Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Recovery: removed but still cannot see programs


  • This topic is locked This topic is locked
19 replies to this topic

#1 planetscott

planetscott

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 15 May 2011 - 05:16 PM

It seems like I got the Windows 7 Recovery virus/malwaare removed but I still cannot see my programs. I ran mbam, rkill, tdskiller (not sure the order but followed directions) and then unhide. unhide showed some desktop shortcuts but did not fix the program list. I tried rkunhookerlerle but I get an error "Error loading driver, NTSTATUS code: 0x000036B".

1. I would like some help to confirm i have the virus/malware completeley removed?
2. How to I get visibility of my program functioning properly again?

Thanks in advance for you great volunteers helping!!!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Scott at 14:59:57.19 on Sun 05/15/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8125.6164 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10g_ActiveX.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KMTUQIOO\dds[1].scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110102082454.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [AdobeBridge]
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110102082454.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
mRun-x64: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-1-5 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-1-5 283360]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-8-3 55280]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdflt.sys [2010-8-3 18792]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-1-5 75032]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-6-26 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-26 202752]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-3 60928]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-16 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-16 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-16 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-3 200056]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-3-25 25824]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-3 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-3 149032]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-6-26 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2010-6-26 80896]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-6-26 55808]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-3-24 13064]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-3 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2010-6-26 23912]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-6-26 71168]
R3 bpmp;bpmp;C:\Windows\System32\drivers\bpmp.sys [2010-6-26 174592]
R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-6-26 81920]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-8-3 35104]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-1-5 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-8-3 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-26 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-1-5 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-1-5 441328]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-26 6952960]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-11-17 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-26 239616]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-8-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-3 79360]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-1-5 94864]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-8-3 79360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-13 59392]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-17 1255736]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-10-16 355440]
.
=============== Created Last 30 ================
.
2011-05-15 21:14:13 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-05-15 03:28:40 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes
2011-05-15 03:28:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-15 03:28:22 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-15 03:28:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-15 03:28:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-11 06:41:10 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 06:41:10 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 06:41:10 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 06:41:06 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 06:41:05 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 06:41:05 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 06:41:05 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 06:41:05 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 06:41:05 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 06:41:05 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-09 00:28:59 -------- d-----w- C:\Users\Scott\AppData\Local\TechSmith
2011-05-08 00:53:22 -------- d-----w- C:\Users\Scott\AppData\Local\Apple Computer
2011-05-08 00:52:40 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-08 00:52:40 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-05-08 00:52:40 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-05-08 00:52:16 -------- d-----w- C:\Program Files\iTunes
2011-05-08 00:52:16 -------- d-----w- C:\Program Files\iPod
2011-05-08 00:52:16 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-08 00:52:16 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-08 00:49:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-08 00:49:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-08 00:48:33 -------- d-----w- C:\Users\Scott\AppData\Local\Apple
2011-05-08 00:47:47 -------- d-----w- C:\Program Files\Bonjour
2011-05-08 00:47:47 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-01 04:37:11 -------- d-----w- C:\Users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-04-27 03:55:13 2871808 ----a-w- C:\Windows\explorer.exe
2011-04-27 03:55:13 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-04-27 03:55:10 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 03:55:10 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-22 00:02:54 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-04-22 00:01:59 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
.
==================== Find3M ====================
.
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-15 02:42:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-15 02:42:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-03-04 06:19:28 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19:27 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-02-24 05:38:54 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 04:56:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 10:51:16 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-18 05:39:44 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
.
============= FINISH: 15:00:42.29 ===============

bumping this up.

I have not received any help so I have continued to try to fix this on my own from reading other posts. Still no luck - startup programs still missing and not sure if Windows Recovery Virus is completely removed. Since completing the actions I described in my original post, i have re-run the latest version of unhide.exe. tried manually replacing the startup programs (according to a post I can no longer find) and ran Combofix. (let me know if I should post the log) So again, could I get some help with:

1. I would like some help to confirm i have the virus/malware completeley removed?
2. How to I get visibility of my program functioning properly again?

Thanks in advance!!

EDIT: Posts merged ~Budapest

Edited by Budapest, 25 May 2011 - 07:16 PM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 27 May 2011 - 12:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 01 June 2011 - 09:31 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 02 June 2011 - 04:20 AM

This topic has been re-opened at the request of the person who originally posted.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 planetscott

planetscott
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 June 2011 - 12:48 AM

Casey,

See DDS results below and attached:

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Scott at 22:34:38 on 2011-06-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8125.5891 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\mcafee\VirusScan\mcods.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10g_ActiveX.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110515223530.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10g_ActiveX.exe -update activex
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Scott\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://pephoto.lifepics.com/net/Uploader/LPUploader57.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{83DA9DFC-B580-4AE1-9493-DCDA5465A4E6} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{83DA9DFC-B580-4AE1-9493-DCDA5465A4E6}\2657464697 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{83DA9DFC-B580-4AE1-9493-DCDA5465A4E6}\94369636C65694E6E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{83DA9DFC-B580-4AE1-9493-DCDA5465A4E6}\C414252595 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{83DA9DFC-B580-4AE1-9493-DCDA5465A4E6}\C4F6467656021647023557E63616469616 : DhcpNameServer = 204.117.214.10 199.2.252.10
TCP: Interfaces\{DD2C9F92-BE52-4259-A691-E3AF2561364D} : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110515223530.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdflt;Disk Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdflt.sys --> C:\Windows\system32\DRIVERS\stdflt.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-6-26 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallFilterService;FF Install Filter Service;C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2010-8-3 60928]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-16 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-16 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-16 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-8-3 200056]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-3-25 25824]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-8-3 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-8-3 149032]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-3-24 13064]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-8-3 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-8-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-3 79360]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-8-3 79360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-10-16 355440]
.
=============== Created Last 30 ================
.
2011-05-25 20:05:34 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-25 19:27:33 98816 ----a-w- C:\Windows\sed.exe
2011-05-25 19:27:33 89088 ----a-w- C:\Windows\MBR.exe
2011-05-25 19:27:33 256512 ----a-w- C:\Windows\PEV.exe
2011-05-25 19:27:33 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-25 16:22:54 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-21 22:48:22 -------- d-----w- C:\ProgramData\New folder (2)
2011-05-21 22:44:50 -------- d-----w- C:\ProgramData\New folder
2011-05-19 20:53:52 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-19 20:53:52 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-15 21:14:13 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-05-15 03:28:40 -------- d-----w- C:\Users\Scott\AppData\Roaming\Malwarebytes
2011-05-15 03:28:22 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-15 03:28:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-15 03:28:19 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-15 03:28:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-11 06:41:10 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 06:41:10 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 06:41:10 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 06:41:06 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 06:41:05 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 06:41:05 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 06:41:05 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 06:41:05 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 06:41:05 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 06:41:05 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-05-09 00:28:59 -------- d-----w- C:\Users\Scott\AppData\Local\TechSmith
2011-05-08 00:53:22 -------- d-----w- C:\Users\Scott\AppData\Local\Apple Computer
2011-05-08 00:52:40 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-05-08 00:52:40 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-05-08 00:52:40 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-05-08 00:52:16 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-05-08 00:52:16 -------- d-----w- C:\Program Files\iTunes
2011-05-08 00:52:16 -------- d-----w- C:\Program Files\iPod
2011-05-08 00:52:16 -------- d-----w- C:\Program Files (x86)\iTunes
2011-05-08 00:49:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-05-08 00:49:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-05-08 00:49:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-05-08 00:48:33 -------- d-----w- C:\Users\Scott\AppData\Local\Apple
2011-05-08 00:47:47 -------- d-----w- C:\Program Files\Bonjour
2011-05-08 00:47:47 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M ====================
.
2011-04-14 21:01:38 9984 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-04-14 21:01:38 94992 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-04-14 21:01:38 75160 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-04-14 21:01:38 63056 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-04-14 21:01:38 530304 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-04-14 21:01:38 441840 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-04-14 21:01:38 283744 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-04-14 21:01:38 190520 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-04-14 21:01:38 121376 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-15 02:42:56 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-15 02:42:56 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:35:31.13 ===============

Attached Files



#6 planetscott

planetscott
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 June 2011 - 12:49 AM

Casey,

Since I have 64 bit, I did not run GMER. Let me know if I am supposed to...

#7 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 03 June 2011 - 05:37 AM

Hi there,

:step1: Could you please post me the MBAM log?

:step2: Please try running the latest version of Unhide.exe. Warning: do not run any system optimization tools (i.e. CCCleaner) which may empty your TEMP directories.

:step3: We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Don't worry about GMER or RKU - they don't work on 64bit systems.

Casey

Edited by Casey_boy, 03 June 2011 - 05:38 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#8 planetscott

planetscott
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 June 2011 - 09:23 AM

Casey,

I did the following:

1. ran malwarebytes, MBAM log posted below
2. ran the latest version of Unhide.exe (twice, the second time after turning off mcafee firewall and scan); still cannot see programs in start menu
3. ran OTL, changed file age date range to 60 days, log posted below

thanks and let me know next steps,
Scott

----------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6763

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

6/3/2011 6:55:48 AM
mbam-log-2011-06-03 (06-55-48).txt

Scan type: Quick scan
Objects scanned: 164588
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------

OTL logfile created on: 6/3/2011 7:18:00 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.70% Memory free
15.87 Gb Paging File | 12.72 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 270.94 Gb Free Space | 60.46% Space Free | Partition Type: NTFS

Computer Name: METEORSCOTT2010 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2011/06/03 06:55:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
PRC - [2010/10/19 22:04:34 | 000,223,184 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10g_ActiveX.exe
PRC - [2010/10/16 17:51:41 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/03/25 10:33:56 | 001,479,904 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
PRC - [2010/03/24 09:21:04 | 000,069,896 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2010/03/24 09:21:04 | 000,013,064 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 14:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/10/15 01:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/17 19:09:54 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/22 06:52:12 | 002,384,896 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/05 14:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/06/24 14:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (SafeList) ==========

MOD - [2011/06/03 06:55:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
MOD - [2010/11/20 05:21:38 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wpdshext.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/11/20 04:55:08 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/01/20 13:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/17 22:45:40 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/02 10:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/21 13:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/09/21 13:03:06 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2009/09/21 13:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/09/15 19:59:44 | 000,907,264 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/09/15 19:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/08/17 19:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2010/08/20 13:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/03 20:49:06 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/08/03 20:48:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/08/03 20:47:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010/08/03 20:29:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/25 10:33:54 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/24 09:21:04 | 000,013,064 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/30 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/07/05 14:12:26 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/06/23 14:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/01/20 13:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/17 23:21:20 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/02 10:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/29 18:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/15 06:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/15 06:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/09/15 06:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/09/14 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/08/23 20:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/20 09:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/23 23:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 10:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 01:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/04 04:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/01 17:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 03:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/30 21:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 21:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 21:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/25 02:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 01:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 01:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/15 11:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 00:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/05/15 15:11:15 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1690202180-187062719-277128078-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1690202180-187062719-277128078-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1690202180-187062719-277128078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1690202180-187062719-277128078-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/31 01:03:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110515223530.dll (McAfee, Inc.)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110515223530.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1690202180-187062719-277128078-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1690202180-187062719-277128078-1001\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1690202180-187062719-277128078-1001..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1690202180-187062719-277128078-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10g_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1690202180-187062719-277128078-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1690202180-187062719-277128078-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} http://pephoto.lifepics.com/net/Uploader/LPUploader57.cab (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 60 Days ==========

[2011/06/03 06:55:12 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2011/05/31 08:00:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/05/25 13:05:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/25 12:34:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/25 12:27:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/25 12:27:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/25 12:27:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/25 12:27:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/25 12:26:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/25 12:26:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/25 12:26:41 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/25 09:22:54 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/05/21 15:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\New folder (2)
[2011/05/21 15:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\New folder
[2011/05/19 13:53:52 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/05/19 13:53:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/05/14 20:28:40 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Malwarebytes
[2011/05/14 20:28:22 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/14 20:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/14 20:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/14 20:28:19 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/14 20:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/14 18:02:40 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Creative
[2011/05/14 18:00:45 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
[2011/05/10 23:41:10 | 005,562,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/05/10 23:41:10 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/05/10 23:41:10 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/05/10 23:41:05 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/05/10 23:41:05 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/05/08 17:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011/05/08 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\TechSmith
[2011/05/08 17:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011/05/08 17:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnagIt 8
[2011/05/07 17:53:22 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Apple Computer
[2011/05/07 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Apple Computer
[2011/05/07 17:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/05/07 17:52:40 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/05/07 17:52:40 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/05/07 17:52:40 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/05/07 17:52:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/05/07 17:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/07 17:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/05/07 17:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/07 17:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/05/07 17:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/07 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/07 17:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/07 17:48:33 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Apple
[2011/05/07 17:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/07 17:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/05/07 17:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/07 17:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/07 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/07 17:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/04/30 21:37:11 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/26 20:55:13 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/26 20:55:13 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/26 20:55:10 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/26 20:55:10 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/26 20:54:48 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/26 20:54:47 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/26 20:54:47 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/26 20:54:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/26 20:54:47 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/26 20:54:46 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/26 20:54:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/26 20:54:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/26 20:54:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/21 17:02:54 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/21 17:02:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/21 17:02:51 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/21 17:02:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/21 17:02:51 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/21 17:02:44 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/21 17:02:44 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/21 17:02:44 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/21 17:02:44 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/21 17:02:34 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/21 17:02:34 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/21 17:02:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/21 17:02:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/21 17:02:15 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/21 17:02:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/21 17:02:00 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/21 17:01:59 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/21 17:01:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/21 17:01:51 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/21 17:01:51 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/21 17:01:51 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/21 17:01:51 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/21 17:01:51 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/21 17:01:51 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/21 17:01:51 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/21 17:01:27 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/07 16:45:00 | 000,000,000 | ---D | C] -- C:\Users\Scott\Desktop\New folder
[2011/04/07 16:42:47 | 000,000,000 | R--D | C] -- C:\Users\Scott\Documents\Scanned Documents
[2011/04/07 16:42:47 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Fax
[2011/04/06 20:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2011/04/06 20:16:02 | 000,000,000 | ---D | C] -- C:\Windows\[SystemFolder]
[2011/04/06 20:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2011/04/06 16:26:58 | 000,237,856 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll

========== Files - Modified Within 60 Days ==========

[2011/06/03 06:55:26 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.exe
[2011/06/03 06:55:02 | 000,606,105 | ---- | M] () -- C:\Users\Scott\Desktop\unhide.exe
[2011/06/03 06:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/01 19:21:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/01 19:21:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/25 20:28:29 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/25 20:28:29 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/25 20:28:29 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/25 20:22:55 | 2094,424,063 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/15 15:11:15 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/05/15 14:59:23 | 000,000,000 | ---- | M] () -- C:\Users\Scott\defogger_reenable
[2011/05/14 19:50:01 | 000,000,040 | ---- | M] () -- C:\ProgramData\~40296184
[2011/04/24 03:26:24 | 004,973,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/04/22 15:15:29 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/04/14 22:22:49 | 447,255,128 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2011/04/14 14:01:38 | 000,009,984 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2011/04/09 00:02:55 | 005,562,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/04/08 23:58:56 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/04/08 23:02:25 | 003,967,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/04/08 23:02:25 | 003,912,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/04/08 22:56:38 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/04/06 16:26:58 | 000,237,856 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011/04/06 16:26:58 | 000,119,584 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011/04/06 16:26:58 | 000,096,544 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011/04/06 16:26:58 | 000,069,408 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll

========== Files Created - No Company Name ==========

[2011/06/03 06:54:57 | 000,606,105 | ---- | C] () -- C:\Users\Scott\Desktop\unhide.exe
[2011/05/25 12:27:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/25 12:27:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/25 12:27:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/25 12:27:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/25 12:27:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/21 15:52:17 | 000,002,101 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/05/21 15:52:17 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/05/21 15:52:14 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/21 15:52:14 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/05/21 15:52:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/05/21 15:52:14 | 000,002,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk
[2011/05/21 15:52:14 | 000,002,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3 64-bit.lnk
[2011/05/21 15:52:14 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2011/05/21 15:52:14 | 000,001,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk
[2011/05/21 15:52:14 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/05/21 15:52:14 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/05/21 15:52:14 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/05/21 15:52:14 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/05/21 15:52:14 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/05/21 15:52:14 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/05/21 15:52:14 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/05/21 15:52:14 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/05/21 15:52:14 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/05/21 15:52:14 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/05/21 15:52:14 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/05/21 15:52:14 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/05/15 14:59:23 | 000,000,000 | ---- | C] () -- C:\Users\Scott\defogger_reenable
[2011/05/15 14:14:13 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/05/14 19:50:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\~40296184
[2011/01/31 00:59:12 | 000,165,027 | ---- | C] () -- C:\Windows\hpoins13.dat
[2011/01/31 00:59:12 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2011/01/03 21:57:03 | 000,001,456 | ---- | C] () -- C:\Users\Scott\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/12/19 12:16:40 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/19 23:19:23 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 22:08:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/03 20:49:31 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010/08/03 20:49:31 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010/08/03 20:49:31 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010/08/03 20:49:16 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/03 20:49:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/08/03 20:45:38 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/05 16:23:28 | 000,060,416 | ---- | C] () -- C:\Windows\Memeo.ShellExtension.WicIO.dll

< End of report >
--------------------------------------------------------------------------
OTL Extras logfile created on: 6/3/2011 7:18:01 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Scott\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.70% Memory free
15.87 Gb Paging File | 12.72 Gb Available in Paging File | 80.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.14 Gb Total Space | 270.94 Gb Free Space | 60.46% Space Free | Partition Type: NTFS

Computer Name: METEORSCOTT2010 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{14BC5667-22B0-4DC4-8205-597053BBDDC9}" = HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AE124EE9-EF32-69C5-60F9-FFA0FFF7F9B1}" = ccc-utility64
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software
"{CFFF260C-F510-45BB-8F8E-1D4AC1232786}" = Adobe Photoshop Lightroom 3.3 64-bit
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}" = C4200
"{1DC7DFF9-2180-0E7E-DB49-817280EE4E93}" = Catalyst Control Center Graphics Light
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27B94460-B1A6-BE42-D92A-4FCDCF4A719F}" = CCC Help German
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{47BC5D36-B837-B2A8-FB46-F6EC602A7F9C}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B8C6616-F310-60D3-71FD-057C16DB3E8A}" = CCC Help Finnish
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = CLEAR™ WiMAX Tutorial
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}" = PS_AIO_Software_min
"{5FEF1894-CF67-B16C-11B6-5818358B3FC9}" = CCC Help Russian
"{60E9E76A-FB31-67CB-8071-A1D38A499A86}" = CCC Help French
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6869DEA9-8FA6-E3E0-05B6-8187FEB71D52}" = Skins
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6ED86F6F-7130-48F5-2AF7-5D693098057F}" = CCC Help Norwegian
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B9F49A2-6791-761F-6077-22977B0FD03D}" = CCC Help Dutch
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A697D62C-643B-5315-204B-D43055A86649}" = CCC Help Swedish
"{A6B483B0-E8E8-0EE1-D678-FEEBDF27FE15}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9316AC7-CAB2-C29B-F8B6-6239817B1B45}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AFF254B3-ABBC-15E7-200E-FABF74314C13}" = ccc-core-static
"{B27E389B-AE9B-BEB6-8FCF-BA293F884C70}" = CCC Help Japanese
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5AB153E-59F3-AB56-F8A7-43E531368327}" = Catalyst Control Center Graphics Full New
"{BA214394-CDD8-BB3C-3FCC-8294C9A02ACA}" = CCC Help Chinese Traditional
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF8DC895-9CC3-E284-6ADF-67077E3FBCA2}" = CCC Help Danish
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C89AF1D9-A501-4AA5-9E44-9753D0F92345}" = Kidizoom Plus™
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0016802-8E49-0DED-0B9C-F8946945998F}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DC068C99-4AF6-C4B4-178F-790CC62B93ED}" = Catalyst Control Center Graphics Previews Vista
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD786529-8C5E-4C64-9FA6-D47FBF17C392}" = Catalyst Control Center InstallProxy
"{DDBBE693-E9E5-A743-4C11-D693F94A80D7}" = Catalyst Control Center Core Implementation
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6BCD20-50DC-4DE6-4798-948DF8CAC38A}" = CCC Help Korean
"{DF8F8A4A-C9EB-79EC-7597-166D3042EAA8}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19F161D-7FD0-FECB-41B1-A036862C3E47}" = CCC Help English
"{E393AA7A-33AE-1F62-0C33-D107BB03E74E}" = CCC Help Portuguese
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}" = c4200_Help
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7BEE99-4C13-DF3E-142B-5E4BA8D10CEC}" = CCC Help Italian
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AI RoboForm" = AI RoboForm (All Users)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"MSC" = McAfee Security Center
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2011 9:31:53 PM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/25/2011 8:51:39 PM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/25/2011 8:52:11 PM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 4/29/2011 6:01:15 AM | Computer Name = MeteorScott2010 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3132 (0xc3c) Thread address : 0x000000007779164A Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Users\Scott\AppData\Local\Microsoft\Media
Player\Cache260757262\CacheEntry9AC3BDA05009E4AC1DF70736C19476CEA68FA86B by C:\Program
Files (x86)\Windows Media Player\wmplayer.exe 7011(6838756)(0) 93(6838756)(0) 5(6838756)(0)

4(6838475)(0) 4(6838475)(0) 7200(6838475)(0) 7595(6838475)(0) 7005(0)(0)

Error - 4/29/2011 6:01:15 AM | Computer Name = MeteorScott2010 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3532 (0xdcc) Thread address : 0x000000007779164A Thread message : Build VSCORE.14.2.0.794
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Users\Scott\AppData\Local\Microsoft\Media
Player\Cache260757262\CacheEntry8CB4F1F69654D7E4457D35714C04FE0E5D74F711 by C:\Program
Files (x86)\Windows Media Player\wmplayer.exe 7011(6838771)(0) 93(6838771)(0) 5(6838771)(0)

4(6838475)(0) 4(6838475)(0) 7200(6838475)(0) 7595(6838475)(0) 7005(0)(0)

Error - 4/29/2011 6:51:36 AM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 4/29/2011 6:52:13 AM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/1/2011 10:13:26 PM | Computer Name = MeteorScott2010 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1ba4 Start
Time: 01cc079004002a87 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 5/1/2011 10:34:46 PM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/1/2011 10:35:11 PM | Computer Name = MeteorScott2010 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Dell Events ]
Error - 12/12/2010 1:00:06 AM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/12/2010 1:00:06 AM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2010 3:11:18 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2010 3:11:18 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2010 9:38:13 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/19/2010 9:38:13 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/11/2011 11:52:25 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/11/2011 11:52:25 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/6/2011 11:12:13 PM | Computer Name = MeteorScott2010 | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 5/17/2011 4:25:13 AM | Computer Name = MeteorScott2010 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 5/19/2011 5:35:37 PM | Computer Name = MeteorScott2010 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 5:35:37 PM | Computer Name = MeteorScott2010 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 5:35:38 PM | Computer Name = MeteorScott2010 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 5:35:38 PM | Computer Name = MeteorScott2010 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 5:35:39 PM | Computer Name = MeteorScott2010 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/19/2011 7:40:04 PM | Computer Name = MeteorScott2010 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 5/20/2011 1:30:01 AM | Computer Name = MeteorScott2010 | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 5/21/2011 5:03:56 PM | Computer Name = MeteorScott2010 | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/21/2011 5:03:56 PM | Computer Name = MeteorScott2010 | Source = VDS Basic Provider | ID = 33554433
Description =


< End of report >

#9 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 03 June 2011 - 01:22 PM

Hi,

Have you tried running ComboFix on this machine recently? If so, please post me the log at C:\ComboFix.txt.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
    [2011/05/14 19:50:01 | 000,000,040 | ---- | C] () -- C:\ProgramData\~40296184
    [2011/05/21 15:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\New folder (2)
    [2011/05/21 15:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\New folder
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1690202180-187062719-277128078-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
%Temp%\smtmp /s
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#10 planetscott

planetscott
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 03 June 2011 - 10:25 PM

Casey,

Sorry, I am not sure where you want me to post the combofix log? I did run that about a week ago. If I don;t have that log, do you want me to run it again?

Below are the OTL and SystemLook logs:

========== OTL ==========
C:\ProgramData\~40296184 moved successfully.
C:\ProgramData\New folder (2) folder moved successfully.
C:\ProgramData\New folder folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1690202180-187062719-277128078-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_201814

-------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff
Log created at 20:23 on 03/06/2011 by Scott
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Users\Scott\AppData\Local\Temp\smtmp - Unable to find folder.

-= EOF =-

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 04 June 2011 - 03:41 AM

Sorry, I am not sure where you want me to post the combofix log? I did run that about a week ago. If I don;t have that log, do you want me to run it again?


No, don't worry.

Your OTL log looks good, but unfortunately the SystemLook log doesn't. The initial infection you had moves all of your start menu items to a folder in your Windows temporary directory (i.e. C:\Users\Scott\AppData\Local\Temp\smtmp). It appears that the smtmp folder no longer exists - this is normally the result of using a temporary file cleaner - or sometimes even combofix (which is why the log would have been handy).

So, let's just check some other places it could be. Otherwise it means a bit of work for you to restore everything.

SystemLook

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:dir
%Temp%\ /s
%SystemDrive%\Qoobox /s
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Casey

Edited by Casey_boy, 04 June 2011 - 03:43 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 planetscott

planetscott
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 04 June 2011 - 08:34 AM

---------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff
Log created at 06:31 on 04/06/2011 by Scott
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Users\Scott\AppData\Local\Temp - Parameters: "/s"

---Files---
AdobeARM.log --a---- 31926 bytes [01:31 24/01/2011] [03:24 26/05/2011]
amt3.log --a---- 26089 bytes [00:48 27/05/2011] [00:48 27/05/2011]
ArmUI.ini --a---- 148526 bytes [20:05 25/05/2011] [03:23 26/05/2011]
Attach.txt --a---- 5896 bytes [05:35 03/06/2011] [05:35 03/06/2011]
B647.tmp --a---- 268240 bytes [03:50 04/06/2011] [03:50 04/06/2011]
CVR315E.tmp.cvr --a---- 0 bytes [22:04 25/05/2011] [22:04 25/05/2011]
CVR4182.tmp.cvr --a---- 0 bytes [03:26 26/05/2011] [03:26 26/05/2011]
CVR4D75.tmp.cvr --a---- 0 bytes [22:03 25/05/2011] [22:03 25/05/2011]
DDS.txt --a---- 34409 bytes [05:35 03/06/2011] [05:35 03/06/2011]
ExchangePerflog_8484fa3120edb80bcfcccd43.dat --a---- 2800 bytes [22:03 25/05/2011] [00:38 27/05/2011]
FXSAPIDebugLogFile.txt --a---- 0 bytes [07:02 16/10/2010] [07:02 16/10/2010]
hpqddusr.log --a---- 636 bytes [20:06 25/05/2011] [03:24 26/05/2011]
HPWUCl000.log --a---- 2202 bytes [05:47 27/05/2011] [05:47 27/05/2011]
HPWUCl001.log --a---- 2202 bytes [10:00 03/06/2011] [10:00 03/06/2011]
jusched.log --a---- 302 bytes [20:12 25/05/2011] [03:32 26/05/2011]
log.txt --a---- 24941 bytes [19:40 25/05/2011] [19:40 25/05/2011]
MAR5BB6.tmp --a---- 1313 bytes [03:24 26/05/2011] [03:24 26/05/2011]
MAR5D8B.tmp --a---- 1285 bytes [03:24 26/05/2011] [03:24 26/05/2011]
MAR5ED1.tmp --a---- 1313 bytes [20:06 25/05/2011] [20:06 25/05/2011]
MAR5FAD.tmp --a---- 1285 bytes [20:06 25/05/2011] [20:06 25/05/2011]
PDApp.log --a---- 24076 bytes [05:38 03/06/2011] [13:29 04/06/2011]
RedboxLog.txt --a---- 5486 bytes [20:06 25/05/2011] [03:24 26/05/2011]
StructuredQuery.log --a---- 429 bytes [05:30 26/05/2011] [05:30 26/05/2011]
swtag.log --a---- 1129 bytes [00:48 27/05/2011] [00:48 27/05/2011]
~DF05FCCDE9DEA894D3.TMP --a---- 512 bytes [03:34 26/05/2011] [03:34 26/05/2011]
~DF06BEF7C50DD5B023.TMP --a---- 16384 bytes [03:19 02/06/2011] [04:59 04/06/2011]
~DF0F05476A75EECB6F.TMP --a---- 16384 bytes [03:35 04/06/2011] [03:44 04/06/2011]
~DF421DA53061183E7C.TMP --a---- 16384 bytes [03:34 26/05/2011] [03:34 26/05/2011]
~DF5CDE25A7A5050C2D.TMP --a---- 16384 bytes [02:17 02/06/2011] [04:51 04/06/2011]
~DF6A33B918E1E66746.TMP --a---- 512 bytes [03:34 26/05/2011] [03:34 26/05/2011]
~DF7DF0EB9A8A8F445D.TMP --a---- 16384 bytes [03:34 26/05/2011] [03:34 26/05/2011]
~DF9A93D5224027FBBF.TMP --a---- 32768 bytes [03:34 26/05/2011] [03:34 26/05/2011]
~DF9ED0A65859B74F86.TMP --a---- 147456 bytes [13:51 03/06/2011] [13:51 03/06/2011]
~DFA7F688BD4FDD8775.TMP --a---- 147456 bytes [13:51 03/06/2011] [13:51 03/06/2011]
~DFF367BFF5B2BA11BC.TMP --a---- 81920 bytes [13:51 03/06/2011] [13:51 03/06/2011]

C:\Users\Scott\AppData\Local\Temp\Low d------ [20:10 25/05/2011]

C:\Users\Scott\AppData\Local\Temp\msohtmlclip d------ [03:18 26/05/2011]

C:\Users\Scott\AppData\Local\Temp\msohtmlclip1 d------ [03:18 26/05/2011]

C:\Users\Scott\AppData\Local\Temp\msohtmlclip1\01 d------ [03:18 26/05/2011]
clip_colorschememapping.xml --a---- 314 bytes [03:18 26/05/2011] [03:18 26/05/2011]
clip_themedata.thmx --a---- 3104 bytes [03:18 26/05/2011] [03:18 26/05/2011]

C:\Users\Scott\AppData\Local\Temp\nsr8902.tmp d------ [15:04 31/05/2011]
nsProcess.dll --a---- 4096 bytes [15:04 31/05/2011] [15:04 31/05/2011]

C:\Users\Scott\AppData\Local\Temp\Sonic.tmp d------ [20:05 25/05/2011]

C:\Users\Scott\AppData\Local\Temp\Sonic1.tmp d------ [03:23 26/05/2011]

C:\Users\Scott\AppData\Local\Temp\WPDNSE d------ [03:23 26/05/2011]

C:\Qoobox - Parameters: "/s"

---Files---
Add-Remove Programs.txt --a---- 4624 bytes [19:33 25/05/2011] [19:33 25/05/2011]
ComboFix-quarantined-files.txt --a---- 41802 bytes [19:34 25/05/2011] [19:34 25/05/2011]
SnapShot@2011-05-25_19.33.02.dat --a---- 1230457 bytes [19:33 25/05/2011] [19:33 25/05/2011]

C:\Qoobox\BackEnv d------ [19:27 25/05/2011]

C:\Qoobox\Quarantine d------ [19:26 25/05/2011]
catchme.log --a---- 51 bytes [19:27 25/05/2011] [19:27 25/05/2011]

C:\Qoobox\Quarantine\C d------ [19:28 25/05/2011]

C:\Qoobox\Quarantine\C\Users d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1 d------ [19:30 25/05/2011]
Default Programs.lnk --a---- 1282 bytes [19:30 25/05/2011] [05:01 14/07/2009]
desktop.ini --ahs-- 442 bytes [19:30 25/05/2011] [05:01 14/07/2009]
HP Solution Center.lnk --a---- 1323 bytes [19:30 25/05/2011] [08:02 31/01/2011]
PokerStars.lnk --a---- 1069 bytes [19:30 25/05/2011] [05:22 29/12/2010]
PokerStars.net.lnk --a---- 1101 bytes [19:30 25/05/2011] [07:15 17/10/2010]
Windows Update.lnk --a---- 1266 bytes [19:30 25/05/2011] [04:49 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs d------ [19:30 25/05/2011]
Adobe Help.lnk --a---- 999 bytes [19:30 25/05/2011] [04:51 20/10/2010]
Adobe Photoshop Lightroom 3.3 64-bit.lnk --a---- 2077 bytes [19:30 25/05/2011] [06:02 27/12/2010]
Adobe Reader X.lnk --a---- 2441 bytes [19:30 25/05/2011] [01:29 24/01/2011]
Apple Software Update.lnk --a---- 2519 bytes [19:30 25/05/2011] [00:48 08/05/2011]
Cozi Family Calendar.lnk --a---- 1860 bytes [19:30 25/05/2011] [03:36 04/08/2010]
Dell Help Documentation.lnk --a---- 1975 bytes [19:30 25/05/2011] [06:58 16/10/2010]
desktop.ini --ahs-- 1748 bytes [19:30 25/05/2011] [10:02 03/04/2011]
I.R.I.S. OCR Registration.lnk --a---- 1054 bytes [19:30 25/05/2011] [08:03 31/01/2011]
Media Center.lnk --a---- 1345 bytes [19:30 25/05/2011] [05:11 04/08/2010]
PowerDVD DX.lnk --a---- 2080 bytes [19:30 25/05/2011] [03:37 04/08/2010]
Sidebar.lnk --a---- 1330 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Windows Anytime Upgrade.lnk --a---- 1352 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Windows DVD Maker.lnk --a---- 1326 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Windows Fax and Scan.lnk --a---- 1210 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Windows Live Mail.lnk --a---- 1460 bytes [19:30 25/05/2011] [10:01 03/04/2011]
Windows Live Messenger.lnk --a---- 2488 bytes [19:30 25/05/2011] [10:01 03/04/2011]
Windows Live Movie Maker.lnk --a---- 1307 bytes [19:30 25/05/2011] [10:01 03/04/2011]
Windows Live Photo Gallery.lnk --a---- 1376 bytes [19:30 25/05/2011] [10:02 03/04/2011]
Windows Media Player.lnk --a---- 1547 bytes [19:30 25/05/2011] [05:09 14/07/2009]
XPS Viewer.lnk --a---- 1246 bytes [19:30 25/05/2011] [04:57 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [19:30 25/05/2011]
Calculator.lnk --a---- 1230 bytes [19:30 25/05/2011] [04:55 14/07/2009]
Desktop.ini --ahs-- 1876 bytes [19:30 25/05/2011] [03:20 04/08/2010]
displayswitch.lnk --a---- 1266 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Math Input Panel.lnk --a---- 1364 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Mobility Center.lnk --a---- 1238 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Paint.lnk --a---- 1242 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Remote Desktop Connection.lnk --a---- 1367 bytes [19:30 25/05/2011] [04:53 14/07/2009]
Snipping Tool.lnk --a---- 1272 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Sound Recorder.lnk --a---- 1330 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Sticky Notes.lnk --a---- 1351 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Sync Center.lnk --a---- 1254 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Welcome Center.lnk --a---- 1579 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Wordpad.lnk --a---- 1322 bytes [19:30 25/05/2011] [04:54 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [19:30 25/05/2011]
Desktop.ini --ahs-- 370 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Speech Recognition.lnk --a---- 1388 bytes [19:30 25/05/2011] [04:57 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [19:30 25/05/2011]
Character Map.lnk --a---- 1248 bytes [19:30 25/05/2011] [04:55 14/07/2009]
Desktop.ini --ahs-- 1338 bytes [19:30 25/05/2011] [04:57 14/07/2009]
dfrgui.lnk --a---- 1290 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Disk Cleanup.lnk --a---- 1252 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Resource Monitor.lnk --a---- 1242 bytes [19:30 25/05/2011] [04:53 14/07/2009]
System Information.lnk --a---- 1250 bytes [19:30 25/05/2011] [04:53 14/07/2009]
System Restore.lnk --a---- 1246 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Task Scheduler.lnk --a---- 1268 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Windows Easy Transfer Reports.lnk --a---- 1320 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Windows Easy Transfer.lnk --a---- 1316 bytes [19:30 25/05/2011] [04:57 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC d------ [19:30 25/05/2011]
Desktop.ini --ahs-- 343 bytes [19:30 25/05/2011] [05:11 04/08/2010]
ShapeCollector.lnk --a---- 1436 bytes [19:30 25/05/2011] [05:11 04/08/2010]
TabTip.lnk --a---- 1386 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Windows Journal.lnk --a---- 1316 bytes [19:30 25/05/2011] [05:11 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell d------ [19:30 25/05/2011]
desktop.ini --ahs-- 216 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Windows PowerShell (x86).lnk --a---- 1989 bytes [19:30 25/05/2011] [05:32 14/07/2009]
Windows PowerShell ISE (x86).lnk --a---- 1468 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Windows PowerShell ISE.lnk --a---- 1468 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Windows PowerShell.lnk --a---- 1899 bytes [19:30 25/05/2011] [05:32 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [19:30 25/05/2011]
Component Services.lnk --a---- 1242 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Computer Management.lnk --a---- 1294 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Data Sources (ODBC).lnk --a---- 1270 bytes [19:30 25/05/2011] [04:53 14/07/2009]
desktop.ini --ahs-- 1674 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Event Viewer.lnk --a---- 1298 bytes [19:30 25/05/2011] [04:54 14/07/2009]
iSCSI Initiator.lnk --a---- 1274 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Memory Diagnostics Tool.lnk --a---- 1268 bytes [19:30 25/05/2011] [04:53 14/07/2009]
Performance Monitor.lnk --a---- 1232 bytes [19:30 25/05/2011] [04:53 14/07/2009]
services.lnk --a---- 1288 bytes [19:30 25/05/2011] [04:54 14/07/2009]
System Configuration.lnk --a---- 1246 bytes [19:30 25/05/2011] [04:53 14/07/2009]
Task Scheduler.lnk --a---- 1262 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Windows Firewall with Advanced Security.lnk --a---- 1274 bytes [19:30 25/05/2011] [04:53 14/07/2009]
Windows PowerShell Modules.lnk --a---- 2741 bytes [19:30 25/05/2011] [05:32 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Adobe d------ [19:30 25/05/2011]
Adobe Media Player.lnk --a---- 991 bytes [19:30 25/05/2011] [04:53 20/10/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Adobe Creative Suite 5 Production Premium d------ [19:30 25/05/2011]
Adobe After Effects CS5.lnk --a---- 1202 bytes [19:30 25/05/2011] [05:28 20/10/2010]
Adobe Bridge CS5.lnk --a---- 1177 bytes [19:30 25/05/2011] [05:24 20/10/2010]
Adobe Device Central CS5.lnk --a---- 1270 bytes [19:30 25/05/2011] [05:24 20/10/2010]
Adobe Encore CS5.lnk --a---- 1209 bytes [19:30 25/05/2011] [05:01 20/10/2010]
Adobe ExtendScript Toolkit CS5.lnk --a---- 1527 bytes [19:30 25/05/2011] [05:21 20/10/2010]
Adobe Extension Manager CS5.lnk --a---- 1361 bytes [19:30 25/05/2011] [05:22 20/10/2010]
Adobe Flash Catalyst CS5.lnk --a---- 1305 bytes [19:30 25/05/2011] [05:00 20/10/2010]
Adobe Flash Professional CS5.lnk --a---- 1163 bytes [19:30 25/05/2011] [05:04 20/10/2010]
Adobe Illustrator CS5.lnk --a---- 1658 bytes [19:30 25/05/2011] [05:01 20/10/2010]
Adobe Media Encoder CS5.lnk --a---- 1098 bytes [19:30 25/05/2011] [05:22 20/10/2010]
Adobe OnLocation CS5.lnk --a---- 1257 bytes [19:30 25/05/2011] [04:57 20/10/2010]
Adobe Photoshop CS5 (64 Bit).lnk --a---- 1083 bytes [19:30 25/05/2011] [05:27 20/10/2010]
Adobe Photoshop CS5.lnk --a---- 1215 bytes [19:30 25/05/2011] [05:03 20/10/2010]
Adobe Pixel Bender Toolkit 2.lnk --a---- 1513 bytes [19:30 25/05/2011] [05:23 20/10/2010]
Adobe Premiere Pro CS5.lnk --a---- 1086 bytes [19:30 25/05/2011] [05:29 20/10/2010]
Adobe Soundbooth CS5.lnk --a---- 1277 bytes [19:30 25/05/2011] [04:57 20/10/2010]
Mocha for After Effects CS5.lnk --a---- 1269 bytes [19:30 25/05/2011] [05:26 20/10/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\AI RoboForm d------ [19:30 25/05/2011]
Buy RoboForm Pro.url --a---- 126 bytes [19:30 25/05/2011] [00:52 17/10/2010]
Edit Identities.lnk --a---- 2136 bytes [19:30 25/05/2011] [00:52 17/10/2010]
Edit Passcards.lnk --a---- 2131 bytes [19:30 25/05/2011] [00:52 17/10/2010]
Edit Safenotes.lnk --a---- 2131 bytes [19:30 25/05/2011] [00:52 17/10/2010]
Generate Passwords.lnk --a---- 2171 bytes [19:30 25/05/2011] [00:52 17/10/2010]
New Version Check.lnk --a---- 2167 bytes [19:30 25/05/2011] [00:52 17/10/2010]
Search Files.lnk --a---- 2142 bytes [19:30 25/05/2011] [00:52 17/10/2010]
TaskBar Icon.lnk --a---- 2161 bytes [19:30 25/05/2011] [00:52 17/10/2010]
Uninstall.lnk --a---- 1219 bytes [19:30 25/05/2011] [00:52 17/10/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Catalyst Control Center d------ [19:30 25/05/2011]
CCC - Advanced.lnk --a---- 2094 bytes [19:30 25/05/2011] [03:27 04/08/2010]
CCC - Wizard.lnk --a---- 2088 bytes [19:30 25/05/2011] [03:27 04/08/2010]
CCC.lnk --a---- 2082 bytes [19:30 25/05/2011] [03:27 04/08/2010]
Help.lnk --a---- 2096 bytes [19:30 25/05/2011] [03:27 04/08/2010]
Restart Runtime.lnk --a---- 2078 bytes [19:30 25/05/2011] [03:27 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Creative d------ [19:30 25/05/2011]
Creative Software AutoUpdate.lnk --a---- 2312 bytes [19:30 25/05/2011] [03:49 04/08/2010]
Get Bonus Software.lnk --a---- 2312 bytes [19:30 25/05/2011] [03:49 04/08/2010]
Readme.lnk --a---- 2052 bytes [19:30 25/05/2011] [03:49 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Creative\ALchemy d------ [19:30 25/05/2011]
Creative ALchemy.lnk --a---- 2036 bytes [19:30 25/05/2011] [03:49 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Creative\Sound Blaster X-Fi MB d------ [19:30 25/05/2011]
Creative Audio Control Panel.lnk --a---- 2203 bytes [19:30 25/05/2011] [03:48 04/08/2010]
Creative Console Launcher.lnk --a---- 2295 bytes [19:30 25/05/2011] [03:48 04/08/2010]
Volume Panel.lnk --a---- 2259 bytes [19:30 25/05/2011] [03:49 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell d------ [19:30 25/05/2011]
Dell Dock.lnk --a---- 1012 bytes [19:30 25/05/2011] [03:55 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Software & Utilities d------ [19:30 25/05/2011]
Dell Getting Started Guide.lnk --a---- 1137 bytes [19:30 25/05/2011] [04:01 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements d------ [19:30 25/05/2011]
Accidental_Damage_Services.pdf.lnk --a---- 2471 bytes [19:30 25/05/2011] [03:28 04/08/2010]
Banctec.pdf.lnk --a---- 2471 bytes [19:30 25/05/2011] [03:28 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe d------ [19:30 25/05/2011]
Dell DataSafe Local Backup.lnk --a---- 1858 bytes [19:30 25/05/2011] [03:34 04/08/2010]
Dell DataSafe Online.lnk --a---- 2091 bytes [19:30 25/05/2011] [03:31 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center d------ [19:30 25/05/2011]
desktop.ini --ahs-- 127 bytes [19:30 25/05/2011] [05:48 30/12/2010]
DSC.lnk --a---- 931 bytes [19:30 25/05/2011] [05:48 30/12/2010]
PC Checkup.lnk --a---- 979 bytes [19:30 25/05/2011] [05:48 30/12/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam d------ [19:30 25/05/2011]
Dell Webcam Central.lnk --a---- 2197 bytes [19:30 25/05/2011] [03:45 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Dell Webcam\Live! Cam Avatar Creator d------ [19:30 25/05/2011]
License Agreement.lnk --a---- 2218 bytes [19:30 25/05/2011] [03:45 04/08/2010]
Live! Cam Avatar Creator Help.lnk --a---- 2408 bytes [19:30 25/05/2011] [03:45 04/08/2010]
Live! Cam Avatar Creator.lnk --a---- 2394 bytes [19:30 25/05/2011] [03:45 04/08/2010]
Read Me.lnk --a---- 2211 bytes [19:30 25/05/2011] [03:45 04/08/2010]
Uninstall Live! Cam Avatar Creator.lnk --a---- 2631 bytes [19:30 25/05/2011] [03:45 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Games d------ [19:30 25/05/2011]
- Play Games -.lnk --a---- 2554 bytes [19:30 25/05/2011] [03:34 04/08/2010]
- More Casual Games -.lnk --a---- 2643 bytes [19:30 25/05/2011] [03:34 04/08/2010]
- More Enthusiast Games -.lnk --a---- 2643 bytes [19:30 25/05/2011] [03:34 04/08/2010]
- More Kids Games -.lnk --a---- 2643 bytes [19:30 25/05/2011] [03:34 04/08/2010]
- More MMO Games -.lnk --a---- 2643 bytes [19:30 25/05/2011] [03:34 04/08/2010]
Bejeweled 2 Deluxe.lnk --a---- 2472 bytes [19:30 25/05/2011] [03:34 04/08/2010]
Chess.lnk --a---- 352 bytes [19:30 25/05/2011] [05:11 04/08/2010]
desktop.ini --ahs-- 1056 bytes [19:30 25/05/2011] [03:34 04/08/2010]
FATE Undiscovered Realms.lnk --a---- 2472 bytes [19:30 25/05/2011] [03:34 04/08/2010]
FreeCell.lnk --a---- 364 bytes [19:30 25/05/2011] [04:55 14/07/2009]
GameExplorer.lnk --a---- 258 bytes [19:30 25/05/2011] [04:54 14/07/2009]
Hearts.lnk --a---- 356 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Internet Backgammon.lnk --a---- 474 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Internet Checkers.lnk --a---- 470 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Internet Spades.lnk --a---- 466 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Mahjong.lnk --a---- 360 bytes [19:30 25/05/2011] [05:11 04/08/2010]
Minesweeper.lnk --a---- 376 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Plants vs. Zombies.lnk --a---- 2492 bytes [19:30 25/05/2011] [03:34 04/08/2010]
Polar Bowler.lnk --a---- 2428 bytes [19:30 25/05/2011] [03:34 04/08/2010]
Purble Place.lnk --a---- 378 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Solitaire.lnk --a---- 368 bytes [19:30 25/05/2011] [04:55 14/07/2009]
Spider Solitaire.lnk --a---- 392 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Yahtzee.lnk --a---- 2416 bytes [19:30 25/05/2011] [03:34 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\GoodSync d------ [19:30 25/05/2011]
GoodSync.lnk --a---- 1892 bytes [19:30 25/05/2011] [00:57 17/10/2010]
Uninstall.lnk --a---- 1899 bytes [19:30 25/05/2011] [00:57 17/10/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\HP d------ [19:30 25/05/2011]
HP Solution Center.lnk --a---- 1335 bytes [19:30 25/05/2011] [08:02 31/01/2011]
HP Update.lnk --a---- 2111 bytes [19:30 25/05/2011] [08:03 31/01/2011]
Shop for HP Supplies.lnk --a---- 1057 bytes [19:30 25/05/2011] [08:02 31/01/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\HP\HP Photosmart Essential 3.5 d------ [19:30 25/05/2011]
HP Photosmart Essential 3.5.lnk --a---- 2191 bytes [19:30 25/05/2011] [08:04 31/01/2011]
Uninstall HP Photosmart Essential 3.5.lnk --a---- 2365 bytes [19:30 25/05/2011] [08:04 31/01/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\HP\HP Smart Web Printing d------ [19:30 25/05/2011]
HP Smart Web Printing Help.lnk --a---- 2423 bytes [19:30 25/05/2011] [08:03 31/01/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\HP\Photosmart C4200 series d------ [19:30 25/05/2011]
Add A Device.lnk --a---- 1289 bytes [19:30 25/05/2011] [08:01 31/01/2011]
Help.lnk --a---- 1175 bytes [19:30 25/05/2011] [08:01 31/01/2011]
Product Registration.lnk --a---- 1137 bytes [19:30 25/05/2011] [08:01 31/01/2011]
Product Support Website.lnk --a---- 1154 bytes [19:30 25/05/2011] [08:01 31/01/2011]
Readme.lnk --a---- 1231 bytes [19:30 25/05/2011] [08:01 31/01/2011]
Uninstall.lnk --a---- 1524 bytes [19:30 25/05/2011] [08:01 31/01/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Intel d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Intel\WiMAX d------ [19:30 25/05/2011]
CLEAR™ WiMAX.lnk --a---- 2108 bytes [19:30 25/05/2011] [03:26 04/08/2010]
Uninstall CLEAR™ WiMAX Tutorial.lnk --a---- 1964 bytes [19:30 25/05/2011] [03:26 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Intel PROSet Wireless d------ [19:30 25/05/2011]
desktop.ini --ahs-- 99 bytes [19:30 25/05/2011] [03:24 04/08/2010]
Intel My WiFi Technology.lnk --a---- 2110 bytes [19:30 25/05/2011] [03:23 04/08/2010]
WiFi Advanced Statistics.lnk --a---- 2418 bytes [19:30 25/05/2011] [03:23 04/08/2010]
WiFi Event Viewer.lnk --a---- 2442 bytes [19:30 25/05/2011] [03:23 04/08/2010]
WiFi Manual Diagnostics.lnk --a---- 2482 bytes [19:30 25/05/2011] [03:23 04/08/2010]
WiMAX Connection Utility.lnk --a---- 2205 bytes [19:30 25/05/2011] [03:24 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\iTunes d------ [19:30 25/05/2011]
About iTunes.lnk --a---- 2107 bytes [19:30 25/05/2011] [00:53 08/05/2011]
iTunes.lnk --a---- 1803 bytes [19:30 25/05/2011] [00:53 08/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [19:30 25/05/2011]
Backup and Restore Center.lnk --a---- 1304 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Create Recovery Disc.lnk --a---- 1248 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Desktop.ini --ahs-- 606 bytes [19:30 25/05/2011] [04:57 14/07/2009]
Remote Assistance.lnk --a---- 1212 bytes [19:30 25/05/2011] [04:57 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware d------ [19:30 25/05/2011]
Malwarebytes' Anti-Malware Help.lnk --a---- 1129 bytes [19:30 25/05/2011] [03:28 15/05/2011]
Malwarebytes' Anti-Malware.lnk --a---- 1129 bytes [19:30 25/05/2011] [03:28 15/05/2011]
Uninstall Malwarebytes' Anti-Malware.lnk --a---- 1153 bytes [19:30 25/05/2011] [03:28 15/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\McAfee d------ [19:30 25/05/2011]
McAfee Security Center.lnk --a---- 1848 bytes [19:30 25/05/2011] [14:20 14/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Media Center d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Media Center\Media Center Programs d------ [19:30 25/05/2011]
Sound Blaster.lnk --a---- 2303 bytes [19:30 25/05/2011] [03:49 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Memeo d------ [19:30 25/05/2011]
Memeo Backup Premium.lnk --a---- 1196 bytes [19:30 25/05/2011] [03:16 07/04/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office d------ [19:30 25/05/2011]
Microsoft Access 2010.lnk --a---- 2919 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Excel 2010.lnk --a---- 2951 bytes [19:30 25/05/2011] [11:01 19/12/2010]
Microsoft OneNote 2010.lnk --a---- 2879 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Outlook 2010.lnk --a---- 3029 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft PowerPoint 2010.lnk --a---- 2937 bytes [19:30 25/05/2011] [11:01 19/12/2010]
Microsoft Publisher 2010.lnk --a---- 3041 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Word 2010.lnk --a---- 3021 bytes [19:30 25/05/2011] [11:01 19/12/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools d------ [19:30 25/05/2011]
Digital Certificate for VBA Projects.lnk --a---- 2977 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Clip Organizer.lnk --a---- 2917 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Office 2010 Language Preferences.lnk --a---- 2751 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Office 2010 Upload Center.lnk --a---- 2837 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Microsoft Office Picture Manager.lnk --a---- 2875 bytes [19:30 25/05/2011] [06:43 20/10/2010]
Office Anytime Upgrade.lnk --a---- 2530 bytes [19:30 25/05/2011] [06:43 20/10/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight d------ [19:30 25/05/2011]
Microsoft Silverlight.lnk --a---- 2269 bytes [19:30 25/05/2011] [10:08 24/04/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\PokerStars d------ [19:30 25/05/2011]
Network Status.lnk --a---- 1029 bytes [19:30 25/05/2011] [05:22 29/12/2010]
PokerStars.lnk --a---- 1081 bytes [19:30 25/05/2011] [05:22 29/12/2010]
Uninstall PokerStars.lnk --a---- 1124 bytes [19:30 25/05/2011] [05:22 29/12/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\PokerStars.NET d------ [19:30 25/05/2011]
Network Status.lnk --a---- 1061 bytes [19:30 25/05/2011] [07:15 17/10/2010]
PokerStars.net.lnk --a---- 1113 bytes [19:30 25/05/2011] [07:15 17/10/2010]
Uninstall PokerStars.net.lnk --a---- 1164 bytes [19:30 25/05/2011] [07:15 17/10/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\QuickTime d------ [19:30 25/05/2011]
About QuickTime.lnk --a---- 2441 bytes [19:30 25/05/2011] [00:48 08/05/2011]
PictureViewer.lnk --a---- 2471 bytes [19:30 25/05/2011] [00:48 08/05/2011]
QuickTime Player.lnk --a---- 2441 bytes [19:30 25/05/2011] [00:48 08/05/2011]
Uninstall QuickTime.lnk --a---- 1818 bytes [19:30 25/05/2011] [00:48 08/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Roxio d------ [19:30 25/05/2011]
Roxio Burn.lnk --a---- 1027 bytes [19:30 25/05/2011] [03:51 04/08/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Skype d------ [19:30 25/05/2011]
Skype.lnk --a---- 2533 bytes [19:30 25/05/2011] [04:31 01/03/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\SnagIt 8 d------ [19:30 25/05/2011]
SnagIt 8 Catalog Browser.lnk --a---- 2565 bytes [19:30 25/05/2011] [00:29 09/05/2011]
SnagIt 8 Editor.lnk --a---- 2565 bytes [19:30 25/05/2011] [00:29 09/05/2011]
SnagIt 8.lnk --a---- 2551 bytes [19:30 25/05/2011] [00:29 09/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [19:30 25/05/2011]
Bluetooth.lnk --a---- 834 bytes [19:30 25/05/2011] [03:20 04/08/2010]
desktop.ini --ahs-- 174 bytes [19:30 25/05/2011] [04:54 14/07/2009]
HP Digital Imaging Monitor.lnk --a---- 2101 bytes [19:30 25/05/2011] [08:01 31/01/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Tablet PC d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\VTech d------ [19:30 25/05/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\VTech\VTech Kidizoom Plus d------ [19:30 25/05/2011]
Kidizoom Plus PC Tools Upgrade.lnk --a---- 1950 bytes [19:30 25/05/2011] [16:12 28/12/2010]
Uninstall.lnk --a---- 1363 bytes [19:30 25/05/2011] [16:12 28/12/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\VTech\VTech Kidizoom Plus\Kidizoom Plus Photo Editor d------ [19:30 25/05/2011]
VTech Kidizoom Plus Photo Editor.lnk --a---- 1042 bytes [19:30 25/05/2011] [16:12 28/12/2010]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1\Programs\Windows Live d------ [19:30 25/05/2011]
desktop.ini --ahs-- 95 bytes [19:30 25/05/2011] [10:02 03/04/2011]
Windows Live Writer.lnk --a---- 2350 bytes [19:30 25/05/2011] [10:02 03/04/2011]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\3 d------ [19:30 25/05/2011]
desktop.ini --ahs-- 211 bytes [19:30 25/05/2011] [07:02 16/10/2010]
Internet Explorer.lnk --a---- 1445 bytes [19:30 25/05/2011] [07:02 16/10/2010]
Windows Explorer.lnk --a---- 1228 bytes [19:30 25/05/2011] [04:49 14/07/2009]
Windows Media Player.lnk --a---- 1547 bytes [19:30 25/05/2011] [05:09 14/07/2009]

C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\4 d------ [19:30 25/05/2011]
desktop.ini --ahs-- 174 bytes [19:30 25/05/2011] [04:54 14/07/2009]

C:\Qoobox\Quarantine\Registry_backups d------ [19:26 25/05/2011]
HKLM-Run-SynTPEnh.reg.dat --a---- 80 bytes [19:33 25/05/2011] [19:33 25/05/2011]
tcpip.reg --a---- 17467 bytes [19:31 25/05/2011] [19:31 25/05/2011]
Toolbar-Locked.reg.dat --a---- 92 bytes [19:33 25/05/2011] [19:33 25/05/2011]
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}.reg.dat --a---- 171 bytes [19:33 25/05/2011] [19:33 25/05/2011]
Wow6432Node-HKCU-Run-AdobeBridge.reg.dat --a---- 79 bytes [19:33 25/05/2011] [19:33 25/05/2011]
Wow6432Node-HKLM-Run-DellSupportCenter.reg.dat --a---- 92 bytes [19:33 25/05/2011] [19:33 25/05/2011]
Wow6432Node-Toolbar-Locked.reg.dat --a---- 104 bytes [19:33 25/05/2011] [19:33 25/05/2011]

-= EOF =-

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 04 June 2011 - 10:23 AM

EDIT: Before doing what's listed below, could you just confirm something for me. When you say you cannot see you programs in you start menu, do you mean the most recently used programs, or do you mean all of the programs and folders normally visible after clicking All Programs?

If it's just the most recently used ones (and not all of them after clicking All programs) then please try this:

Right click the Windows Orb (Start button) and select Properties

On the Start Menu Tab, you'll see these 2 options:

Store and display recently opened programs in the Start Menu
Store and display recently opened programs in the Start Menu and Taskbar

If they are unchecked, please check them and see if the items in the start menu are back.


*************************************************





Good news :dance: When you ran ComboFix it actually deleted the files we need (one of the reasons you should never run ComboFix unsupervised!!) but, fortunately, we can restore them.



1. Copy the entire content of this folder:
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\1
and paste it to this folder:
C:\Program Data\Start Menu

2. Copy the entire content of this folder:
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\2
and paste it to this folder:
C:\Users\user_name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

3. Copy the entire content of this folder:
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\3
and paste it to this folder:
C:\Users\user-name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

4. Copy the entire content of this folder:
C:\Qoobox\Quarantine\C\Users\Scott\AppData\Local\Temp\smtmp\4
and paste it to this folder:
C:\Program Data\Desktop

-- Note: The "Start Menu", "Quick Launch" and "Desktop" folders are system folders. In order to see them, you need to Reconfigure Windows to show hidden files, folders. In Windows Explorer go to Tools > Folder Options and click on the View tab. Under Advanced settings > Files and Folders > Hidden Files and Folders, uncheck "Hide Protected operating system Files (recommended)" and hit Apply > OK. In order to access the "Start Menu" folder, you may need to "take ownership" of that folder as shown here.

If the above does not work, then you can restore the defaults for the Start Menu and Administrative Tools as follows:
For any other missing program shortcuts you will probably need to reinstall/repair the application or manually create new shortcuts.

Casey

Edited by Casey_boy, 04 June 2011 - 11:01 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 planetscott

planetscott
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 June 2011 - 12:10 AM

casey,

it is just the recently used programs. I simply selected the check-boxes you said and it works.
for the copying of the smtmp folder files, i did it for 1,3 and 4 but 2 is missing...

thanks,
scott

#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:29 AM

Posted 05 June 2011 - 04:49 AM

Good :)

How is everything running now? Any unusual symptoms?

:step1: Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 25 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u25-windows-i586-s.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

:step2: Run a scan with MBAM
Please update and then run a full scan with MalwareByte's AntiMalware. Post me the resultant log.

:step3: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users