Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

3 trojans

Started by AZCMer , Nov 24 2010 10:19 AM

  • Please log in to reply

#1
AZCMer
Posted 24 November 2010 - 10:19 AM

AZCMer

    Member

  • Member
  • PipPipPip
  • 108 posts
I have been unable to get into my favorite forum once again. This is an ongoing problem which has been diagnosed as coming from my router. I've replaced my router 3 times since I've been here for virus disinfection. However, even now, when I access the internet without my router, I still cannot get into my favorite forum. Then I had a funny 'app' do some rogue posting from my facebook profile. Also my machine started being used as a spam bot and I had to delete my contacts folder and change my password to a hotmail account.

My system is Windows 7.

I've run virus scans - McAfee finds nothing. Malwarebytes finds nothing. Ran Kaspersky and it found 3 trojans: Trojan - Downloader.Java.Agent.hi, Trojan - PSW.Win32.ldPinch.anxg, Trojan-downloaderJava.OpenStream.ag

Once Kaspersky found these, my system speeded up quite a bit and I was able to get into the forum. I would like to make sure that these buggers are off my system and that everything is clean at this point in time.

Also, is it a possibility that I picked up these buggers in the forum even though I don't download anything?

OTL log:

OTL logfile created on: 11/24/2010 11:37:42 AM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 72.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 211.27 Gb Free Space | 36.17% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 11:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/06/07 19:18:26 | 000,057,344 | ---- | M] (Novatek) -- C:\Program Files (x86)\hp\BM\Patch\NVTBM.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/12/07 14:40:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/24 11:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/10/22 22:01:18 | 004,324,720 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/08 14:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/05/31 20:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/22 20:59:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 07:41:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/21 10:32:28 | 000,000,000 | ---D | M]

[2010/07/24 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2010/11/24 10:00:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2010/10/26 07:37:55 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/11/08 07:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/10/15 09:03:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/05/17 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/07/24 22:09:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 06:39:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/06/03 09:50:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [L07AXLRD_1300205] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: grillflame.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 11:31:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/16 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Homeschool
[2010/11/04 07:37:06 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2010/11/04 07:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2010/10/26 20:07:10 | 000,000,000 | ---D | C] -- C:\Windows\en

========== Files - Modified Within 30 Days ==========

[2010/11/24 11:41:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 11:41:46 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 11:34:20 | 000,019,097 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/11/24 11:33:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 11:33:47 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/24 11:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/11/23 09:11:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2010/11/21 10:32:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/20 13:53:01 | 000,000,202 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_19.11.2010_12-09drv.spi
[2010/11/19 07:49:00 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/13 21:07:07 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/13 21:07:07 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/13 21:07:07 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/06 11:18:19 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/11/04 07:37:01 | 000,001,356 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper Platinum.lnk
[2010/11/04 07:37:01 | 000,001,332 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2010/10/31 12:11:15 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2010/11/20 13:53:01 | 000,000,202 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_19.11.2010_12-09drv.spi
[2010/11/19 07:49:00 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/06 11:18:19 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/11/04 07:37:01 | 000,001,356 | ---- | C] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper Platinum.lnk
[2010/11/04 07:37:01 | 000,001,332 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2010/10/16 07:09:41 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0004]-[p04].bmp
[2010/10/16 07:09:14 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p04].bmp
[2010/09/28 07:42:34 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0005]-[p04].bmp
[2010/07/15 17:46:54 | 000,001,130 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,605 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,000,784 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2009/11/28 18:05:33 | 000,000,000 | -HSD | M] -- C:\Users\The Reeve Family\AppData\Roaming\.#
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2010/05/28 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2010/05/29 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/08/24 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\muvee Technologies
[2010/07/15 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/02/23 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/08/07 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/07/03 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WTouch
[2010/07/24 20:44:16 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/07/24 20:44:16 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2010/10/31 12:11:15 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/11/24 11:33:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty

< End of report >

Edited by AZCMer, 24 November 2010 - 12:47 PM.

  • 0

Advertisements

#2
RKinner
Posted 26 November 2010 - 06:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Kaspersky is one of the top anti-viruses. McAfee is way down on the bottom of the list. When the subscription expires consider buying Kaspersky or BitDefender or use the free Avast
http://www.avast.com...ivirus-download
or Avira
http://www.avira.com...-free-antivirus

Only thing I see in your log is:

O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)

Don't think you really want to have the whole internet in your Trusted sites. This would allow your system to get infected again very quickly.

Let's clear that up and get rid of some deadwood with OTL:

Copy the text in the code box below by highlighting and then Ctrl + c :

:Services
SABKUTIL

:OTL
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found

:Commands
[PURITY]
[EMPTYTEMP]

Run OTL by right clicking and Run As Administrator then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX.

Copy and past the log it creates into a Reply.

Download mbr.exe from:

http://www2.gmer.net/mbr/mbr.exe

Save it to your desktop then run by right clicking and Run As Administrator. It will create a logfile on your desktop. Please open it, copy and paste to a replay.

Close all programs Right click on Firefox and Run As Administrator. Go to
http://quickscan.bitdefender.com/

and hit Start Scan. When it finishes there is a report option. Copy and Paste the report into your reply even if it says nothing found.

Look on the back of your router. There should be a button called RESET. Press and hold it for at least 30 seconds. Then connect your PC to it and change the password then make any other changes you need for it to work. If you don't know how then note the make and model and tell me what it is.

Run OTL again by right clicking and Run As Administrator then:
select either the Use SafeList or All option in the Extra Registry group (whichever is not already checked) then Run Scan. You should get an OTL and an Extras log. Please copy and paste both.

Ron
  • 0

#3
AZCMer
Posted 26 November 2010 - 09:46 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you, RKinner, for your response.

No, it would not make sense to make the whole internet a trusted site. I did not even know that one could do that. So, thank you for finding that.

Here's my OTL log. Next up is mbr and bitdefender.

All processes killed
========== SERVICES/DRIVERS ==========
Service SABKUTIL stopped successfully!
Service SABKUTIL deleted successfully!
========== OTL ==========
Error: No service named SABKUTIL was found to stop!
Service\Driver key SABKUTIL not found.
File C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\text/xml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: The Reeve Family
->Temp folder emptied: 741985570 bytes
->Temporary Internet Files folder emptied: 370716161 bytes
->Java cache emptied: 127517 bytes
->FireFox cache emptied: 108274889 bytes
->Flash cache emptied: 191607 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9946601 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 8726348259 bytes

Total Files Cleaned = 9,496.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11262010_083403

Files\Folders moved on Reboot...
C:\Users\The Reeve Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF10B00D8FAC8EA39B.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF3B24727EAB227574.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF67A85A1B43E45C89.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF67FAE7EA22ACF7C0.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF80ADEDA81FFFABAD.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF9A81B6EA68B11160.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DF9FBF489B23348E7B.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DFA5AF419E5AA1576B.TMP not found!
File\Folder C:\Users\The Reeve Family\AppData\Local\Temp\~DFAF4F2315D0BBBAFD.TMP not found!
File\Folder C:\Windows\temp\mcafee_gQzt27j4rVhU3TK not found!
File\Folder C:\Windows\temp\mcmsc_0MeqUdcbeLVfcB0 not found!
File\Folder C:\Windows\temp\mcmsc_9nfNhf1y1vDoTzJ not found!
File\Folder C:\Windows\temp\mcmsc_hMgrfZEyF8RxLGR not found!

Registry entries deleted on Reboot...
  • 0

#4
AZCMer
Posted 26 November 2010 - 09:49 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
The mbg prog didn't run:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600

device: opened successfully
user: error reading MBR
error: Read The handle is invalid.
kernel: error reading MBR

Booted into safe mode and tried rerunning it and got the same log.

If it is okay, I'll go on and work with bitdefender.

Edited by AZCMer, 26 November 2010 - 11:21 AM.

  • 0

#5
AZCMer
Posted 26 November 2010 - 11:26 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Bitdefender log:


QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Fri Nov 26 10:21:38 2010
Machine ID: D89D3891



No infection found.
-------------------



Processes
---------
hpwuSchd Application 3736 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
Adobe Photoshop Elements 1636 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
ArcSoft Connect 3816 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
ArcSoft Connect 1600 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Bonjour 1712 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
CyberLink MediaLibray Service 5148 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Firefox 4608 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 6308 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
GPCore COM object 5204 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
Hotkey Driver 3416 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
HP Digital Imaging 4952 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
HP Digital Imaging 4848 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
HP Digital Imaging 3676 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
HP DVDSmart 5132 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
iTunes 3956 C:\Program Files (x86)\iTunes\iTunesHelper.exe
McAfee Integrated Security Platform 6192 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
McAfee Personal Firewall 1572 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
McAfee Proxy 1860 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
McAfee SecurityCenter 3092 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
McAfee SecurityCenter 2168 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
McAfee VirusScan API 4676 C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
MgiSvr 2176 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
Microsoft Encarta Dictionaries 3604 C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
Microsoft® Visual Studio .NET 2000 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
Microsoft® Windows® Operating System 3276 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
Microsoft® Windows® Operating System 1952 C:\Windows\SysWOW64\rundll32.exe
Microsoft® Windows® Operating System 1784 C:\Windows\SysWOW64\svchost.exe
MobileDeviceService 5528 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVTBM 3656 C:\Program Files (x86)\hp\BM\Patch\NVTBM.exe
RealPlayer (32-bit) 3832 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
Stereo Vision Control Panel API Server 2052 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
Windows Live Communications Platform 4660 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
Windows Live Mesh 3936 C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
Windows Live Mesh 3640 C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
Windows Live Messenger 3624 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process msnmsgr.exe (3624) connected on port 80 (HTTP) --> 207.46.105.159
Process WLSync.exe (3640) connected on port 80 (HTTP) --> 207.46.105.159
Process MOE.exe (3936) connected on port 443 (HTTP over SSL) --> 65.55.202.197
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.125.224.4
Process firefox.exe (4608) connected on port 80 (HTTP) --> 8.19.240.93
Process firefox.exe (4608) connected on port 80 (HTTP) --> 66.102.7.155
Process firefox.exe (4608) connected on port 80 (HTTP) --> 184.24.197.115
Process firefox.exe (4608) connected on port 80 (HTTP) --> 8.19.240.94
Process firefox.exe (4608) connected on port 80 (HTTP) --> 8.19.240.94
Process firefox.exe (4608) connected on port 80 (HTTP) --> 70.167.151.174
Process firefox.exe (4608) connected on port 80 (HTTP) --> 64.4.62.123
Process firefox.exe (4608) connected on port 80 (HTTP) --> 66.102.7.149
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 69.63.181.55
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.125.224.4
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.125.224.4
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.125.224.4
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.125.224.4
Process firefox.exe (4608) connected on port 80 (HTTP) --> 208.68.156.17
Process firefox.exe (4608) connected on port 80 (HTTP) --> 98.174.30.16
Process firefox.exe (4608) connected on port 80 (HTTP) --> 98.174.30.16
Process firefox.exe (4608) connected on port 80 (HTTP) --> 66.102.7.155
Process firefox.exe (4608) connected on port 80 (HTTP) --> 70.183.191.73
Process firefox.exe (4608) connected on port 80 (HTTP) --> 70.167.151.136
Process firefox.exe (4608) connected on port 80 (HTTP) --> 66.220.158.25
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.86.67.61
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 66.220.146.48
Process firefox.exe (4608) connected on port 443 (HTTP over SSL) --> 174.76.226.58
Process firefox.exe (4608) connected on port 80 (HTTP) --> 74.86.67.61
Process wlcomm.exe (4660) connected on port 1863 (MSN) --> 64.4.61.160

Process McNASvc.exe (6192) listens on ports: 6646


Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
ArcSoft Connect C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Default Manager C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
Hardware Diagnostic Tools C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe
HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
HP Digital Imaging C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
McAfee QuickClean c:\Program Files (x86)\McAfee\MQC\QcConsol.exe
McAfee SecurityCenter C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
Microsoft Encarta Dictionaries C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
MobileMe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
NVTBM C:\Program Files (x86)\hp\BM\Patch\NVTBM.exe
QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
RealPlayer (32-bit) C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
Windows Live Mesh C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Browser plugins
---------------
Wacom Dynamic Link Library C:\Program Files (x86)\TabletPlugins\npwacom.dll
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
BitDefender QuickScan C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
BitDefender QuickScan C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (deleted)
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Cooliris for Internet Explorer c:\program files (x86)\piclensie\cooliris.dll
Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
Coupons Inc., Coupon Printer Manager C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Homepage Protection c:\program files (x86)\common files\homepage protection\homepageprotection.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Hulu Desktop C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
Java Deployment Toolkit 6.0.200.2 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U20 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
McAfee SiteAdvisor c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll
McAfee Virtual Technician C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
Microsoft Encarta c:\program files (x86)\common files\microsoft shared\encarta web companion\2007\encwcbar.dll
Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
Microsoft Support Diagnostic Tool C:\Windows\Downloaded Program Files\MSDCode.DLL
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
Move Streaming Media Player C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.8 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
VSCORE.14.0.0.435.x86 C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
Windows Genuine Advantage C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
Windows Live Messenger Companion c:\program files (x86)\windows live\companion\companioncore.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll


Scan
----


No file uploaded.

Scan finished - communication took 8 sec
Total traffic - 0.08 MB sent, 636.07 KB recvd
Scanned 1108 files and modules - 50 seconds

==============================================================================
  • 0

#6
AZCMer
Posted 26 November 2010 - 12:10 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I reset my router and changed the password.

This is my OTL log. Since 'none' was checked, I checked all:

OTL logfile created on: 11/26/2010 10:59:56 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 220.22 Gb Free Space | 37.70% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 11:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/10 06:58:32 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2010/06/07 19:18:26 | 000,057,344 | ---- | M] (Novatek) -- C:\Program Files (x86)\hp\BM\Patch\NVTBM.exe
PRC - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/12/07 14:40:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE


========== Modules (SafeList) ==========

MOD - [2010/11/24 11:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 002,340,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 11:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/10/22 22:01:18 | 004,324,720 | ---- | M] (MediaMall Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/10 06:58:32 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2010/04/03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/12/08 14:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/15 15:18:22 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/05/31 20:32:58 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/08/13 15:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/11/22 20:59:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 07:41:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/21 10:32:28 | 000,000,000 | ---D | M]

[2010/07/24 22:09:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2010/11/26 10:21:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2010/10/26 07:37:55 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/11/08 07:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/10/15 09:03:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/26 10:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/05/17 10:16:42 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/11/26 10:21:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/01 06:39:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/06/03 09:50:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [L07AXLRD_1300205] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: grillflame.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/26 10:50:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2010/11/26 10:21:16 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\QuickScan
[2010/11/26 08:34:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/24 11:31:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/11/19 07:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/16 10:58:44 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Homeschool
[2010/11/04 07:37:06 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2010/11/04 07:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty

========== Files - Modified Within 30 Days ==========

[2010/11/26 10:55:30 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/26 10:55:30 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/26 10:55:30 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/26 10:50:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 10:50:31 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/26 10:50:03 | 000,019,097 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2010/11/26 10:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/26 10:42:56 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/26 08:45:00 | 000,089,088 | ---- | M] () -- C:\Users\The Reeve Family\Desktop\mbr.exe
[2010/11/24 11:31:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2010/11/23 09:11:32 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2010/11/21 10:32:32 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/20 13:53:01 | 000,000,202 | -HS- | M] () -- C:\Windows\setup_9.0.0.722_19.11.2010_12-09drv.spi
[2010/11/19 07:49:00 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/06 11:18:19 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/11/04 07:37:01 | 000,001,356 | ---- | M] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper Platinum.lnk
[2010/11/04 07:37:01 | 000,001,332 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2010/10/31 12:11:15 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2010/11/26 08:45:00 | 000,089,088 | ---- | C] () -- C:\Users\The Reeve Family\Desktop\mbr.exe
[2010/11/20 13:53:01 | 000,000,202 | -HS- | C] () -- C:\Windows\setup_9.0.0.722_19.11.2010_12-09drv.spi
[2010/11/19 07:49:00 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/06 11:18:19 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2010/11/04 07:37:01 | 000,001,356 | ---- | C] () -- C:\Users\The Reeve Family\Application Data\Microsoft\Internet Explorer\Quick Launch\WinX DVD Ripper Platinum.lnk
[2010/11/04 07:37:01 | 000,001,332 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2010/10/16 07:09:41 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0004]-[p04].bmp
[2010/10/16 07:09:14 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0003]-[p04].bmp
[2010/09/28 07:42:34 | 002,447,334 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\[j0005]-[p04].bmp
[2010/07/15 17:46:54 | 000,001,130 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,605 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,000,784 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty

< End of report >

Extras log:

OTL Extras logfile created on: 11/26/2010 10:59:56 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 74.00% Memory free
11.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 220.22 Gb Free Space | 37.70% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 2.17 Gb Free Space | 18.09% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07044040-959A-4B0D-8825-2C533F0DDB19}" = Encarta Search Bar (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{642AB043-7802-41AD-9A4F-E4A06076C8F5}" = PCTV Package - Windows Media Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF5948BA-589D-4BE7-B993-C45DC1A77E24}" = MobileMe Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07041881-E9B4-4DF6-A845-CAAFD093E477}" = Microsoft Student with Encarta Premium 2007
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{187AA9B3-A568-4C9C-91A1-EF02A5E59DD5}" = PlayOn
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1A238924-45D4-4673-912C-808A4FF72B4C}" = Insert Video
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser
"{3BB33344-3179-49A4-B6EB-22D2A390764D}" = HP Webcam User's Guide
"{3E31F0CE-D1D7-44C0-AE9B-6221D7F2DF36}" = Cooliris for Internet Explorer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41B44041-D45D-41EB-A1EF-A12BB5C6996B}" = ArcSoft Magic-i Visual Effects 2
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{567C5FE9-17AC-4D5D-99FD-1AC0FC43977C}" = OverDrive Media Console
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B348E585-E872-41DF-8234-E2D49917CFBB}" = Learning Essentials for Microsoft Office
"{B3D84D4A-DE51-42A1-964B-E80013272D55}" = HuluDesktopIntegration
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E92E462A-700D-4949-B24B-789AEDDA3B88}" = ArcSoft ShowBiz
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFEFD86B-5D4F-4A2D-8D4E-ECD7D9AD925E}" = ArcSoft WebCam Companion 3
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"EA Download Manager" = EA Download Manager
"Homepage Protection" = Homepage Protection
"HP Photo Creations" = HP Photo Creations
"hp print screen utility" = hp print screen utility
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}" = HP Button Manager
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pen Tablet Driver" = Pen Tablet
"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser
"RealPlayer 12.0" = RealPlayer
"SecondLife" = SecondLife (remove only)
"SecondLifeBetaViewer" = SecondLifeBetaViewer (remove only)
"sp44401" = sp44401
"SystemRequirementsLab" = System Requirements Lab
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = HP Games
"Wingmakers" = Wingmakers
"WinLiveSuite" = Windows Live Essentials
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#7
RKinner
Posted 26 November 2010 - 01:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I know this one works with Windows 7 64 bit so if it doesn't work try pausing your antivirus before downloading or running it.

Please download MBRCheck.exe
http://ad13.geekstogo.com/MBRCheck.exe
to your desktop.

* Be sure to disable your security programs
* Right click on the file and Run As Administrator (You will have to confirm the UAC prompt)
* A small window should open on your desktop
* if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
* If nothing unusual is found just press Enter
* A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

Are you still getting redirected or blocked?

Ron
  • 0

#8
AZCMer
Posted 26 November 2010 - 01:25 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
This one worked.

I was being blocked from the site and now I'm not, so I'm confused as to whether it is the site or just me.

>>>>I posted results earlier, but realized I hadn't disabled my McAfee. So I reran it with McAfee disabled and have posted the new scan.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NY545AA-ABA p6210y
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 192):
0x02C04000 \SystemRoot\system32\ntoskrnl.exe
0x031E0000 \SystemRoot\system32\hal.dll
0x00BB9000 \SystemRoot\system32\kdcom.dll
0x00C0B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C18000 \SystemRoot\system32\PSHED.dll
0x00C2C000 \SystemRoot\system32\CLFS.SYS
0x00C8A000 \SystemRoot\system32\CI.dll
0x00D4A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DEE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EA3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EFA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F03000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F0D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F40000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F4D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F62000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F77000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x00E3E000 \SystemRoot\system32\DRIVERS\storport.sys
0x00FED000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010FB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01147000 \SystemRoot\system32\drivers\fileinfo.sys
0x0115B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01258000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01167000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014B7000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x015A9000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015F5000 \SystemRoot\System32\Drivers\spldr.sys
0x01073000 \SystemRoot\System32\drivers\rdyboost.sys
0x0148B000 \SystemRoot\System32\Drivers\mup.sys
0x0165A000 \SystemRoot\system32\drivers\mfehidk.sys
0x016D9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x016E2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0171C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01732000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x017CB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x017F5000 \SystemRoot\System32\Drivers\Null.SYS
0x01600000 \SystemRoot\System32\Drivers\Beep.SYS
0x01607000 \SystemRoot\System32\drivers\vga.sys
0x01615000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0163A000 \SystemRoot\System32\drivers\watchdog.sys
0x0164A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0149D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x014A6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01235000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01240000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A01000 \SystemRoot\System32\drivers\tcpip.sys
0x010AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03CB2000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03CEF000 \SystemRoot\System32\Drivers\TDI.SYS
0x03CFC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03D1A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03D38000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C00000 \SystemRoot\system32\drivers\afd.sys
0x03C8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D7D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DA3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DCD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EAD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EFE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F0A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F15000 \SystemRoot\System32\drivers\discache.sys
0x03F24000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F42000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F53000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F79000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03F8E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x03F99000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03FA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E35000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03E73000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04220000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x046F3000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x051F3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04272000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04600000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05464000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x05595000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05597000 \SystemRoot\system32\drivers\modem.sys
0x055A6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x055AF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x055BF000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x055C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x055E4000 \SystemRoot\system32\drivers\povrtdev.sys
0x05400000 \SystemRoot\system32\drivers\portcls.sys
0x0543D000 \SystemRoot\system32\drivers\drmk.sys
0x04646000 \SystemRoot\system32\drivers\ks.sys
0x055EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x04689000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0469F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046C3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04366000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04395000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043B6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x055F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x043EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A36000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05A90000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05A9D000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x05AA5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E13000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05FF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05ABA000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05AC4000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x05B02000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05B15000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05B32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05B40000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05B4E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x01C57000 \SystemRoot\System32\Drivers\nvtcam.sys
0x01EF6000 \SystemRoot\System32\Drivers\STREAM.SYS
0x01F07000 \SystemRoot\System32\Drivers\NVTCAMD2.SYS
0x01F10000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x01F1A000 \SystemRoot\system32\drivers\usbaudio.sys
0x01F35000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005A0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x01F43000 \SystemRoot\system32\drivers\luafv.sys
0x01F66000 \SystemRoot\system32\drivers\WudfPf.sys
0x01F87000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01F9C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08821000 \SystemRoot\system32\drivers\HTTP.sys
0x088E9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08907000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0891F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0894C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0899A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0904D000 \SystemRoot\system32\drivers\peauth.sys
0x090F3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x090FE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0912B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0913D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05B69000 \SystemRoot\System32\DRIVERS\srv.sys
0x091A4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x091D5000 \SystemRoot\system32\drivers\MSPQM.sys
0x091D7000 \SystemRoot\system32\drivers\mfeavfk.sys
0x77250000 \Windows\System32\ntdll.dll
0x47960000 \Windows\System32\smss.exe
0xFF570000 \Windows\System32\apisetschema.dll
0x77130000 \Windows\System32\kernel32.dll
0xFF3E0000 \Windows\System32\urlmon.dll
0xFF3D0000 \Windows\System32\nsi.dll
0xFF3C0000 \Windows\System32\lpk.dll
0xFE630000 \Windows\System32\shell32.dll
0xFE520000 \Windows\System32\msctf.dll
0xFE3F0000 \Windows\System32\rpcrt4.dll
0xFE210000 \Windows\System32\setupapi.dll
0x77030000 \Windows\System32\user32.dll
0xFE1F0000 \Windows\System32\imagehlp.dll
0xFE120000 \Windows\System32\usp10.dll
0xFE0D0000 \Windows\System32\ws2_32.dll
0xFE030000 \Windows\System32\comdlg32.dll
0x77420000 \Windows\System32\psapi.dll
0xFDFC0000 \Windows\System32\gdi32.dll
0xFDEE0000 \Windows\System32\advapi32.dll
0xFDE90000 \Windows\System32\Wldap32.dll
0xFDDF0000 \Windows\System32\msvcrt.dll
0xFDDD0000 \Windows\System32\sechost.dll
0xFDCA0000 \Windows\System32\wininet.dll
0x77410000 \Windows\System32\normaliz.dll
0xFDA40000 \Windows\System32\iertutil.dll
0xFD9C0000 \Windows\System32\difxapi.dll
0xFD990000 \Windows\System32\imm32.dll
0xFD780000 \Windows\System32\ole32.dll
0xFD6E0000 \Windows\System32\clbcatq.dll
0xFD660000 \Windows\System32\shlwapi.dll
0xFD580000 \Windows\System32\oleaut32.dll
0xFD540000 \Windows\System32\wintrust.dll
0xFD500000 \Windows\System32\cfgmgr32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD2F0000 \Windows\System32\crypt32.dll
0xFD280000 \Windows\System32\KernelBase.dll
0xFD260000 \Windows\System32\devobj.dll
0xFD250000 \Windows\System32\msasn1.dll
0x751C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 96):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
436 csrss.exe
500 C:\Windows\System32\wininit.exe
516 csrss.exe
572 C:\Windows\System32\winlogon.exe
616 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\nvvsvc.exe
832 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
1056 C:\Program Files\WTouch\WTouchService.exe
1168 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\spoolsv.exe
1420 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\nvvsvc.exe
1552 C:\Windows\System32\wisptis.exe
1612 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1664 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1740 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1828 C:\Windows\SysWOW64\svchost.exe
1912 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1992 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
300 C:\Windows\System32\rundll32.exe
1048 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1160 C:\Windows\SysWOW64\rundll32.exe
1560 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1304 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1752 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\svchost.exe
1932 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2208 C:\Windows\System32\svchost.exe
2216 C:\Windows\System32\wisptis.exe
2260 C:\Program Files\WTouch\WTouchUser.exe
2268 C:\Windows\System32\taskhost.exe
2276 C:\Windows\System32\dwm.exe
2284 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2432 C:\Windows\System32\Pen_Tablet.exe
2440 C:\Windows\explorer.exe
2536 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2544 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2592 C:\Windows\System32\WTablet\Pen_TabletUser.exe
2624 C:\Windows\System32\svchost.exe
2664 C:\Windows\System32\Pen_Tablet.exe
2676 C:\Windows\System32\taskeng.exe
2744 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2892 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2172 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
3152 C:\Windows\System32\svchost.exe
3352 WUDFHost.exe
3524 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
3620 C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
3636 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3672 C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
3704 C:\Program Files (x86)\hp\BM\Patch\NVTBM.exe
3792 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3808 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3988 C:\Windows\System32\SearchIndexer.exe
3312 C:\Program Files\Windows Media Player\wmpnetwk.exe
2180 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3868 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3416 C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
4340 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4444 C:\Windows\System32\taskeng.exe
4496 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4504 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4740 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
4788 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
4956 C:\Program Files\iPod\bin\iPodService.exe
5072 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
3392 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
4636 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
7160 dllhost.exe
6420 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
6620 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
5536 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6884 C:\Windows\System32\svchost.exe
1096 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
2320 C:\Windows\System32\svchost.exe
2376 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5448 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4076 C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
6528 C:\PROGRA~2\McAfee\MSC\mcshell.exe
5732 C:\Program Files (x86)\Common Files\McAfee\Core\mchost.exe
5624 C:\Windows\System32\audiodg.exe
6012 C:\Users\The Reeve Family\Desktop\MBRCheck.exe
6732 C:\Windows\System32\conhost.exe
5308 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`0aa00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: EA86DEA936A7937E6201DADF57DB786F2049D1CB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by AZCMer, 26 November 2010 - 07:17 PM.

  • 0

#9
RKinner
Posted 26 November 2010 - 09:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you run mbrcheck again? This time: Enter 'Y' and hit ENTER then select
1 for [1] Dump the MBR of a physical disk to file.
Enter the physical disk number to dump:0
Enter filename to dump to: mbrdump.txt

mbrdump.txt file should be in the same place as mbrcheck.exe. Attach it to your next post. (It's not a text file but the forum software limits what extensions you can post.) I'll have to submit it to one of our gurus to see if it is infected or just a version of the mbr that mbrcheck doesn't recognize.

If you are not getting redirected or blocked any more then it is probably just a version that is not yet recognized.


Ron
  • 0

#10
AZCMer
Posted 26 November 2010 - 10:55 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you so much for your help, Ron.

Here are the results of the latest scan. I've attached the dump as well.

mbrcheck log:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NY545AA-ABA p6210y
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 192):
0x02C04000 \SystemRoot\system32\ntoskrnl.exe
0x031E0000 \SystemRoot\system32\hal.dll
0x00BB9000 \SystemRoot\system32\kdcom.dll
0x00C0B000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C18000 \SystemRoot\system32\PSHED.dll
0x00C2C000 \SystemRoot\system32\CLFS.SYS
0x00C8A000 \SystemRoot\system32\CI.dll
0x00D4A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DEE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EA3000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00EFA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F03000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F0D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F40000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F4D000 \SystemRoot\System32\drivers\partmgr.sys
0x00F62000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F77000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD3000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x00E3E000 \SystemRoot\system32\DRIVERS\storport.sys
0x00FED000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010FB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01147000 \SystemRoot\system32\drivers\fileinfo.sys
0x0115B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01258000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01167000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014B7000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x015A9000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015F5000 \SystemRoot\System32\Drivers\spldr.sys
0x01073000 \SystemRoot\System32\drivers\rdyboost.sys
0x0148B000 \SystemRoot\System32\Drivers\mup.sys
0x0165A000 \SystemRoot\system32\drivers\mfehidk.sys
0x016D9000 \SystemRoot\System32\drivers\hwpolicy.sys
0x016E2000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0171C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01732000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x017CB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x017F5000 \SystemRoot\System32\Drivers\Null.SYS
0x01600000 \SystemRoot\System32\Drivers\Beep.SYS
0x01607000 \SystemRoot\System32\drivers\vga.sys
0x01615000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0163A000 \SystemRoot\System32\drivers\watchdog.sys
0x0164A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0149D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x014A6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01235000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01240000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A01000 \SystemRoot\System32\drivers\tcpip.sys
0x010AD000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03CB2000 \SystemRoot\System32\Drivers\Mpfp.sys
0x03CEF000 \SystemRoot\System32\Drivers\TDI.SYS
0x03CFC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03D1A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x03D38000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C00000 \SystemRoot\system32\drivers\afd.sys
0x03C8A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D7D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DA3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03DB2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03DCD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EAD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EFE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F0A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F15000 \SystemRoot\System32\drivers\discache.sys
0x03F24000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F42000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F53000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F79000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03F8E000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x03F99000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03FA4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E11000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E35000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03E73000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04220000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x046F3000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x051F3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04272000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04600000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05464000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x05595000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05597000 \SystemRoot\system32\drivers\modem.sys
0x055A6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x055AF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x055BF000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x055C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x055DB000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x055E4000 \SystemRoot\system32\drivers\povrtdev.sys
0x05400000 \SystemRoot\system32\drivers\portcls.sys
0x0543D000 \SystemRoot\system32\drivers\drmk.sys
0x04646000 \SystemRoot\system32\drivers\ks.sys
0x055EF000 \SystemRoot\system32\drivers\ksthunk.sys
0x04689000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0469F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x046C3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04366000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x046CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04395000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043B6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043DF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x055F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x043EE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05A36000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05A90000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05A9D000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x05AA5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05E13000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x05FF4000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05ABA000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x05AC4000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x05B02000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x05B15000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05B32000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05B40000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x05B4E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x01C57000 \SystemRoot\System32\Drivers\nvtcam.sys
0x01EF6000 \SystemRoot\System32\Drivers\STREAM.SYS
0x01F07000 \SystemRoot\System32\Drivers\NVTCAMD2.SYS
0x01F10000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x01F1A000 \SystemRoot\system32\drivers\usbaudio.sys
0x01F35000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005A0000 \SystemRoot\System32\TSDDD.dll
0x007A0000 \SystemRoot\System32\cdd.dll
0x00800000 \SystemRoot\System32\ATMFD.DLL
0x01F43000 \SystemRoot\system32\drivers\luafv.sys
0x01F66000 \SystemRoot\system32\drivers\WudfPf.sys
0x01F87000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01F9C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x08821000 \SystemRoot\system32\drivers\HTTP.sys
0x088E9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x08907000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0891F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0894C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0899A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0904D000 \SystemRoot\system32\drivers\peauth.sys
0x090F3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x090FE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0912B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0913D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05B69000 \SystemRoot\System32\DRIVERS\srv.sys
0x091A4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x091D5000 \SystemRoot\system32\drivers\MSPQM.sys
0x091D7000 \SystemRoot\system32\drivers\mfeavfk.sys
0x77250000 \Windows\System32\ntdll.dll
0x47960000 \Windows\System32\smss.exe
0xFF570000 \Windows\System32\apisetschema.dll
0x77130000 \Windows\System32\kernel32.dll
0xFF3E0000 \Windows\System32\urlmon.dll
0xFF3D0000 \Windows\System32\nsi.dll
0xFF3C0000 \Windows\System32\lpk.dll
0xFE630000 \Windows\System32\shell32.dll
0xFE520000 \Windows\System32\msctf.dll
0xFE3F0000 \Windows\System32\rpcrt4.dll
0xFE210000 \Windows\System32\setupapi.dll
0x77030000 \Windows\System32\user32.dll
0xFE1F0000 \Windows\System32\imagehlp.dll
0xFE120000 \Windows\System32\usp10.dll
0xFE0D0000 \Windows\System32\ws2_32.dll
0xFE030000 \Windows\System32\comdlg32.dll
0x77420000 \Windows\System32\psapi.dll
0xFDFC0000 \Windows\System32\gdi32.dll
0xFDEE0000 \Windows\System32\advapi32.dll
0xFDE90000 \Windows\System32\Wldap32.dll
0xFDDF0000 \Windows\System32\msvcrt.dll
0xFDDD0000 \Windows\System32\sechost.dll
0xFDCA0000 \Windows\System32\wininet.dll
0x77410000 \Windows\System32\normaliz.dll
0xFDA40000 \Windows\System32\iertutil.dll
0xFD9C0000 \Windows\System32\difxapi.dll
0xFD990000 \Windows\System32\imm32.dll
0xFD780000 \Windows\System32\ole32.dll
0xFD6E0000 \Windows\System32\clbcatq.dll
0xFD660000 \Windows\System32\shlwapi.dll
0xFD580000 \Windows\System32\oleaut32.dll
0xFD540000 \Windows\System32\wintrust.dll
0xFD500000 \Windows\System32\cfgmgr32.dll
0xFD460000 \Windows\System32\comctl32.dll
0xFD2F0000 \Windows\System32\crypt32.dll
0xFD280000 \Windows\System32\KernelBase.dll
0xFD260000 \Windows\System32\devobj.dll
0xFD250000 \Windows\System32\msasn1.dll
0x751C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 93):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
436 csrss.exe
500 C:\Windows\System32\wininit.exe
516 csrss.exe
572 C:\Windows\System32\winlogon.exe
616 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
724 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\nvvsvc.exe
832 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\svchost.exe
1056 C:\Program Files\WTouch\WTouchService.exe
1168 C:\Windows\System32\svchost.exe
1372 C:\Windows\System32\spoolsv.exe
1420 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\nvvsvc.exe
1552 C:\Windows\System32\wisptis.exe
1612 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1664 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1740 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1828 C:\Windows\SysWOW64\svchost.exe
1912 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1992 C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
300 C:\Windows\System32\rundll32.exe
1048 C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
1160 C:\Windows\SysWOW64\rundll32.exe
1560 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
1304 C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
1752 C:\Windows\System32\svchost.exe
1748 C:\Windows\System32\svchost.exe
1932 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2208 C:\Windows\System32\svchost.exe
2216 C:\Windows\System32\wisptis.exe
2260 C:\Program Files\WTouch\WTouchUser.exe
2268 C:\Windows\System32\taskhost.exe
2276 C:\Windows\System32\dwm.exe
2284 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2432 C:\Windows\System32\Pen_Tablet.exe
2440 C:\Windows\explorer.exe
2536 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2544 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2592 C:\Windows\System32\WTablet\Pen_TabletUser.exe
2624 C:\Windows\System32\svchost.exe
2664 C:\Windows\System32\Pen_Tablet.exe
2676 C:\Windows\System32\taskeng.exe
2744 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2892 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2988 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2172 C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
3152 C:\Windows\System32\svchost.exe
3352 WUDFHost.exe
3524 C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
3620 C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
3672 C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe
3704 C:\Program Files (x86)\hp\BM\Patch\NVTBM.exe
3792 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
3808 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
3988 C:\Windows\System32\SearchIndexer.exe
3312 C:\Program Files\Windows Media Player\wmpnetwk.exe
2180 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
3868 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3416 C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
4340 C:\Program Files (x86)\iTunes\iTunesHelper.exe
4444 C:\Windows\System32\taskeng.exe
4496 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
4504 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
4740 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
4788 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
4956 C:\Program Files\iPod\bin\iPodService.exe
5072 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
3392 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
4636 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\svchost.exe
7160 dllhost.exe
6420 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
6620 C:\PROGRA~2\COMMON~1\McAfee\MNA\McNASvc.exe
5536 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
6884 C:\Windows\System32\svchost.exe
1096 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
2320 C:\Windows\System32\svchost.exe
5020 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
512 C:\Windows\System32\SearchProtocolHost.exe
5352 C:\Windows\System32\SearchFilterHost.exe
756 C:\Windows\System32\audiodg.exe
5404 C:\Users\The Reeve Family\Desktop\MBRCheck.exe
1576 C:\Windows\System32\conhost.exe
6700 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000092`0aa00000 (NTFS)

PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
SHA1: EA86DEA936A7937E6201DADF57DB786F2049D1CB


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to dump (0-99, -1 to exit): 0Dumping \\.\PhysicalDisk0...
Enter filename to dump to: mbrdump.txtRE: Dumped successfully!

Enter the physical disk number to dump (0-99, -1 to exit): -1

Done!

Attached Files


  • 0

Advertisements

#11
RKinner
Posted 27 November 2010 - 05:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I've posted your data on one of our internal forums. Have to wait to see what they say.

We can run a few more tests:

Start, All Programs, Accessories, then right click on Command Prompt and run as administrator.

sfc /scannow

(Space after sfc. This will take a few minutes. On a vista it always says it found files that could not be fixed but hopefully they have fixed that on 7. If it asks for the DVD just tell it to skip that file.)

sigverif

(Press Start. It will check your drivers to make sure they are good. Wouldn't think there would be too many in the final list on a 7 so tell me what it finds.)

Your Java is out of date. Get the latest at:

http://javadl.sun.co...?BundleId=44398

Download and Save the file. Close all browsers. Right click and Run As Administrator.

It should remove your old version (6 update 20) but if it doesn't make sure you remove it with Control Panel, Programs.

Ron
  • 0

#12
AZCMer
Posted 27 November 2010 - 10:11 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thank you, Ron. I appreciate your help.

Last night, I had to uninstall/reinstall hp's support assistant. Also, there was a notification on my system that I had errors on my disk, so I ran scan disk. I did it this morning per your advice as well and this time were no errors found.

On the verified files, there were two in my system32 folder shown as being unsigned: dpinst.exe and nvudisp.exe. Both were installed 4/3/10. >>>Oh yea, it didn't scan one file and didn't say which file that was.

Also, I've updated my Java and the installer unstalled my old Java. Nice! Thank you for that.

Also, I checked my McAfee and found that it was allowing full access both inbound and outbound. I then upped the security level and then reset it to default, it turns out that the default level IS full access both inbound and outbound. There must be some mistake because I cannot think that even a mediocre prog like McAfee would think that would be acceptable. Perhaps I ought to uninstall and reinstall that as well.

Each thing you have me do helps make my computer faster and faster. I hadn't realized how slow it was getting.

Edited by AZCMer, 27 November 2010 - 10:14 AM.

  • 0

#13
RKinner
Posted 27 November 2010 - 11:16 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
dpinst.exe is from adobe and nvudisp.exe from NVIDIA so probably OK but it wouldn't hurt to submit each one to http://virustotal.com and see what they say about them.

You can test your firewall:

http://www.grc.com/default.htm

then select Shields up, Proceed, Continue, Common Ports or All Ports (takes longer).

It will tell you if a port is open for business (Closed or Stealth means OK).

Let's look at your logs:

Right click on Computer and select Manage (Continue) then Event Viewer. Under Event Viewer select Windows Logs then System. Scroll through the list and look for red or yellow marked events with recent dates (since the last reboot). Double click on the event to open it then press the Copy button. Move to a reply and Paste (Ctrl + v).

Repeat for Application.

Ron
  • 0

#14
AZCMer
Posted 27 November 2010 - 12:04 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I tested my firewall and this is the report:

GRC Port Authority Report created on UTC: 2010-11-27 at 17:34:03

Results from scan of ports: 0-1055

1 Ports Open
0 Ports Closed
1055 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be CLOSED.

The port found to be OPEN was: 443

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

I checked my McAfee and it doesn't show that port 443 is open. How do I close it?

Event Viewer:

Log Name: System
Source: Service Control Manager
Date: 11/26/2010 10:46:04 PM
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-11-27T05:46:04.456600000Z" />
<EventRecordID>165305</EventRecordID>
<Correlation />
<Execution ProcessID="616" ThreadID="7004" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Stereoscopic 3D Driver Service</Data>
<Data Name="param2">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 11/26/2010 10:48:06 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: FamilyComputer
Description:
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>

Log Name: System
Source: Microsoft-Windows-Wininit
Date: 11/26/2010 10:43:23 AM
Event ID: 11
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FamilyComputer
Description:
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:43:23.887400000Z" />
<EventRecordID>164823</EventRecordID>
<Correlation />
<Execution ProcessID="504" ThreadID="576" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="StringCount">0</Data>
<Data Name="String">
</Data>
</EventData>
</Event>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:48:06.500600000Z" />
<EventRecordID>164872</EventRecordID>
<Correlation />
<Execution ProcessID="1320" ThreadID="1564" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">teredo.ipv6.microsoft.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801010000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 11/26/2010 10:48:01 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: FamilyComputer
Description:
Name resolution for the name isatap.ph.cox.net timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:48:01.477400000Z" />
<EventRecordID>164870</EventRecordID>
<Correlation />
<Execution ProcessID="1320" ThreadID="3060" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">isatap.ph.cox.net</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">02000035C0A801010000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/26/2010 10:39:38 AM
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:39:38.753400000Z" />
<EventRecordID>164722</EventRecordID>
<Correlation />
<Execution ProcessID="560" ThreadID="4968" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Stereoscopic 3D Driver Service</Data>
<Data Name="param2">0</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 11/26/2010 10:39:32 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: FamilyComputer
Description:
Name resolution for the name isatap.ph.cox.net timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:39:32.279000000Z" />
<EventRecordID>164684</EventRecordID>
<Correlation />
<Execution ProcessID="1332" ThreadID="1796" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">isatap.ph.cox.net</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">0200003544691C0C0000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 11/26/2010 10:39:30 AM
Event ID: 1014
Task Category: None
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: FamilyComputer
Description:
Name resolution for the name sup.live.com timed out after none of the configured DNS servers responded.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>1014</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:39:30.407000000Z" />
<EventRecordID>164682</EventRecordID>
<Correlation />
<Execution ProcessID="1332" ThreadID="5212" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="QueryName">sup.live.com</Data>
<Data Name="AddressLength">16</Data>
<Data Name="Address">0200003544691C0C0000000000000000</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 11/26/2010 10:29:23 AM
Event ID: 7016
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The NVIDIA Stereoscopic 3D Driver Service service has reported an invalid current state 0.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:29:23.825000000Z" />
<EventRecordID>164525</EventRecordID>
<Correlation />
<Execution ProcessID="560" ThreadID="2600" />
<Channel>System</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">NVIDIA Stereoscopic 3D Driver Service</Data>
<Data Name="param2">0</Data>
</EventData>
</Event>

I rebooted just before I did the scan disk (I left it to run overnight) and I haven't had any errors since then. The errors I'm posting came from yesterday. I rebooted a lot yesterday. I got some errors when I tried running mbr, but that was because it was an incompatible app. The DNS errors happened around the time I was messing with the router yesterday, although, to tell you the truth, the past couple of days I've been being kicked off the internet. Ever since we reset the router, my internet experience has been good. The Nvidia errors bother me, but I haven't had any today either.

Sorry, I forgot about the applications . . .

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: 11/26/2010 10:39:36 AM
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: FamilyComputer
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-1088720637-78751619-3950019920-1000:
Process 504 (\Device\HarddiskVolume2\Windows\System32\wininit.exe) has opened key \REGISTRY\USER\S-1-5-21-1088720637-78751619-3950019920-1000
Process 504 (\Device\HarddiskVolume2\Windows\System32\wininit.exe) has opened key \REGISTRY\USER\S-1-5-21-1088720637-78751619-3950019920-1000\Control Panel\Desktop\LanguageConfiguration

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
<EventID>1530</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:39:36.663000000Z" />
<EventRecordID>41621</EventRecordID>
<Correlation ActivityID="{00000100-0000-0002-C100-2B9D8F8DCB01}" />
<Execution ProcessID="1020" ThreadID="6772" />
<Channel>Application</Channel>
<Computer>FamilyComputer</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="EVENT_HIVE_LEAK">
<Data Name="Detail">2 user registry handles leaked from \Registry\User\S-1-5-21-1088720637-78751619-3950019920-1000:
Process 504 (\Device\HarddiskVolume2\Windows\System32\wininit.exe) has opened key \REGISTRY\USER\S-1-5-21-1088720637-78751619-3950019920-1000
Process 504 (\Device\HarddiskVolume2\Windows\System32\wininit.exe) has opened key \REGISTRY\USER\S-1-5-21-1088720637-78751619-3950019920-1000\Control Panel\Desktop\LanguageConfiguration
</Data>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 11/26/2010 10:15:03 AM
Event ID: 6000
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
<EventID Qualifiers="32768">6000</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:15:03.000000000Z" />
<EventRecordID>41537</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data>GPClient</Data>
<Binary>D9060000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 11/26/2010 10:15:03 AM
Event ID: 6000
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
<EventID Qualifiers="32768">6000</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:15:03.000000000Z" />
<EventRecordID>41534</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data>GPClient</Data>
<Binary>D9060000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 11/26/2010 10:12:34 AM
Event ID: 6000
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
<EventID Qualifiers="32768">6000</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-11-26T17:12:34.000000000Z" />
<EventRecordID>41532</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data>GPClient</Data>
<Binary>D9060000</Binary>
</EventData>
</Event>

Log Name: Application
Source: Application Error
Date: 11/24/2010 8:23:05 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
Faulting application name: firefox.exe, version: 1.9.2.3951, time stamp: 0x4cc7ae16
Faulting module name: ole32.dll, version: 6.1.7600.16624, time stamp: 0x4c297c56
Exception code: 0xc0000005
Fault offset: 0x0002f36a
Faulting process id: 0x1a6c
Faulting application start time: 0x01cb8c077a0d9000
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Faulting module path: C:\Windows\syswow64\ole32.dll
Report Id: 5077c500-f843-11df-b409-90e6ba3e780b
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-11-25T03:23:05.000000000Z" />
<EventRecordID>41391</EventRecordID>
<Channel>Application</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data>firefox.exe</Data>
<Data>1.9.2.3951</Data>
<Data>4cc7ae16</Data>
<Data>ole32.dll</Data>
<Data>6.1.7600.16624</Data>
<Data>4c297c56</Data>
<Data>c0000005</Data>
<Data>0002f36a</Data>
<Data>1a6c</Data>
<Data>01cb8c077a0d9000</Data>
<Data>C:\Program Files (x86)\Mozilla Firefox\firefox.exe</Data>
<Data>C:\Windows\syswow64\ole32.dll</Data>
<Data>5077c500-f843-11df-b409-90e6ba3e780b</Data>
</EventData>
</Event>

Log Name: Application
Source: TabletServicePen
Date: 11/23/2010 9:13:39 AM
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: FamilyComputer
Description:
The description for Event ID 0 from source TabletServicePen cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

Could not init tablet driver

the message resource is present but the message is not found in the string/message table

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="TabletServicePen" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-11-23T16:13:39.000000000Z" />
<EventRecordID>41228</EventRecordID>
<Channel>Application</Channel>
<Computer>FamilyComputer</Computer>
<Security />
</System>
<EventData>
<Data>Could not init tablet driver</Data>
</EventData>
</Event>

As you can see, all the application errors also occurred yesterday around about the same time. I haven't had any errors sine I rebooted last night and ran the scan disk.

Edited by AZCMer, 27 November 2010 - 12:15 PM.

  • 0

#15
RKinner
Posted 27 November 2010 - 02:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Port 443 is a secure connection like https. Per your bitdefender scan it is talking to something at facebook.com. You might want to try Online Armor
http://www.online-ar...-armor-free.php
and disable the McAfee firewall.


For your NVIDIA error try the beta drivers or the older Vista drivers for your video card.
http://www.nvidia.co...aspx?lang=en-us

Appears to be a common problem:
http://forums.nvidia...ic=105792&st=20

You can check that the DNS is working:

Start, All Programs, Accessories and right click on Command Prompt then type:
nslookup teredo.ipv6.microsoft.com

This is what I get:
Server: UnKnown
Address: 192.168.2.1

Non-authoritative answer:
Name: teredo.ipv6.microsoft.com.nsatc.net
Address: 65.55.158.118
Aliases: teredo.ipv6.microsoft.com


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP