Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Bancos - Is my machine being used as a spam bot? [Solved]

Started by AZCMer , May 17 2010 10:38 AM

  • This topic is locked This topic is locked

#1
AZCMer
Posted 17 May 2010 - 10:38 AM

AZCMer

    Member

  • Member
  • PipPipPip
  • 108 posts
I keep receiving emails from postmaster@hotmail about emails bouncing back. Yesterday, I received two of them and an email requesting I remove someone from my email contacts. These emails are being sent out at times my computer isn't booted and the originating ISP is in Kiev. So, how do they know who my contacts are? I've run virus scans and they come back negative. Last night I ran Malwarebytes and it found Trojan.Bancos (two instances) on my computer. As I wasn't attached to the program associated with these files, I deleted them along with the offending folder and program.

How do I get rid of that ask.com tool bar off my IE? It isn't in my remove programs and it isn't listed in my toolbars.

Do I still have a trojan? Can it cause redirects? I've checked my hosts file and nothing is in there, but I'm finding out there is very little that I know, so what do I know about all this? I can't access one specific website which I access all the time. I've checked with my ISP and they are not blocking it. When I ping it, it comes back as request timed out. My conclusion is that something on my computer is blocking this specific site. I can't access it through a proxy or google translate or anything.

Nothing came up with GMER, so there is no log posted. But I also had two errors when starting this program. The first was: c:\Windows\system32\configuration\config\systems The system cannot find the file specified. This happened when I opened GMER. The second was when I started the scan: c:\Windows\system32\configuration\config\system The process cannot access the file because it is being used by another process. Also the only items available to check are services, registry, and files.

OTL Log:

OTL logfile created on: 5/17/2010 8:39:23 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 76.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 261.11 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 194.30 Gb Free Space | 41.72% Space Free | Partition Type: NTFS

Computer Name: GODSPEED
Current User Name: The Reeve Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/17 08:30:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2010/04/18 06:35:24 | 000,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files (x86)\MediaMall\PlayOn.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/16 12:58:38 | 000,839,168 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/17 08:30:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/29 12:07:02 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/03/30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/04/18 06:36:26 | 003,352,944 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/08 14:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/05 18:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/12/30 11:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...buy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...buy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...buy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...buy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...buy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...eTab-ELECTRONIC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 56 FC D3 4C 6E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.msn.com/de...Tab-ELECTRONIC"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/05/17 06:20:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/03 06:48:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/01 06:39:24 | 000,000,000 | ---D | M]

[2009/11/29 23:12:27 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2010/03/21 22:05:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/03/21 22:05:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\[email protected]
[2010/05/16 16:12:47 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions
[2010/05/15 20:12:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/01 06:39:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 06:39:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/21 22:05:24 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Encarta Web Companion Helper Object) - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [(default)] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [L07AXLRD_857615] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce....ads/sysinfo.cab (SysData Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/31 08:50:24 | 000,000,067 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell - "" = AutoRun
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/17 08:30:10 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/05/17 07:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/16 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/05/16 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2010/05/11 12:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}
[2010/05/05 11:15:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Fonts
[2010/05/05 10:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\X-Fonter
[2010/05/04 12:50:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2010/05/04 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\My Meetings
[2010/05/04 08:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications
[2010/04/30 23:55:34 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Malwarebytes
[2010/04/30 23:54:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/30 23:54:48 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/30 23:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/30 23:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/30 23:53:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/30 23:41:49 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup.exe
[2010/04/30 23:40:59 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt_setup.exe
[2010/04/30 23:38:26 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\TFC.exe
[2010/04/30 07:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/30 07:28:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/04/30 07:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/30 07:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/30 07:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/04/29 21:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2010/04/29 21:17:18 | 000,040,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdk.sys
[2010/04/29 21:17:17 | 000,102,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/04/29 21:17:17 | 000,049,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfesmfk.sys
[2010/04/29 21:17:11 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2010/04/29 21:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/04/29 21:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/04/29 21:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/04/29 21:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/04/29 21:16:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2010/04/23 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMall
[2010/04/13 17:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010/04/13 17:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2010/04/13 09:58:16 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Alanui
[2010/04/08 10:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2010/04/08 10:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/04/08 10:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/04/08 10:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/04/08 10:50:08 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/08 10:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/04/08 10:47:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/07 23:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Student
[2010/04/07 23:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Learning Essentials
[2010/04/07 22:02:39 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\OneNote Notebooks
[2010/04/07 21:50:58 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2010/04/07 10:40:12 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Living Cookbook backup
[2010/04/07 10:39:17 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\HPScrapperDownloads
[2010/04/07 10:39:05 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\2peas
[2010/04/07 10:38:07 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\My Audio Books
[2010/04/07 09:12:56 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Food
[2010/04/07 08:19:59 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Zrii
[2010/04/07 08:19:36 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\YEnc
[2010/04/07 08:03:03 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Scrapbook
[2010/04/07 07:54:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Sewing
[2010/04/07 07:54:19 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Stationery Scripts
[2010/04/07 07:52:52 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Xnews
[2010/04/07 07:48:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\WindowsLiveMail
[2010/04/03 07:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010/04/02 07:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/04/02 07:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/04/02 07:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/02 07:39:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/29 12:07:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/03/29 12:07:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/03/29 11:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/03/29 11:55:39 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/03/29 11:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phyxion.net
[2010/03/29 11:37:55 | 004,728,687 | ---- | C] (Phyxion.net ) -- C:\Users\The Reeve Family\Desktop\DriverSweeper_2.1.0-[Guru3D.com].exe
[2010/03/26 18:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/03/26 18:05:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carbonite
[2010/03/26 18:05:18 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/03/26 18:04:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2010/03/26 18:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2010/03/26 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/03/24 21:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/03/24 21:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/03/24 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2010/03/23 13:28:21 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Achievement Blueprint
[2010/03/22 00:48:24 | 000,099,792 | ---- | C] (MediaMall Technologies, Inc.) -- C:\Users\The Reeve Family\Desktop\Revision3PluginInstaller.exe
[2010/03/22 00:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teknowebworks LLC
[2010/03/21 22:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2010/03/21 21:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2010/03/21 21:47:43 | 000,000,000 | ---D | C] -- C:\swsetup
[2010/03/18 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Love Or Above Spiritual Tool Kit
[2010/03/09 09:35:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/26 17:17:20 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Mindwaves
[2010/02/26 17:17:11 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Hypnosis
[2010/02/23 16:01:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeBetaViewer
[2010/02/23 15:45:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/02/23 15:45:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\SecondLife
[2010/02/23 15:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLife
[2010/02/23 15:19:57 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Second Life
[2010/02/18 16:37:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/02/18 16:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/02/18 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/02/16 11:42:56 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\InstantCDDVD
[2010/02/16 11:42:55 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\IsolatedStorage

========== Files - Modified Within 90 Days ==========

[2010/05/17 08:41:28 | 005,505,024 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat
[2010/05/17 08:30:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/05/17 07:49:18 | 000,000,743 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2010/05/17 07:49:18 | 000,000,724 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2010/05/17 07:33:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/17 07:33:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/17 07:30:31 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/17 07:30:31 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/17 07:30:31 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/17 07:26:45 | 000,017,866 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/05/17 07:26:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/17 07:26:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/17 07:26:12 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/17 07:25:32 | 004,885,147 | -H-- | M] () -- C:\Users\The Reeve Family\AppData\Local\IconCache.db
[2010/05/15 23:39:52 | 000,524,288 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000002.regtrans-ms
[2010/05/15 23:39:52 | 000,524,288 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 23:39:52 | 000,065,536 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TM.blf
[2010/05/14 07:44:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2010/05/13 08:22:03 | 000,021,383 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Lezlie resume.wpd
[2010/05/11 12:13:32 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/05/10 07:56:29 | 000,000,103 | ---- | M] () -- C:\Users\The Reeve Family\Documents\download code.html
[2010/05/05 23:09:14 | 000,001,260 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Barnes & Noble Desktop Reader.lnk
[2010/05/01 04:15:16 | 000,002,124 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Hulu Desktop.lnk
[2010/05/01 04:15:16 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/04/30 23:54:53 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 23:41:50 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Reeve Family\Desktop\mbam-setup.exe
[2010/04/30 23:40:59 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\The Reeve Family\Desktop\erunt_setup.exe
[2010/04/30 23:38:26 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\TFC.exe
[2010/04/30 22:34:58 | 000,000,036 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 10:39:19 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/04/30 07:29:12 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/30 07:11:13 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/29 21:18:59 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/13 15:45:11 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/13 15:13:55 | 000,002,017 | ---- | M] () -- C:\Windows\checkip.dat
[2010/04/13 12:14:23 | 000,120,098 | ---- | M] () -- C:\Users\The Reeve Family\Documents\WhyIWant.xps
[2010/04/13 12:13:57 | 000,120,096 | ---- | M] () -- C:\Users\The Reeve Family\Documents\.xps
[2010/04/09 09:52:14 | 000,374,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/09 09:18:48 | 000,000,536 | ---- | M] () -- C:\Windows\win.ini
[2010/04/08 11:19:06 | 000,092,984 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/08 11:16:09 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Encarta Dictionaries.lnk
[2010/04/08 11:16:09 | 000,002,125 | ---- | M] () -- C:\Users\Public\Desktop\Encarta Kids 2007.lnk
[2010/04/08 11:16:08 | 000,002,297 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Student with Encarta Premium 2007 DVD.lnk
[2010/04/08 10:53:06 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/04/07 23:44:05 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\Learning Essentials for Students.lnk
[2010/04/07 22:02:33 | 000,000,914 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Windows Mobile Device Center.lnk
[2010/04/07 22:00:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/04/07 09:00:04 | 000,000,784 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2010/04/07 08:55:47 | 000,002,078 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml
[2010/04/07 08:53:05 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/04/03 10:34:51 | 000,000,000 | ---- | M] () -- C:\Users\The Reeve Family\pspbrwse.jbf
[2010/04/02 07:45:21 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/29 11:43:22 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2010/03/29 11:38:00 | 004,728,687 | ---- | M] (Phyxion.net ) -- C:\Users\The Reeve Family\Desktop\DriverSweeper_2.1.0-[Guru3D.com].exe
[2010/03/26 19:25:31 | 001,206,199 | ---- | M] () -- C:\Users\The Reeve Family\Documents\External Drive Manual.pdf
[2010/03/26 18:06:45 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/03/26 18:05:20 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2010/03/26 18:05:17 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\muvee Reveal Seagate Edition.lnk
[2010/03/22 17:27:07 | 000,007,605 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/03/22 00:48:25 | 000,099,792 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Users\The Reeve Family\Desktop\Revision3PluginInstaller.exe
[2010/03/21 22:05:53 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/03/04 17:17:02 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Beta Viewer.lnk
[2010/03/04 00:39:27 | 000,017,754 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Kahuna Lani.docx
[2010/03/04 00:37:12 | 000,058,965 | ---- | M] () -- C:\Users\The Reeve Family\Documents\The IMAGINEER.docx
[2010/03/01 13:42:14 | 000,154,162 | ---- | M] () -- C:\Users\The Reeve Family\Documents\030110.pdf
[2010/02/23 15:45:14 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Second Life.lnk
[2010/02/23 15:20:23 | 002,013,242 | ---- | M] () -- C:\Users\The Reeve Family\Documents\SL User Guide.pdf
[2010/02/19 10:50:53 | 003,103,150 | ---- | M] () -- C:\Users\The Reeve Family\Documents\WRT54G_v4.21.1_fw.zip
[2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfesmfk.sys
[2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdk.sys
[2010/02/16 11:55:03 | 000,028,226 | ---- | M] () -- C:\Users\The Reeve Family\Documents\channels.pmcl

========== Files Created - No Company Name ==========

[2010/05/17 07:49:18 | 000,000,743 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2010/05/17 07:49:18 | 000,000,724 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2010/05/15 20:11:41 | 000,524,288 | -HS- | C] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000002.regtrans-ms
[2010/05/15 20:11:41 | 000,524,288 | -HS- | C] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 20:11:41 | 000,065,536 | -HS- | C] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TM.blf
[2010/05/13 08:22:03 | 000,021,383 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Lezlie resume.wpd
[2010/05/11 12:13:32 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/05/10 07:56:29 | 000,000,103 | ---- | C] () -- C:\Users\The Reeve Family\Documents\download code.html
[2010/04/30 23:54:53 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 07:29:12 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/29 21:19:12 | 000,017,866 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/04/29 21:18:59 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/04/29 21:17:03 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/04/29 21:17:00 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/04/13 12:14:22 | 000,120,098 | ---- | C] () -- C:\Users\The Reeve Family\Documents\WhyIWant.xps
[2010/04/13 12:13:56 | 000,120,096 | ---- | C] () -- C:\Users\The Reeve Family\Documents\.xps
[2010/04/08 11:16:09 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Encarta Dictionaries.lnk
[2010/04/08 11:16:09 | 000,002,125 | ---- | C] () -- C:\Users\Public\Desktop\Encarta Kids 2007.lnk
[2010/04/08 11:16:08 | 000,002,297 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Student with Encarta Premium 2007 DVD.lnk
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/04/08 10:34:08 | 000,002,382 | ---- | C] () -- C:\Users\The Reeve Family\Authorization.xml
[2010/04/07 23:44:05 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\Learning Essentials for Students.lnk
[2010/04/07 22:02:33 | 000,000,914 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\Windows Mobile Device Center.lnk
[2010/04/07 22:00:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010/04/07 09:18:55 | 002,107,654 | ---- | C] () -- C:\Users\The Reeve Family\Documents\X-Fonter.zip
[2010/04/07 09:18:14 | 000,151,040 | ---- | C] () -- C:\Users\The Reeve Family\Documents\What is my true purpose in life.doc
[2010/04/07 09:17:42 | 000,023,918 | ---- | C] () -- C:\Users\The Reeve Family\Documents\waterdrop.zip
[2010/04/07 09:12:34 | 000,106,597 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Strength_ActionPlan.pdg.aspx
[2010/04/07 09:12:31 | 000,105,824 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Strengths_Finder.pdf
[2010/04/07 09:12:27 | 000,128,134 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Strength_Discovery.pdf
[2010/04/07 09:11:55 | 000,000,213 | ---- | C] () -- C:\Users\The Reeve Family\Documents\stevewells.html
[2010/04/07 09:08:45 | 000,034,816 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Response to response to respondent.doc
[2010/04/07 09:03:31 | 000,002,078 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml
[2010/04/07 08:58:12 | 000,078,848 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Lezli_Businesscard.doc
[2010/04/07 08:57:40 | 000,208,583 | ---- | C] () -- C:\Users\The Reeve Family\Documents\LReev01P.rtf
[2010/04/07 08:55:57 | 000,009,728 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Letter of Instruction 102208.wps
[2010/04/07 08:54:37 | 001,264,437 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Histograms_SpandexRutabaga.pdf
[2010/04/07 08:45:49 | 001,921,260 | ---- | C] () -- C:\Users\The Reeve Family\Documents\dw_getting_started.pdf
[2010/04/07 08:45:19 | 000,303,609 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Digital Antenna-SCN_20090729194421_001.pdf
[2010/04/03 10:34:51 | 000,000,000 | ---- | C] () -- C:\Users\The Reeve Family\pspbrwse.jbf
[2010/04/02 07:45:21 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/29 11:43:22 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk
[2010/03/26 19:25:31 | 001,206,199 | ---- | C] () -- C:\Users\The Reeve Family\Documents\External Drive Manual.pdf
[2010/03/26 18:06:45 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/03/26 18:05:20 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite Online Backup Setup.lnk
[2010/03/26 18:05:17 | 000,002,286 | ---- | C] () -- C:\Users\Public\Desktop\muvee Reveal Seagate Edition.lnk
[2010/03/24 21:36:25 | 000,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010/03/22 08:00:15 | 000,007,605 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/03/21 22:05:53 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010/03/04 00:39:26 | 000,017,754 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Kahuna Lani.docx
[2010/03/04 00:37:12 | 000,058,965 | ---- | C] () -- C:\Users\The Reeve Family\Documents\The IMAGINEER.docx
[2010/03/01 13:42:14 | 000,154,162 | ---- | C] () -- C:\Users\The Reeve Family\Documents\030110.pdf
[2010/02/23 16:02:47 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Beta Viewer.lnk
[2010/02/23 15:45:14 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Second Life.lnk
[2010/02/23 15:20:23 | 002,013,242 | ---- | C] () -- C:\Users\The Reeve Family\Documents\SL User Guide.pdf
[2010/02/19 10:50:44 | 003,103,150 | ---- | C] () -- C:\Users\The Reeve Family\Documents\WRT54G_v4.21.1_fw.zip
[2010/02/16 11:55:03 | 000,028,226 | ---- | C] () -- C:\Users\The Reeve Family\Documents\channels.pmcl
[2010/01/01 02:26:52 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2010/01/01 02:26:52 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2010/01/01 02:26:52 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2010/01/01 02:26:52 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2010/01/01 02:26:52 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/08/23 09:50:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2007/08/23 09:50:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2009/11/28 18:05:33 | 000,000,000 | -HSD | M] -- C:\Users\The Reeve Family\AppData\Roaming\.#
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2009/12/07 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/05/16 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/02/23 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/01/23 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/04/30 07:11:13 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/05/01 04:15:16 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/04/30 10:39:19 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/05/12 08:35:05 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/05/11 12:17:12 | 000,002,000 | ---- | M] () -- C:\FINIS_IT.TXT
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/05/17 07:26:12 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/17 07:26:16 | 1878,245,375 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /180 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
< End of report >

OTL Extras Log:
OTL Extras logfile created on: 5/17/2010 8:39:23 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 76.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 261.11 Gb Free Space | 44.71% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 465.76 Gb Total Space | 194.30 Gb Free Space | 41.72% Space Free | Partition Type: NTFS

Computer Name: GODSPEED
Current User Name: The Reeve Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07044040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Search Bar (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CE0034E-2119-4CDF-9597-DE28390A77F1}" = MobileMe Control Panel
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{642AB043-7802-41AD-9A4F-E4A06076C8F5}" = PCTV Package - Windows Media Center
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.0.5
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07041881-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Student with Encarta Premium 2007
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{335B1821-D274-4EFD-9EFE-3C0FD38EBE65}" = BN eReader
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E31F0CE-D1D7-44C0-AE9B-6221D7F2DF36}" = Cooliris for Internet Explorer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Learning Essentials for Microsoft Office
"{B3D84D4A-DE51-42A1-964B-E80013272D55}" = HuluDesktopIntegration
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C98DD20D-5AE4-4EC5-97D0-15CFBEE63D42}" = PlayOn
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Cisco Connect" = Cisco Connect
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Digital Editions" = Adobe Digital Editions
"EA Download Manager" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"Homepage Protection" = Homepage Protection
"hp print screen utility" = hp print screen utility
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"OpenDNS Updater" = OpenDNS Updater 2.2
"RealPlayer 12.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"SecondLifeBetaViewer" = SecondLifeBetaViewer (remove only)
"SystemRequirementsLab" = System Requirements Lab
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


Last MBam log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4109

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

5/17/2010 7:56:30 AM
mbam-log-2010-05-17 (07-56-30).txt

Scan type: Quick scan
Objects scanned: 122027
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thank you for your help.

Edited by AZCMer, 17 May 2010 - 01:35 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 03 June 2010 - 02:38 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AZCMer,

Please download and run the AVG removal tool - 64bit.

After that
  • C:\Users\Public\Desktop\Driver Sweeper.lnk
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Next

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [(default)] File not found
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell - "" = AutoRun
O33 - MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010/03/21 22:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com

:Commands
[emptytemp]
[resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
When you return please post
  • Virscan report
  • OTL fix log
  • 0

#3
AZCMer
Posted 03 June 2010 - 10:46 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I have run the AVG removal tool - 64 bit.

However I haven't run virSCAN. The desktop folder isn't located in the public folder. Should I adjust it to the desktop folder? Or do you have another idea?

BTW, thanks so much for your help.

Should I go ahead and rerun OTL again with the code you indicated?
  • 0

#4
AZCMer
Posted 03 June 2010 - 11:50 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I did a search on Driver Sweeper.lnk and it wasn't successful, so I don't know what path to put in to search for that file.

The site also doesn't allow to copy and paste that information, so I searched for that file name and it wasn't found.

I hope this is okay, I went ahead and did OTL and here is the result:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\(default) deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4a68fca-da37-11de-8546-90e6ba3e780b}\ not found.
File J:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Folder C:\Program Files (x86)\Ask.com\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The Reeve Family
->Temp folder emptied: 3347913 bytes
->Temporary Internet Files folder emptied: 46943600 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 78984379 bytes
->Flash cache emptied: 3958 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 257674 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 33896 bytes

Total Files Cleaned = 124.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 06032010_094929

Files\Folders moved on Reboot...
C:\Users\The Reeve Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\mcafee_j8zI4jQO0kPyYFX not found!
File\Folder C:\Windows\temp\mcmsc_8sj1aUv0KNphp3Y not found!
File\Folder C:\Windows\temp\mcmsc_HbXlQVyn0LMO4F1 not found!
File\Folder C:\Windows\temp\mcmsc_Q9Je9bOFzOFb3RJ not found!

Registry entries deleted on Reboot...
  • 0

#5
emeraldnzl
Posted 03 June 2010 - 03:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AZCMer,

Let's not take a risk with that one.

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
killallprocesses

:OTL
[2010/03/29 11:43:22 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Driver Sweeper.lnk

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
After that

It is a pretty big download but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download VRT Tool by Kaspersky.
  • Save it to your desktop
  • Double click the setup file to run it
  • Accept the agreement
  • A pop up window will appear.
  • On the Autoscan panel check all items
  • Click on Start Scan
  • When finished (this can take some time... just be patient and let it do its job) click the Report button
  • Click the + button left top to expand the critical events
  • Highlight Ctrl A and copy Ctrl C
  • Save to Notepad Ctrl V
Copy and past the report back here.

Click exit to uninstall Kaspersky VRT. Click yes to the prompts to complete the process.

Note: This tool will self uninstall when you click Exit so please save the log before closing it.



So when you return please post
OTL fix log
Kaspersky VRT results
  • 0

#6
AZCMer
Posted 04 June 2010 - 09:08 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Whew! That sure took a long time.

Here are my logs.

OTL:

========== PROCESSES ==========
All processes killed
========== OTL ==========
File C:\Users\Public\Desktop\Driver Sweeper.lnk not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.4.1 log created on 06042010_195918

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

VRT:

Autoscan: completed 24 minutes ago (events: 4, objects: 2346998, time: 1 day 04:51:16)
6/3/2010 2:41:12 PM Task started
6/3/2010 6:21:14 PM Detected: Worm.Win32.VBNA.b C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Learning Center\Product_Tour.exe/#
6/3/2010 11:10:45 PM Detected: Worm.Win32.VBNA.b C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 8\Learning Center\Product_Tour.exe/#
6/4/2010 7:32:28 PM Task completed
  • 0

#7
emeraldnzl
Posted 04 June 2010 - 10:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again AZCMer,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
When you return please post
  • MBAM log
  • OTL scan log - OTL.txt
  • and tell me how your machine is now
  • 0

#8
AZCMer
Posted 04 June 2010 - 10:55 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you so much for taking all this time to help me.

Here is the OTL log:

OTL logfile created on: 6/4/2010 9:45:57 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 259.89 Gb Free Space | 44.50% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GODSPEED
Current User Name: The Reeve Family
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/17 08:30:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 06:48:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/16 12:58:38 | 000,839,168 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/07/26 16:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/08 16:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 16:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/17 08:30:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009/07/13 18:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 18:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/29 12:07:02 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/13 18:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009/07/13 18:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009/07/13 18:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009/07/13 18:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009/07/13 18:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009/07/13 18:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009/07/13 18:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009/07/13 18:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/07/13 18:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009/07/13 18:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009/07/13 18:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009/07/13 18:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009/07/13 18:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009/07/13 18:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009/07/13 18:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009/07/13 18:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009/07/13 18:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/05/18 16:55:32 | 003,364,208 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/08 14:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/13 20:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 18:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 18:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 13:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 13:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/05 18:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/12/11 03:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009/10/16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/09/25 23:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/16 12:32:26 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009/07/13 18:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009/07/13 18:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009/07/13 18:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009/07/13 18:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009/07/13 18:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009/07/13 17:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009/07/13 17:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009/07/13 17:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 17:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009/07/13 17:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009/07/13 17:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009/07/13 17:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009/07/13 17:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009/07/13 17:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009/07/13 17:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009/07/13 17:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009/07/13 17:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009/07/13 17:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009/07/13 17:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009/07/13 16:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009/07/13 16:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009/07/13 16:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009/07/13 16:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009/07/13 16:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009/07/13 16:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009/07/13 16:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 18:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009/07/13 18:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009/06/10 14:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 14:15:18 | 000,003,066 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...buy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...buy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...buy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...buy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...buy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://tmq.bingstart...g=2-168-0-1hMrQ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.msn.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..keyword.URL: "http://tmq.bingstart...168-0-1hMrQ&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/06/01 11:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/05/26 08:08:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/05/28 07:26:31 | 000,000,000 | ---D | M]

[2009/11/29 23:12:27 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2010/05/17 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/06/04 12:49:58 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions
[2010/05/15 20:12:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/24 21:17:00 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]
[2010/06/04 12:36:14 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]
[2010/05/23 07:47:39 | 000,001,146 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\searchplugins\bbc-news.xml
[2010/06/04 12:36:19 | 000,001,949 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\searchplugins\bing-zugo.xml
[2010/05/23 07:48:10 | 000,001,820 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\searchplugins\bing.xml
[2010/05/30 12:52:50 | 000,002,480 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\searchplugins\hulu.xml
[2010/05/01 06:39:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 06:39:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/21 22:05:24 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/06/03 09:50:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Encarta Web Companion Helper Object) - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Encarta Web Companion) - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Web Companion\2007\ENCWCBAR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [L07AXLRD_857615] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\microsoft shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce....ads/sysinfo.cab (SysData Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 68.105.28.11
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/04 12:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2010/06/04 12:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mind Quiz
[2010/06/03 14:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/06/03 14:32:25 | 073,259,920 | ---- | C] ( ) -- C:\Users\The Reeve Family\Desktop\setup_9.0.0.722_03.06.2010_23-33.exe
[2010/06/03 09:49:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/29 11:03:21 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Calibre Library
[2010/05/29 11:03:18 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2010/05/29 11:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2010/05/28 21:45:25 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\dwhelper
[2010/05/28 18:01:43 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\My Barnes & Noble eBooks
[2010/05/26 08:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/05/18 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2010/05/18 17:35:47 | 000,040,904 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdk.sys
[2010/05/18 17:35:45 | 000,102,472 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/05/18 17:35:45 | 000,049,480 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfesmfk.sys
[2010/05/18 17:35:40 | 000,176,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\Mpfp.sys
[2010/05/18 17:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2010/05/18 17:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/05/18 17:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2010/05/18 17:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2010/05/18 17:35:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2010/05/18 17:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/05/17 08:30:10 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/05/17 07:49:17 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/16 22:19:43 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/05/16 22:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDNS Updater
[2010/05/11 12:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66}

========== Files - Modified Within 30 Days ==========

[2010/06/04 21:49:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 21:49:11 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/04 21:45:23 | 005,505,024 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat
[2010/06/04 21:45:07 | 000,293,376 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\gmer.exe
[2010/06/04 21:42:18 | 000,018,130 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/06/04 21:41:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/04 21:41:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/04 21:41:42 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/04 21:41:08 | 004,866,259 | -H-- | M] () -- C:\Users\The Reeve Family\AppData\Local\IconCache.db
[2010/06/04 20:00:12 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2010/06/03 23:09:51 | 000,000,198 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_03.06.2010_23-33drv.spi
[2010/06/03 14:33:09 | 073,259,920 | ---- | M] ( ) -- C:\Users\The Reeve Family\Desktop\setup_9.0.0.722_03.06.2010_23-33.exe
[2010/06/03 09:50:13 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/06/02 10:27:37 | 000,000,743 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2010/06/02 10:27:37 | 000,000,724 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2010/05/31 22:39:52 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/05/29 21:13:30 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/05/29 17:47:58 | 000,174,592 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Counselors have an exceptionally strong desire to contribute to the welfare of others.doc
[2010/05/29 13:28:08 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/29 13:28:08 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/29 13:28:08 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/29 13:23:35 | 000,372,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/05/29 12:15:34 | 000,091,640 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/29 11:01:18 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/05/28 18:01:34 | 000,001,274 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\Barnes & Noble Desktop Reader.lnk
[2010/05/18 18:28:51 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/18 18:28:51 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2010/05/18 17:37:33 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/05/18 17:03:34 | 001,374,664 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\MCPR.exe
[2010/05/18 00:36:53 | 235,051,986 | ---- | M] () -- C:\Users\The Reeve Family\Documents\backup051810.reg
[2010/05/17 20:43:37 | 000,291,108 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Printer
[2010/05/17 08:30:10 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/05/15 23:39:52 | 000,524,288 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000002.regtrans-ms
[2010/05/15 23:39:52 | 000,524,288 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 23:39:52 | 000,065,536 | -HS- | M] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TM.blf
[2010/05/13 08:22:03 | 000,021,383 | ---- | M] () -- C:\Users\The Reeve Family\Documents\Lezlie resume.wpd
[2010/05/11 12:13:32 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/05/10 07:56:29 | 000,000,103 | ---- | M] () -- C:\Users\The Reeve Family\Documents\download code.html

========== Files Created - No Company Name ==========

[2010/06/03 23:09:51 | 000,000,198 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_03.06.2010_23-33drv.spi
[2010/05/29 17:47:57 | 000,174,592 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Counselors have an exceptionally strong desire to contribute to the welfare of others.doc
[2010/05/29 11:01:18 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2010/05/18 17:39:34 | 000,018,130 | ---- | C] () -- C:\Windows\SysNative\Config.MPF
[2010/05/18 17:37:33 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010/05/18 17:35:27 | 000,000,362 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2010/05/18 17:35:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2010/05/18 17:03:33 | 001,374,664 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\MCPR.exe
[2010/05/18 00:35:00 | 235,051,986 | ---- | C] () -- C:\Users\The Reeve Family\Documents\backup051810.reg
[2010/05/17 17:20:26 | 000,291,108 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Printer
[2010/05/17 07:49:18 | 000,000,743 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\NTREGOPT.lnk
[2010/05/17 07:49:18 | 000,000,724 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\ERUNT.lnk
[2010/05/15 20:11:41 | 000,524,288 | -HS- | C] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000002.regtrans-ms
[2010/05/15 20:11:41 | 000,524,288 | -HS- | C] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TMContainer00000000000000000001.regtrans-ms
[2010/05/15 20:11:41 | 000,065,536 | -HS- | C] () -- C:\Users\The Reeve Family\ntuser.dat{2661c13a-608d-11df-8b2a-90e6ba3e780b}.TM.blf
[2010/05/13 08:22:03 | 000,021,383 | ---- | C] () -- C:\Users\The Reeve Family\Documents\Lezlie resume.wpd
[2010/05/11 12:13:32 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/05/10 07:56:29 | 000,000,103 | ---- | C] () -- C:\Users\The Reeve Family\Documents\download code.html
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/01 02:26:52 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2010/01/01 02:26:52 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2010/01/01 02:26:52 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2010/01/01 02:26:52 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2010/01/01 02:26:52 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2007/08/23 09:50:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2007/08/23 09:50:04 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
< End of report >

MBam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4170

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/4/2010 9:40:26 PM
mbam-log-2010-06-04 (21-40-26).txt

Scan type: Quick scan
Objects scanned: 124634
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\searchtoolbarlib.csearchtoolbarimpl.1 (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Zugo (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9d425283-d487-4337-bab6-ab8354a81457} (Adware.Zugo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll (Adware.Zugo) -> Quarantined and deleted successfully.
  • 0

#9
AZCMer
Posted 04 June 2010 - 10:57 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
BTW, I ran Mbam first as requested then OTL, but I posted the logs in reverse order.
  • 0

#10
emeraldnzl
Posted 04 June 2010 - 11:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello AZCMer,

Making some progress I think. :)

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
[2010/06/04 12:36:14 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]
[2010/06/04 12:36:19 | 000,001,949 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\searchplugins\bing-zugo.xml
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

Next

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
So when you return please post
  • OTL fix log
  • SuperAntiSpyware scan results
  • and tell me how your computer is now
  • 0

Advertisements

#11
AZCMer
Posted 04 June 2010 - 11:44 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Just a quick note -

I ran the OTL with the code you listed and the system rebooted, but OTL did not continue running after the reboot and no log was created.

Do you want me to just OTL to see if the fix did its thing?

And I don't know if I ought to wait on the spyware download or not, so just to be safe, I'm going to wait till I hear back. Hope that's okay.
  • 0

#12
emeraldnzl
Posted 04 June 2010 - 11:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
A copy of an OTL fix log is saved in a text file at

* :\_OTL\Moved Files

in most cases this will be C:\_OTL\Moved Files

and, yes go ahead with the SuperAntiSpyware one even if you can't find the OTL log. :)
  • 0

#13
AZCMer
Posted 05 June 2010 - 01:07 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you for your patience.

I have the Super Anti Spyware Free Addition fail on me. I sent in an error report and am currently rerunning it. Hopefully it won't have the same error, but you know what they say about doing the same thing over again and expecting different results.

So far the program has found 15 Adware.Tracking Cookies, 10 Browser Hijacker.Tubby, 1 Adware.Flash Tracking Cookie.

I will post the results of the spyware scan one way or the other when done.

Here's my OTL log:

========== OTL ==========
Prefs.js: [email protected]:1.1 removed from extensions.enabledItems
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\components folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\extensions\[email protected] folder moved successfully.
C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\t92gjx4s.default\searchplugins\bing-zugo.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.4.1 log created on 06042010_222532
  • 0

#14
AZCMer
Posted 05 June 2010 - 01:47 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Yep, the spyware prog failed again. It stopped at C:\Program Files(x86)\Pinnacle\Shared Files\Filter\aacenc.dll

Should I run it again and stop it after the 26 problems are found?
  • 0

#15
emeraldnzl
Posted 05 June 2010 - 02:55 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I don't really know what is causing the hold up but my guess would be that it is not quite happy with a 64bit machine. Some programs still have the odd glitch even when they are supposed to be compliant.

Try once more and see how you go. Might as well have it fix what it finds. Most of those cookies will be harmless but in amongst them might be some other baddies. :)

Come back and tell me how it went. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP