 | 1559,420,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/04 17:08:45 | 000,050,623 | ---- | M] () -- C:\Users\David\Documents\12-4-2010 5-08-21 PM.jpg
[2010/12/01 20:05:26 | 000,018,601 | ---- | M] () -- C:\Users\David\Documents\DUBUQUE WARD EXPENSE FORM.docx
[2010/12/01 19:51:17 | 000,032,827 | ---- | M] () -- C:\Users\David\Documents\12-1-2010 7-50-25 PM_Sarah.jpg
[2010/12/01 19:27:56 | 000,018,275 | ---- | M] () -- C:\Users\David\Documents\DUBUQUE WARD EXPENSE FORM_c.docx
[2010/12/01 17:54:12 | 000,010,671 | ---- | M] () -- C:\Users\David\Documents\Currancy Counter.xlsx
[2010/12/01 17:01:09 | 000,018,197 | ---- | M] () -- C:\Users\David\Documents\DUBUQUE WARD EXPENSE FORM_b.docx
[2010/11/28 21:25:39 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2010/11/28 19:42:34 | 000,249,637 | ---- | M] () -- C:\MGlogs.zip
[2010/11/28 19:14:41 | 002,402,457 | ---- | M] () -- C:\MGtools.exe
[2010/11/28 18:53:15 | 000,001,033 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/28 18:53:15 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/28 16:17:40 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/11/18 16:58:34 | 000,002,515 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/11/18 16:58:34 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/11/18 16:54:47 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 22:19:02 | 000,001,007 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2010/11/12 12:46:58 | 004,280,320 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2010/11/11 22:34:30 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/05 19:46:24 | 001,230,433 | ---- | C] () -- C:\Users\David\Desktop\tdsskiller.zip
[2010/12/04 17:08:21 | 000,050,623 | ---- | C] () -- C:\Users\David\Documents\12-4-2010 5-08-21 PM.jpg
[2010/12/01 19:50:25 | 000,032,827 | ---- | C] () -- C:\Users\David\Documents\12-1-2010 7-50-25 PM_Sarah.jpg
[2010/12/01 19:27:55 | 000,018,275 | ---- | C] () -- C:\Users\David\Documents\DUBUQUE WARD EXPENSE FORM_c.docx
[2010/12/01 17:01:08 | 000,018,197 | ---- | C] () -- C:\Users\David\Documents\DUBUQUE WARD EXPENSE FORM_b.docx
[2010/11/30 21:13:52 | 000,018,601 | ---- | C] () -- C:\Users\David\Documents\DUBUQUE WARD EXPENSE FORM.docx
[2010/11/28 21:28:10 | 001,249,184 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010/11/28 21:25:39 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Antivirus.lnk
[2010/11/28 19:30:07 | 000,249,637 | ---- | C] () -- C:\MGlogs.zip
[2010/11/28 19:14:32 | 002,402,457 | ---- | C] () -- C:\MGtools.exe
[2010/11/28 18:53:15 | 000,001,033 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/28 18:53:15 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 16:54:47 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/15 22:19:02 | 000,001,007 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2010/11/11 22:34:30 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/11/07 16:39:22 | 000,010,671 | ---- | C] () -- C:\Users\David\Documents\Currancy Counter.xlsx
[2010/11/03 18:12:57 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2010/09/23 20:41:47 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/01 21:04:27 | 000,743,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/25 13:29:12 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/02/15 21:54:10 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\Chip.dll
[2010/01/28 20:25:14 | 000,003,718 | ---- | C] () -- C:\Users\David\AppData\Roaming\ReplayConverterLog.log
[2010/01/28 07:38:42 | 000,012,676 | ---- | C] () -- C:\Users\David\AppData\Roaming\ConverterEngLog.log
[2010/01/18 08:26:34 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/01/18 08:26:33 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/01/18 08:22:45 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/12/19 17:54:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/12/19 17:54:28 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\cdga.dll
[2009/12/19 16:48:48 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2009/12/19 16:48:48 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2009/12/19 16:48:48 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2009/12/16 08:06:18 | 000,004,608 | ---- | C] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/12 09:39:42 | 000,001,044 | ---- | C] () -- C:\Users\David\AppData\Roaming\vso_ts_preview.xml
[2009/12/11 22:05:33 | 000,000,034 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.log
[2009/12/11 22:05:00 | 000,099,384 | ---- | C] () -- C:\Users\David\AppData\Roaming\inst.exe
[2009/12/11 22:05:00 | 000,007,859 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.cat
[2009/12/11 22:05:00 | 000,001,167 | ---- | C] () -- C:\Users\David\AppData\Roaming\pcouffin.inf
[2009/12/11 17:57:54 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/12/11 17:57:54 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/12/11 17:57:30 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/12/11 17:56:40 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009/12/11 17:56:40 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/12/11 17:56:37 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2009/12/11 17:56:36 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2009/07/15 15:47:26 | 000,032,629 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/04/01 16:06:40 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/04/01 16:06:40 | 000,000,246 | ---- | M] () -- C:\7afd0ca7fc6038f.dat
[2009/12/19 17:54:51 | 000,000,875 | ---- | M] () -- C:\Cucu_Video_log.txt
[2010/12/05 19:26:44 | 1559,420,928 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/28 19:42:34 | 000,249,637 | ---- | M] () -- C:\MGlogs.zip
[2010/11/28 19:14:41 | 002,402,457 | ---- | M] () -- C:\MGtools.exe
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/12/05 19:26:51 | 2079,232,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:DD4DD9B9
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:01C66DD9
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:0888F409

< End of report >

Extras.Txt

OTL Extras logfile created on: 12/5/2010 7:51:07 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\David\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 27.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 51.37 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 25.65 Gb Free Space | 5.51% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Autopano Giga" = Autopano Giga
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"F6DC63F2DBAE55EF9988A79DF50F3AF52275237C" = Windows Driver Package - SafeNet, Inc. USB (03/09/2006 7.3.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{245FCF81-55BA-4AB9-A7C1-37411595676D}" = Nuance PaperPort 12
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 22
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7840W
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.1.00.01A
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{C559CCD6-E2B8-4C7B-9791-AB68F382F9C2}" = DirectShow Dump
"{C795249A-A302-4DAF-8469-AAF31B9C15BD}" = TiVo Decoder GUI
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9363145-9671-11BB-3E2E-C804D976375F}" = Chief Architect X1
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FB5C5641-EB28-1F59-8F73-14A7F2A3EF89}" = Multiply AutoUploader
"3herosoft iPhone to Computer Transfer" = 3herosoft iPhone to Computer Transfer
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AI RoboForm" = AI RoboForm (All Users)
"Akamai" = Akamai NetSession Interface
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1" = Multiply AutoUploader
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 7.19.7.12
"DiskAid_is1" = DiskAid 3.11
"doubleTwist" = doubleTwist
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.2.1 (30/09/2010)
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.15
"Handbrake" = Handbrake 0.9.4
"HASP HL Device Driver" = HASP HL Device Driver
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Standard)
"Lenogo iPod to PC Transfer_is1" = Lenogo iPhone to PC Transfer 4.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Picasa 3" = Picasa 3
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"PowerISO" = PowerISO
"QuickSFV" = QuickSFV (Remove only)
"Rainlendar2" = Rainlendar2 (remove only)
"Replay Converter 3" = Replay Converter 3
"Replay_AV_807" = Replay AV 8
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SureThing CD Labeler Deluxe_is1" = SureThing CD Labeler Deluxe 5.2.632.0
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.565
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Audiogalaxy" = Audiogalaxy
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2010 10:27:51 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 564: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/3/2010 12:20:38 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 560: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/3/2010 9:56:38 AM | Computer Name = David-PC | Source = TivoTransfer | ID = 0
Description =

Error - 12/3/2010 10:15:49 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 576: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/3/2010 3:41:47 PM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 560: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/3/2010 9:11:29 PM | Computer Name = David-PC | Source = TivoTransfer | ID = 0
Description =

Error - 12/3/2010 11:31:16 PM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 552: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/4/2010 9:18:59 AM | Computer Name = David-PC | Source = TivoTransfer | ID = 0
Description =

Error - 12/5/2010 12:21:01 AM | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = 576: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 12/5/2010 9:27:29 PM | Computer Name = David-PC | Source = TivoTransfer | ID = 0
Description =

[ System Events ]
Error - 8/24/2010 8:52:18 AM | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The MaVctrl service failed to start due to the following error: %%1275

Error - 8/24/2010 8:52:24 AM | Computer Name = David-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.

Error - 8/24/2010 9:19:08 AM | Computer Name = David-PC | Source = BROWSER | ID = 8032
Description =

Error - 8/24/2010 10:51:44 PM | Computer Name = David-PC | Source = DCOM | ID = 10010
Description =

Error - 8/24/2010 10:54:13 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/24/2010 10:54:14 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/24/2010 10:55:02 PM | Computer Name = David-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\MaVc2K.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/24/2010 10:55:02 PM | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The MaVctrl service failed to start due to the following error: %%1275

Error - 8/24/2010 10:55:06 PM | Computer Name = David-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 6 Processor ID: 1 The details view of this entry contains
further information.

Error - 8/24/2010 10:55:06 PM | Computer Name = David-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = A fatal hardware error has occurred. Reported by component: Processor
Core Error Source: 3 Error Type: 256 Processor ID: 1 The details view of this entry
contains further information.


< End of report >

Attached Files



#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 06 December 2010 - 11:24 AM

Hi again JDuck!!.. :)

That looks much better!!.. Looks like TDSSKiller managed to remove a rootkit infection... Does any problem remain??..

Please do the following,

Firstly, (note: the script will remove two leftovers from an uninstall of ZoneAlarm)
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    [2010/10/24 16:53:32 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
    O2 - BHO: (no name) - {B0D3D090-CE97-4E3E-A388-CFD55B1F5E63} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk = C:\Program Files (x86)\SnagIt\SnagitPortable\App\Snagit\Snagit32.exe File not found
    [2010/11/28 19:12:04 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Thirdly,
We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities...
Run Adobe Reader --> Help --> Check for updates - let it update to the newest version - 9.4.1

- Adobe Flash Player:

Check (with your default browser) your version of Flash here: Adobe Flash Player - if it's below 10,1,102,64, please update Flash by using the instructions below:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 JDuck

JDuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 December 2010 - 02:13 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
File C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker not found.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\searchplugin folder moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\META-INF folder moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\lib folder moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\defaults folder moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components folder moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\chrome folder moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\payzvass.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0D3D090-CE97-4E3E-A388-CFD55B1F5E63}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0D3D090-CE97-4E3E-A388-CFD55B1F5E63}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk moved successfully.
C:\32788R22FWJFW\N_ folder moved successfully.
C:\32788R22FWJFW\License folder moved successfully.
C:\32788R22FWJFW\EN-US folder moved successfully.
C:\32788R22FWJFW folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 11715815 bytes
->Temporary Internet Files folder emptied: 275473 bytes
->Java cache emptied: 13741261 bytes
->FireFox cache emptied: 52756382 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 60564 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 895344 bytes
->Temporary Internet Files folder emptied: 49152 bytes
->FireFox cache emptied: 28795178 bytes
->Flash cache emptied: 738 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 9684 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8599679 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.00 mb


[EMPTYFLASH]

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12062010_120814

Files\Folders moved on Reboot...
C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\kls7C68.tmp not found!
File\Folder C:\Windows\temp\klsA816.tmp not found!
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

==================================================================================================


Also. I just installed Kaspersky Internet Security. Will this work in place of the requested ESET scan?

So far I did the "Critical Areas Scan" and everything came out fine as it shows below.

I am still working on the full scan.


Posted Image

... also I've updated Adobe Acrobat Reader, I recall doing an update of Adobe Flash Player before I started this post because of reading another post and I am almost certain it was done correctly. But, if you think it would be best to do it again I've got no problem with that.

#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 06 December 2010 - 02:53 PM

Hi again JDuck!!.. :)

I just installed Kaspersky Internet Security. Will this work in place of the requested ESET scan?

Yep, no problem... Just post the full scans results when ready...

For the Flash Player - just check if you have the latest version of it (I gave a link to the testing page), if no, perform na update as instructed...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 JDuck

JDuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 06 December 2010 - 09:41 PM

Deleted (8)
12/6/2010 6:16:54 PM Deleted Trojan program Backdoor.Win32.Hupigon.bebt d:\appz\1 - chief architect\magnitude\cax1key.exe High
12/6/2010 6:14:10 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.dmzl d:\appz\nero.m.926.b2.1\keymaker betamaster v.2.rar/Keymaker BetaMaster v.2\keymaker.exe High
12/6/2010 6:16:43 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.dmzl d:\appz\nero.m.926.b2.1\keymaker betamaster v.2\keymaker.exe High
12/6/2010 6:16:32 PM Deleted Trojan program Trojan-Downloader.Win32.Agent.dmzl d:\appz\nerolite v9.2.6.0\delete!!\keymaker.exe High
12/6/2010 6:16:21 PM Deleted Trojan program Trojan-Downloader.Win32.Exchanger.bbk d:\appz\rapidshare database search\mayoko.v1.1.5\keygen-zwt\keygen.exe High
12/6/2010 6:14:26 PM Deleted Trojan program Trojan.Win32.Agent2.csvz d:\appz - pocket pc\dinarsoft.memmaid.v2.3\dinarsoft.memmaid.v2.3.build.230.wm2003.wm5.wm6.full.rar/cr-keymaker.exe High
12/6/2010 6:17:04 PM Deleted Trojan program Trojan.Win32.Agent2.csvz d:\appz - pocket pc\dinarsoft.memmaid.v2.3\cr-keymaker.exe High
12/6/2010 6:16:09 PM Deleted Trojan program Trojan-PSW.Win32.Staem.oe d:\tomtom (voices)\tomtom 8.302 (update)\kg_v3.1c\tomtom keygen v3.1c\msinet.ocx High
Quarantined (2)
12/6/2010 6:14:25 PM Quarantined virus HEUR:Worm.Win32.Generic d:\appz\1 - chief architect\install\pdf995\pdf995s.exe High
12/6/2010 6:14:25 PM Quarantined virus HEUR:Worm.Win32.Generic d:\appz\1 - chief architect\install\pdf995\pdf995s.exe/pdf995/thinsetup.exe High
Disinfected (2)
12/6/2010 6:14:11 PM Disinfected Trojan program Trojan-Downloader.Win32.Agent.dmzl d:\appz\nero.m.926.b2.1\keymaker betamaster v.2.rar High
12/6/2010 6:14:26 PM Disinfected Trojan program Trojan.Win32.Agent2.csvz d:\appz - pocket pc\dinarsoft.memmaid.v2.3\dinarsoft.memmaid.v2.3.build.230.wm2003.wm5.wm6.full.rar High

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 07 December 2010 - 11:59 AM

Hi again JDuck!!.. :)

As you've probably noticed, that scan removed trojans and worms which were in the cracks or keygens... Using cracks/keygens and/or pirated software may be one of the simplest ways to have your computer infected!!.. Avoid cracks, please!!..

Ok, if no problem persists, please do the following:

Firstly,
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.
  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Secondly,
Please set a new Restore Point to prevent infection from any previous Restore Points.
The easiest and safest way to do this is:
  • Open Control Panel (Start --> Control Panel) and double-click the System icon.
  • Click on the System Protection link on the left. If an UAC (User Account Control) prompt appears, click Continue. Close the System window.
  • Make sure that you have System Protection turned on for your System drive (usually C:\):
    • In Windows 7: On under Protection,
    • In Windows Vista: a box on the left will be checked.
  • Click on the Create button. Give the restore point a name, and click Create. Wait till the new system restore point is created, and click Close.
  • Then go to "Disk Cleanup" which can be found by going to Start > All Programs > Accessories > System Tools.
  • Click "OK" to select the partition or drive you desire (usually C:\).
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one. More details and screenshots for Disk Cleanup in Windows Vista can be found here and for Windows 7 here.

Please check my site - snemelk.hekko.pl:

Also, I recommend you to read Grinler's excellent article: How did I get infected?, With steps so it does not happen again!
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 JDuck

JDuck
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 09 December 2010 - 10:59 PM

Hi snemelk,

I just wanted to say thank you again for all of your help. I appreciate everything you helped me with.

Thanks! :thumbup2:

#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:53 PM

Posted 10 December 2010 - 05:36 AM

Hi JDuck!!.. :)

I just wanted to say thank you again for all of your help. I appreciate everything you helped me with.

You're welcome!!.. :thumbup2:

Glad we could help. :)

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users