Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

4 Trojans and Rootkit- OTL log included

Started by erindg25 , Jun 05 2011 11:43 AM

  • This topic is locked This topic is locked

#1
erindg25
Posted 05 June 2011 - 11:43 AM

erindg25

    Member

  • Member
  • PipPip
  • 54 posts
Hi, I am on hiatus from Geek U, and haven't made it nearly far enough to tackle this myself! Help would be greatly appreciated :)

Background: Just got a new machine after the old laptop got junked out (warranty replacement). I had a copy of Photoshop CS2 on my last computer (probably not legit, but never had any issues), and the friend who did that told me he'd load CS3 for me. Apparently, it was a cracked version (I know, I know) and I've had issues since. By issues, I mean McAfee (trial version that came w/ system) found and blocked a few trojans, but was unable to remove one. I've also had issues with log-ins and clicking (after I click the mouse, it is often unresponsive or too responsive).

I just ran MBAM, which found, quarantined and removed 4 trojan.bho infections, and 1 rootkit.agent infection. Performance already seems to be improved, but I know how sneaky these things can be. OTL log follows- thanks in advance for assistance!

OTL logfile created on: 6/6/2011 12:26:27 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Erin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 60.19% Memory free
5.49 Gb Paging File | 3.94 Gb Available in Paging File | 71.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 216.48 Gb Free Space | 85.18% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 20.20 Gb Free Space | 69.66% Space Free | Partition Type: NTFS

Computer Name: ERIN-PC | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 12:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Downloads\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/24 16:25:38 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/03/02 17:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files (x86)\Napster\napster.exe
PRC - [2009/12/18 21:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2008/10/17 16:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 12:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/03/24 06:57:57 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 13:19:32 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/22 13:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 09:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/17 20:27:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/24 07:20:00 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/24 07:20:00 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/07 03:07:16 | 001,326,928 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/07/19 13:45:56 | 007,448,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/19 12:39:40 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 07:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 04:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/11 22:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/22 05:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/15 13:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/07 07:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/14 07:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/18 19:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 06:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 22:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 07:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search The Web"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/26 11:12:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/29 12:09:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/29 12:09:12 | 000,000,000 | ---D | M]

[2011/05/13 21:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin\AppData\Roaming\Mozilla\Extensions
[2011/05/17 22:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\vq3n5tq0.default\extensions
[2011/05/13 21:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/26 11:12:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/12/08 16:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\webblog.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110513212927.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110513212927.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58de1b06-80ef-11e0-8fb1-b870f4001843}\Shell - "" = AutoRun
O33 - MountPoints2\{58de1b06-80ef-11e0-8fb1-b870f4001843}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 12:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/06 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Malwarebytes
[2011/06/06 12:11:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/06 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/06 12:10:57 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/06/06 12:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Roxio
[2011/05/29 12:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
[2011/05/29 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2011/05/29 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/29 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/05/29 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Napster Shared
[2011/05/29 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\InstallShield
[2011/05/29 12:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2011/05/29 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Napster
[2011/05/29 12:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Napster
[2011/05/26 11:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/26 11:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/26 11:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/05/26 11:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/26 11:05:30 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/05/26 11:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/05/26 11:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/05/26 11:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/26 11:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/26 11:02:13 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft Help
[2011/05/26 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/05/26 11:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/26 11:01:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/25 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\U3
[2011/05/20 06:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/05/19 22:31:12 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\SoftGrid Client
[2011/05/19 22:31:11 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\SoftGrid Client
[2011/05/19 22:29:49 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\TP
[2011/05/18 23:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/17 22:21:32 | 000,000,000 | ---D | C] -- C:\Users\Erin\Documents\Adobe Scripts
[2011/05/17 21:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Object
[2011/05/17 21:50:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\MediaGet2
[2011/05/17 21:36:55 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\uTorrent
[2011/05/17 20:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/05/17 20:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/17 20:31:35 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft Games
[2011/05/17 20:31:00 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\spool
[2011/05/17 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\WinRAR
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/17 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/05/17 06:26:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/05/17 06:26:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/05/16 11:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/16 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/16 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/16 11:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/16 11:57:04 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Apple
[2011/05/16 11:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/16 11:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/16 11:32:36 | 000,086,016 | ---- | C] (MindVision Software) -- C:\windows\unvise32.exe
[2011/05/16 11:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2011/05/16 11:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
[2011/05/16 11:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Rosetta Stone
[2011/05/14 21:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2140
[2011/05/14 21:33:37 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\brlmw03a.dll
[2011/05/14 21:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brownie
[2011/05/14 21:31:56 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BROSNMP.DLL
[2011/05/14 21:31:56 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\windows\SysWow64\BRRBTOOL.EXE
[2011/05/14 21:31:55 | 000,200,704 | ---- | C] (brother) -- C:\windows\SysWow64\Pdrvinst.dll
[2011/05/14 21:31:55 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\windows\SysWow64\BRLM03A.DLL
[2011/05/14 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011/05/14 21:26:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Adobe
[2011/05/13 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Mozilla
[2011/05/13 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Mozilla
[2011/05/13 21:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/13 21:09:16 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Best Buy pc app
[2011/05/13 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Macromedia
[2011/05/13 21:06:35 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Adobe
[2011/05/13 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Diagnostics
[2011/05/13 20:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/05/13 20:18:33 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
[2011/05/13 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\ATI
[2011/05/13 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\ATI
[2011/05/13 20:18:16 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Apps
[2011/05/13 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Deployment
[2011/05/13 20:17:09 | 000,000,000 | R--D | C] -- C:\Users\Erin\Searches
[2011/05/13 20:17:09 | 000,000,000 | R--D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/05/13 20:17:09 | 000,000,000 | -H-D | C] -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/05/13 20:16:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Identities
[2011/05/13 20:16:39 | 000,000,000 | R--D | C] -- C:\Users\Erin\Contacts
[2011/05/13 20:16:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/13 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\VirtualStore
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\AppData\Local\Temporary Internet Files
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Templates
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Start Menu
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\SendTo
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Recent
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\PrintHood
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\NetHood
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Documents\My Videos
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Documents\My Pictures
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Documents\My Music
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\My Documents
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Local Settings
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\AppData\Local\History
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Cookies
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\Application Data
[2011/05/13 20:16:20 | 000,000,000 | -HSD | C] -- C:\Users\Erin\AppData\Local\Application Data
[2011/05/13 20:16:19 | 000,000,000 | --SD | C] -- C:\Users\Erin\AppData\Roaming\Microsoft
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Videos
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Saved Games
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Pictures
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Music
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Links
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Favorites
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Downloads
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\My Documents
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\Desktop
[2011/05/13 20:16:19 | 000,000,000 | R--D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/05/13 20:16:19 | 000,000,000 | -H-D | C] -- C:\Users\Erin\AppData
[2011/05/13 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Temp
[2011/05/13 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft
[2011/05/13 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Media Center Programs
[2011/05/13 20:16:19 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2011/05/13 20:16:01 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/05/13 04:11:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/06/06 12:26:41 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 12:26:41 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 12:21:31 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/06 12:19:53 | 000,000,339 | ---- | M] () -- C:\windows\Brownie.ini
[2011/06/06 12:19:03 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011/06/06 12:18:54 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 12:11:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 12:02:10 | 002,354,040 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/01 14:42:36 | 000,327,777 | ---- | M] () -- C:\Users\Erin\Documents\Praxis Score Report 4-30-11.pdf
[2011/06/01 06:44:54 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/01 06:44:54 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/01 06:44:54 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/05/29 12:09:12 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Napster.lnk
[2011/05/29 12:02:42 | 000,003,069 | ---- | M] () -- C:\Users\Erin\Desktop\Napster Download Manager.lnk
[2011/05/29 11:54:13 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/29 09:39:23 | 002,691,832 | ---- | M] () -- C:\Users\Erin\Documents\Understanding by Design 2005
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/05/26 13:43:31 | 000,003,584 | ---- | M] () -- C:\Users\Erin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 06:33:24 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/25 20:49:06 | 024,829,973 | ---- | M] () -- C:\Users\Erin\Documents\My Blue Room.mov
[2011/05/24 21:06:57 | 000,808,567 | ---- | M] () -- C:\Users\Erin\Documents\NTP Teaching for Results facilitator's manual.pdf
[2011/05/24 21:06:10 | 000,592,069 | ---- | M] () -- C:\Users\Erin\Documents\NTP Facilitator Orientation Manual.pdf
[2011/05/16 11:58:56 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 11:31:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\QuickTime.qtp
[2011/05/16 11:30:55 | 000,002,169 | ---- | M] () -- C:\Users\Erin\Desktop\The Rosetta Stone.lnk
[2011/05/15 18:30:11 | 000,007,680 | ---- | M] () -- C:\CurrentFileterGrp.grf
[2011/05/14 21:33:44 | 000,000,034 | ---- | M] () -- C:\windows\SysWow64\BD2140.DAT
[2011/05/14 21:33:38 | 000,009,868 | ---- | M] () -- C:\windows\HL-2140.INI
[2011/05/14 21:33:38 | 000,000,151 | ---- | M] () -- C:\windows\BRVIDEO.INI
[2011/05/14 21:33:38 | 000,000,000 | ---- | M] () -- C:\windows\brmx2001.ini
[2011/05/14 21:32:03 | 000,000,410 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/05/13 21:11:28 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/13 21:05:23 | 000,001,437 | ---- | M] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/13 20:22:48 | 000,002,239 | ---- | M] () -- C:\Users\Erin\Desktop\OneKey Recovery.lnk
[2011/05/13 20:22:14 | 000,000,088 | ---- | M] () -- C:\ProgramData\profile.xml
[2011/05/13 20:18:33 | 000,000,398 | ---- | M] () -- C:\Users\Erin\Desktop\pc app.appref-ms
[2011/05/13 20:18:20 | 000,001,118 | ---- | M] () -- C:\Users\Erin\Desktop\Cyberlink Power2Go.lnk
[2011/05/13 20:18:17 | 000,002,425 | ---- | M] () -- C:\Users\Erin\Desktop\CyberLink YouCam.lnk
[2011/05/13 20:17:58 | 000,000,432 | ---- | M] () -- C:\Users\Erin\Desktop\Desktop.lnk
[2011/05/13 04:15:31 | 000,039,252 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2011/05/13 04:15:31 | 000,039,252 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2011/06/06 12:11:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 14:42:35 | 000,327,777 | ---- | C] () -- C:\Users\Erin\Documents\Praxis Score Report 4-30-11.pdf
[2011/05/29 12:09:12 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Napster.lnk
[2011/05/29 12:02:42 | 000,003,069 | ---- | C] () -- C:\Users\Erin\Desktop\Napster Download Manager.lnk
[2011/05/29 11:54:13 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/29 09:39:12 | 002,691,832 | ---- | C] () -- C:\Users\Erin\Documents\Understanding by Design 2005
[2011/05/26 13:43:31 | 000,003,584 | ---- | C] () -- C:\Users\Erin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 12:51:48 | 024,829,973 | ---- | C] () -- C:\Users\Erin\Documents\My Blue Room.mov
[2011/05/24 21:06:57 | 000,808,567 | ---- | C] () -- C:\Users\Erin\Documents\NTP Teaching for Results facilitator's manual.pdf
[2011/05/24 21:06:10 | 000,592,069 | ---- | C] () -- C:\Users\Erin\Documents\NTP Facilitator Orientation Manual.pdf
[2011/05/19 22:30:31 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/17 20:35:08 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/05/17 20:33:23 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/05/17 20:32:33 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/05/17 20:32:22 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/05/17 20:30:31 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/05/16 11:58:56 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 11:57:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/16 11:31:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\QuickTime.qtp
[2011/05/16 11:30:55 | 000,002,169 | ---- | C] () -- C:\Users\Erin\Desktop\The Rosetta Stone.lnk
[2011/05/15 18:30:11 | 000,007,680 | ---- | C] () -- C:\CurrentFileterGrp.grf
[2011/05/14 21:33:38 | 000,000,151 | ---- | C] () -- C:\windows\BRVIDEO.INI
[2011/05/14 21:33:38 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2011/05/14 21:33:37 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\brlmw03a.ini
[2011/05/14 21:33:35 | 000,009,868 | ---- | C] () -- C:\windows\HL-2140.INI
[2011/05/14 21:32:03 | 000,000,410 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/05/14 21:32:03 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2140.DAT
[2011/05/14 21:31:35 | 000,000,339 | ---- | C] () -- C:\windows\Brownie.ini
[2011/05/13 21:11:28 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/13 21:11:28 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/13 21:05:23 | 000,001,437 | ---- | C] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/13 20:22:14 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011/05/13 20:18:33 | 000,000,398 | ---- | C] () -- C:\Users\Erin\Desktop\pc app.appref-ms
[2011/05/13 20:18:00 | 000,001,409 | ---- | C] () -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/05/13 20:17:51 | 000,001,443 | ---- | C] () -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/05/13 20:17:10 | 000,000,432 | ---- | C] () -- C:\Users\Erin\Desktop\Desktop.lnk
[2011/05/13 20:16:19 | 000,002,425 | ---- | C] () -- C:\Users\Erin\Desktop\CyberLink YouCam.lnk
[2011/05/13 20:16:19 | 000,002,239 | ---- | C] () -- C:\Users\Erin\Desktop\OneKey Recovery.lnk
[2011/05/13 20:16:19 | 000,001,118 | ---- | C] () -- C:\Users\Erin\Desktop\Cyberlink Power2Go.lnk
[2011/05/13 20:16:19 | 000,000,290 | ---- | C] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/05/13 20:16:19 | 000,000,272 | ---- | C] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/05/13 04:11:48 | 2210,578,432 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/24 16:47:28 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/24 16:47:28 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/03/24 16:38:33 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011/03/24 16:25:41 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/24 16:25:41 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/24 16:25:34 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/24 16:09:19 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/24 15:52:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/24 15:45:38 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | ---- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/26 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\SoftGrid Client
[2011/05/19 22:31:21 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\TP
[2011/05/17 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,005,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Render
Posted 11 June 2011 - 08:24 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi, erindg25! Welcome to GeeksToGo! My nick name is Render and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Sorry for the delay.

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.

Step 3

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • contents of the RKreport.txt
  • aswMBR log
  • OTL scan log
  • Extras log

  • 0

#3
erindg25
Posted 11 June 2011 - 07:59 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Thanks! Issue is still present. Here are the RogueKiller results. OTL scan results to follow. RogueKiller V5.2.2 [06/05/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRKgmailcom Feedback: http://www.sur-la-to...-Remontees.html Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Erin [Admin rights] Mode: Scan -- Date : 06/12/2011 20:46:46 Bad processes: 0 Registry Entries: 2 [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND HOSTS File: Finished : > RKreport[1].txt
  • 0

#4
erindg25
Posted 11 June 2011 - 08:13 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-12 21:13:28
-----------------------------
21:13:28.897 OS Version: Windows x64 6.1.7600
21:13:28.897 Number of processors: 2 586 0x603
21:13:28.897 ComputerName: ERIN-PC UserName: Erin
21:13:29.833 Initialize success
21:14:57.817 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:14:57.832 Disk 0 Vendor: WDC_WD3200BEVT-24A23T0 01.01A02 Size: 305245MB BusType: 11
21:14:59.845 Disk 0 MBR read successfully
21:14:59.845 Disk 0 MBR scan
21:14:59.845 Disk 0 Windows 7 default MBR code
21:14:59.860 Service scanning
21:15:01.405 Disk 0 trace - called modules:
21:15:01.436 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:15:01.436 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800317d4d0]
21:15:01.452 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80030e3390]
21:15:01.467 Scan finished successfully
21:16:08.750 Disk 0 MBR has been saved successfully to "C:\Users\Erin\Documents\MBR.dat"
21:16:08.812 The log file has been saved successfully to "C:\Users\Erin\Documents\aswMBR.txt"
  • 0

#5
erindg25
Posted 11 June 2011 - 08:14 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 6/12/2011 8:52:53 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Erin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.45% Memory free
5.49 Gb Paging File | 3.89 Gb Available in Paging File | 70.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 218.36 Gb Free Space | 85.92% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 20.20 Gb Free Space | 69.66% Space Free | Partition Type: NTFS

Computer Name: ERIN-PC | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/06 12:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Downloads\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/03/24 16:25:38 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/03/24 16:18:25 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/03/02 17:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files (x86)\Napster\napster.exe
PRC - [2009/12/18 21:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2008/10/17 16:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe


========== Modules (SafeList) ==========

MOD - [2011/06/06 12:25:41 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Downloads\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/03/24 06:57:57 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 13:19:32 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/22 13:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 09:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/17 20:27:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/24 07:20:00 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/24 07:20:00 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/07 03:07:16 | 001,326,928 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/07/19 13:45:56 | 007,448,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/19 12:39:40 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 07:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 04:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/11 22:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/22 05:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/15 13:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/07 07:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/14 07:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/18 19:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 06:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 22:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 07:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search The Web"


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/26 11:12:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/11 20:00:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/29 12:09:12 | 000,000,000 | ---D | M]

[2011/05/13 21:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin\AppData\Roaming\Mozilla\Extensions
[2011/06/06 12:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin\AppData\Roaming\Mozilla\Firefox\Profiles\vq3n5tq0.default\extensions
[2011/06/11 20:00:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/26 11:12:12 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\ERIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VQ3N5TQ0.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010/12/08 16:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\webblog.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110513212927.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110513212927.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58de1b06-80ef-11e0-8fb1-b870f4001843}\Shell - "" = AutoRun
O33 - MountPoints2\{58de1b06-80ef-11e0-8fb1-b870f4001843}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 20:46:46 | 000,000,000 | ---D | C] -- C:\Users\Erin\Desktop\RK_Quarantine
[2011/06/11 17:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/11 17:46:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Erin\Desktop\TFC.exe
[2011/06/06 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Malwarebytes
[2011/06/06 12:11:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/06 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/06 12:10:57 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/06/06 12:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Roxio
[2011/05/29 12:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
[2011/05/29 12:08:45 | 000,053,488 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\PxHlpa64.sys
[2011/05/29 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2011/05/29 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/29 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/05/29 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Napster Shared
[2011/05/29 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\InstallShield
[2011/05/29 12:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2011/05/29 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Napster
[2011/05/29 12:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Napster
[2011/05/26 11:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/26 11:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/26 11:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/05/26 11:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/26 11:05:30 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/05/26 11:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/05/26 11:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/05/26 11:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/26 11:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/26 11:02:13 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft Help
[2011/05/26 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/05/26 11:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/26 11:01:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/25 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\U3
[2011/05/25 19:30:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2011/05/20 06:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/05/19 22:31:12 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\SoftGrid Client
[2011/05/19 22:31:11 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\SoftGrid Client
[2011/05/19 22:29:49 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\TP
[2011/05/18 23:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/17 22:21:32 | 000,000,000 | ---D | C] -- C:\Users\Erin\Documents\Adobe Scripts
[2011/05/17 21:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Object
[2011/05/17 21:50:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\MediaGet2
[2011/05/17 21:36:55 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\uTorrent
[2011/05/17 20:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/05/17 20:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/17 20:31:35 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft Games
[2011/05/17 20:31:00 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\spool
[2011/05/17 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\WinRAR
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/17 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/05/17 06:26:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/05/17 06:26:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/05/17 06:05:12 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2011/05/17 06:05:12 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe
[2011/05/17 06:05:12 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe
[2011/05/17 06:05:12 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll
[2011/05/17 06:05:12 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll
[2011/05/17 06:05:12 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll
[2011/05/17 06:05:11 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2011/05/17 06:05:11 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll
[2011/05/16 14:26:23 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DWrite.dll
[2011/05/16 14:26:22 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2011/05/16 14:26:22 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2011/05/16 14:26:22 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d2d1.dll
[2011/05/16 14:26:16 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2011/05/16 14:26:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2011/05/16 11:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/16 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/16 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/16 11:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/16 11:57:04 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Apple
[2011/05/16 11:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/16 11:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/16 11:32:36 | 000,086,016 | ---- | C] (MindVision Software) -- C:\windows\unvise32.exe
[2011/05/16 11:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2011/05/16 11:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
[2011/05/16 11:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Rosetta Stone
[2011/05/14 21:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2140
[2011/05/14 21:33:37 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\brlmw03a.dll
[2011/05/14 21:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brownie
[2011/05/14 21:31:56 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BROSNMP.DLL
[2011/05/14 21:31:56 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\windows\SysWow64\BRRBTOOL.EXE
[2011/05/14 21:31:55 | 000,200,704 | ---- | C] (brother) -- C:\windows\SysWow64\Pdrvinst.dll
[2011/05/14 21:31:55 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\windows\SysWow64\BRLM03A.DLL
[2011/05/14 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011/05/14 21:26:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Adobe
[2011/05/14 16:17:13 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/05/14 15:59:16 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sbe.dll
[2011/05/14 15:59:16 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CPFilters.dll
[2011/05/14 15:59:16 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sbe.dll
[2011/05/14 15:59:16 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2011/05/14 15:59:16 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CPFilters.dll
[2011/05/14 15:59:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2011/05/14 15:59:16 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mpg2splt.ax
[2011/05/14 15:59:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mpg2splt.ax
[2011/05/14 15:58:56 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2011/05/14 15:58:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeeds.dll
[2011/05/14 15:58:56 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2011/05/14 15:58:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2011/05/14 15:58:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2011/05/14 15:58:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2011/05/14 15:58:55 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2011/05/14 15:58:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2011/05/14 15:58:55 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2011/05/14 15:58:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2011/05/14 15:58:55 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2011/05/14 15:58:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2011/05/14 15:58:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2011/05/14 15:58:54 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2011/05/14 15:58:45 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbc32.dll
[2011/05/14 15:58:45 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbc32.dll
[2011/05/14 15:57:57 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2011/05/14 15:57:57 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2011/05/14 15:57:20 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2011/05/14 15:57:19 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2011/05/14 15:57:17 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2011/05/14 15:57:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2011/05/14 15:57:17 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2011/05/14 15:57:13 | 005,509,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2011/05/14 15:57:12 | 003,957,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2011/05/14 15:57:12 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2011/05/14 15:57:08 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\upnp.dll
[2011/05/14 15:57:08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\upnp.dll
[2011/05/14 15:57:07 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\davclnt.dll
[2011/05/14 15:57:07 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\davclnt.dll
[2011/05/14 15:57:07 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wscapi.dll
[2011/05/14 15:57:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wscapi.dll
[2011/05/14 15:57:06 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\slwga.dll
[2011/05/14 15:57:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\slwga.dll
[2011/05/14 15:57:03 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2011/05/14 15:57:03 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2011/05/14 15:56:59 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42u.dll
[2011/05/14 15:56:58 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfc42.dll
[2011/05/14 15:56:58 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42u.dll
[2011/05/14 15:56:58 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc42.dll
[2011/05/14 15:56:20 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2011/05/14 15:56:20 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2011/05/14 15:56:20 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2011/05/14 15:56:20 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2011/05/14 15:55:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2011/05/14 15:55:55 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2011/05/14 15:55:55 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2011/05/14 15:55:47 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2011/05/14 15:55:47 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnscacheugc.exe
[2011/05/14 15:55:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dnscacheugc.exe
[2011/05/14 15:55:34 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2011/05/14 15:55:34 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2011/05/14 15:55:34 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2011/05/14 15:55:34 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2011/05/14 15:55:32 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2011/05/14 15:55:23 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2011/05/14 15:55:23 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2011/05/14 15:55:23 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2011/05/14 15:55:23 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2011/05/14 15:55:23 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdusb.dll
[2011/05/14 15:55:23 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kd1394.dll
[2011/05/14 15:55:23 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kdcom.dll
[2011/05/14 15:55:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\prevhost.exe
[2011/05/14 15:55:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\prevhost.exe
[2011/05/14 15:55:12 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FXSCOVER.exe
[2011/05/13 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Mozilla
[2011/05/13 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Mozilla
[2011/05/13 21:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/05/13 21:09:16 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Best Buy pc app
[2011/05/13 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Macromedia
[2011/05/13 21:06:35 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Adobe
[2011/05/13 21:06:28 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Diagnostics
[1 C:\Users\Erin\Documents\*.tmp files -> C:\Users\Erin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 20:42:32 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011/06/12 20:09:00 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/12 20:09:00 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/12 20:09:00 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/11 20:00:25 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/11 19:48:57 | 000,000,339 | ---- | M] () -- C:\windows\Brownie.ini
[2011/06/11 18:02:25 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 18:02:25 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 17:57:18 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/11 17:54:54 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 17:46:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\TFC.exe
[2011/06/11 17:46:11 | 000,000,456 | ---- | M] () -- C:\Users\Erin\Desktop\LENOVO (D) - Shortcut.lnk
[2011/06/11 16:21:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/06 12:11:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 12:02:10 | 002,354,040 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/01 14:42:36 | 000,327,777 | ---- | M] () -- C:\Users\Erin\Documents\Praxis Score Report 4-30-11.pdf
[2011/05/29 12:09:12 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Napster.lnk
[2011/05/29 12:02:42 | 000,003,069 | ---- | M] () -- C:\Users\Erin\Desktop\Napster Download Manager.lnk
[2011/05/29 11:54:13 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/29 09:39:23 | 002,691,832 | ---- | M] () -- C:\Users\Erin\Documents\Understanding by Design 2005
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/05/26 13:43:31 | 000,003,584 | ---- | M] () -- C:\Users\Erin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 06:33:24 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/25 20:49:06 | 024,829,973 | ---- | M] () -- C:\Users\Erin\Documents\My Blue Room.mov
[2011/05/24 21:06:57 | 000,808,567 | ---- | M] () -- C:\Users\Erin\Documents\NTP Teaching for Results facilitator's manual.pdf
[2011/05/24 21:06:10 | 000,592,069 | ---- | M] () -- C:\Users\Erin\Documents\NTP Facilitator Orientation Manual.pdf
[2011/05/16 11:58:56 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 11:31:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\QuickTime.qtp
[2011/05/16 11:30:55 | 000,002,169 | ---- | M] () -- C:\Users\Erin\Desktop\The Rosetta Stone.lnk
[2011/05/15 18:30:11 | 000,007,680 | ---- | M] () -- C:\CurrentFileterGrp.grf
[2011/05/14 21:33:44 | 000,000,034 | ---- | M] () -- C:\windows\SysWow64\BD2140.DAT
[2011/05/14 21:33:38 | 000,009,868 | ---- | M] () -- C:\windows\HL-2140.INI
[2011/05/14 21:33:38 | 000,000,151 | ---- | M] () -- C:\windows\BRVIDEO.INI
[2011/05/14 21:33:38 | 000,000,000 | ---- | M] () -- C:\windows\brmx2001.ini
[2011/05/14 21:32:03 | 000,000,410 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/05/13 21:05:23 | 000,001,437 | ---- | M] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\Users\Erin\Documents\*.tmp files -> C:\Users\Erin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 20:00:25 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/11 20:00:25 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/11 19:58:57 | 000,020,414 | ---- | C] () -- C:\Users\Erin\Documents\Dyslexia Appropriate Classroom Accomodations.pdf
[2011/06/11 19:58:57 | 000,013,343 | ---- | C] () -- C:\Users\Erin\Documents\Dyslexia Module 4 References- Accommodations.pdf
[2011/06/11 19:58:57 | 000,012,370 | ---- | C] () -- C:\Users\Erin\Documents\Dyslexia module- resources on accommodations.pdf
[2011/06/11 17:46:11 | 000,000,456 | ---- | C] () -- C:\Users\Erin\Desktop\LENOVO (D) - Shortcut.lnk
[2011/06/06 12:11:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 14:42:35 | 000,327,777 | ---- | C] () -- C:\Users\Erin\Documents\Praxis Score Report 4-30-11.pdf
[2011/05/29 12:09:12 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Napster.lnk
[2011/05/29 12:02:42 | 000,003,069 | ---- | C] () -- C:\Users\Erin\Desktop\Napster Download Manager.lnk
[2011/05/29 11:54:13 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/29 09:39:12 | 002,691,832 | ---- | C] () -- C:\Users\Erin\Documents\Understanding by Design 2005
[2011/05/26 13:43:31 | 000,003,584 | ---- | C] () -- C:\Users\Erin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 12:51:48 | 024,829,973 | ---- | C] () -- C:\Users\Erin\Documents\My Blue Room.mov
[2011/05/24 21:06:57 | 000,808,567 | ---- | C] () -- C:\Users\Erin\Documents\NTP Teaching for Results facilitator's manual.pdf
[2011/05/24 21:06:10 | 000,592,069 | ---- | C] () -- C:\Users\Erin\Documents\NTP Facilitator Orientation Manual.pdf
[2011/05/19 22:30:31 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/17 20:35:08 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/05/17 20:33:23 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/05/17 20:32:33 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/05/17 20:32:22 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/05/17 20:30:31 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/05/16 11:58:56 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 11:57:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/16 11:31:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\QuickTime.qtp
[2011/05/16 11:30:55 | 000,002,169 | ---- | C] () -- C:\Users\Erin\Desktop\The Rosetta Stone.lnk
[2011/05/15 18:30:11 | 000,007,680 | ---- | C] () -- C:\CurrentFileterGrp.grf
[2011/05/14 21:33:38 | 000,000,151 | ---- | C] () -- C:\windows\BRVIDEO.INI
[2011/05/14 21:33:38 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2011/05/14 21:33:37 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\brlmw03a.ini
[2011/05/14 21:33:35 | 000,009,868 | ---- | C] () -- C:\windows\HL-2140.INI
[2011/05/14 21:32:03 | 000,000,410 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/05/14 21:32:03 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2140.DAT
[2011/05/14 21:31:35 | 000,000,339 | ---- | C] () -- C:\windows\Brownie.ini
[2011/05/13 21:05:23 | 000,001,437 | ---- | C] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/13 20:22:14 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011/03/24 16:47:28 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/24 16:47:28 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/03/24 16:38:33 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011/03/24 16:25:41 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/24 16:25:41 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/24 16:25:34 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/24 16:09:19 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/24 15:52:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/24 15:45:38 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | ---- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/26 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\SoftGrid Client
[2011/05/19 22:31:21 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\TP
[2011/05/17 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,006,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/03/24 06:50:48 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/03/24 06:52:04 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/03/24 06:50:48 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/03/24 06:52:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011/03/24 06:50:48 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/03/24 06:52:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/03/24 06:50:48 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/03/24 06:52:04 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/03/24 07:09:15 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/03/24 07:09:15 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011/03/24 07:09:15 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/04/14 11:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0

#6
erindg25
Posted 11 June 2011 - 08:16 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL Extras logfile created on: 6/12/2011 8:52:53 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Erin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.45% Memory free
5.49 Gb Paging File | 3.89 Gb Available in Paging File | 70.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 218.36 Gb Free Space | 85.92% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 20.20 Gb Free Space | 69.66% Space Free | Partition Type: NTFS

Computer Name: ERIN-PC | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-11400357-2044767693-4227606707-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{16D22C34-9766-69FD-E615-9517ACCF40D2}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CADC615-64C7-7366-A49A-342E8B7D3C9B}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{059D4FB4-301A-E085-A001-6652FA6BB3DE}" = CCC Help Hungarian
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{114B4A6E-E0E6-5AD2-015A-71898AE7D0C5}" = ccc-core-static
"{1172075E-6767-6861-2A1F-B031F9067AB2}" = CCC Help Chinese Standard
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21CE7849-0508-3624-4396-B72629FDE6B6}" = CCC Help Dutch
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2972A52A-766C-930C-9043-3319818B7FD5}" = CCC Help Turkish
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A59D123-ACC3-43BE-9BF1-1E841F954440}" = Brother HL-2140
"{2AC42BCF-F6E7-2160-89B5-B492C1B4B133}" = CCC Help Russian
"{30E9714B-53C8-89CD-270D-C84D8C055493}" = CCC Help Chinese Traditional
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3769A63A-4A92-8C32-26EE-6FE1E820EB37}" = CCC Help Finnish
"{3BEC1598-0438-F76F-BE61-DCD715CBE223}" = CCC Help English
"{3CB4A7B0-007D-4722-AF1D-891B53E04606}" = Napster Download Manager
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41B515BD-12A5-3163-BB2B-49A15392A101}" = CCC Help Italian
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61D0CBC7-41BE-5AE3-812A-ADD754523EB2}" = Catalyst Control Center Graphics Previews Common
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7386F68C-0E7E-1F0F-FF70-099D0BFF99E7}" = CCC Help Korean
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{822E82EF-BD60-8BBB-9A36-4D9C6B77F809}" = CCC Help Greek
"{84FD3EE5-AD52-AADE-0C31-965ED835630D}" = CCC Help Spanish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{977B15E4-DA09-14BE-2B5C-B47C2862E38D}" = CCC Help Japanese
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A428ED60-99EA-E0DA-85F7-1895C7D0F789}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B0B05C-A2D1-5C0A-134F-C411C698A514}" = CCC Help Swedish
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0871DBE-C9BD-623A-4E44-FFC4251DF464}" = CCC Help German
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D67B3ECD-9B64-38CC-A695-63FA2E790D76}" = Catalyst Control Center Localization All
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE4C6DDE-327A-9D48-1556-7D461F8C1C48}" = Catalyst Control Center InstallProxy
"{DE7113C2-4FA7-8DA6-2FE3-86D2043CE91D}" = CCC Help Portuguese
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E108E986-9572-51E0-32CA-79BDF03E5640}" = CCC Help Polish
"{E2B9D46A-972F-2C73-B110-C7E2FCDDAEA8}" = CCC Help French
"{E63E810F-CAE0-560E-BCF9-9CCAC0A8A06D}" = CCC Help Norwegian
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9A418A4-2973-15F7-EE63-256675E6682B}" = CCC Help Czech
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF822610-EF5E-021E-ED55-5AB4ED0462AB}" = CCC Help Danish
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSC" = McAfee AntiVirus Plus
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"The Rosetta Stone" = The Rosetta Stone
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-11400357-2044767693-4227606707-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2011 10:09:12 PM | Computer Name = Erin-PC | Source = Best Buy pc app | ID = 0
Description =

Error - 5/16/2011 10:32:40 PM | Computer Name = Erin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 5/17/2011 9:43:11 PM | Computer Name = Erin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16766,
time stamp: 0x4d65d5c3 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdbdf Exception code: 0xc000001d Fault offset: 0x0000b727 Faulting
process id: 0x1304 Faulting application start time: 0x01cc14fcf107e51b Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\windows\syswow64\KERNELBASE.dll Report Id: 3014bba4-80f0-11e0-8fb1-b870f4001843

Error - 5/17/2011 9:43:11 PM | Computer Name = Erin-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Internet Explorer because of this error. Program: Internet Explorer
File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: 00000000
Disk
type: 0

[ System Events ]
Error - 5/17/2011 9:40:17 PM | Computer Name = Erin-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 5/21/2011 12:54:21 AM | Computer Name = Erin-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 5/24/2011 9:33:47 PM | Computer Name = Erin-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 5/26/2011 7:53:47 AM | Computer Name = Erin-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 5/26/2011 9:34:59 AM | Computer Name = Erin-PC | Source = DCOM | ID = 10010
Description =

Error - 5/26/2011 10:05:56 AM | Computer Name = Erin-PC | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
error: %%2

Error - 5/26/2011 2:46:57 PM | Computer Name = Erin-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/26/2011 2:46:58 PM | Computer Name = Erin-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR2.

Error - 5/28/2011 8:32:16 AM | Computer Name = Erin-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 6/1/2011 10:52:16 PM | Computer Name = Erin-PC | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >
  • 0

#7
Render
Posted 12 June 2011 - 05:03 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Please proceed with this:

Please download AVP Tool by Kaspersky. Save it to your desktop, and reboot your computer into SafeMode.

  • You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  • Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit OK at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked:

    Hidden Startup Objects
    System Memory
    Disk Boot Sectors.
    My Computer.
    Also any other drives (Removable that you may have)
  • After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose OK.
  • Then choose OK again and you are back to the main screen.
  • Then click on Scan at the to right hand corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all.
  • If it says it cannot be Neutralized then chooose the delete option when prompted.
  • After that is done click on the Reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and post it in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.
  • 0

#8
erindg25
Posted 12 June 2011 - 12:58 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
This one was a little strange- the instructions didn't match the program exactly, and it didn't give me an instant log like I'm used to.

I saved a couple of different versions- 1 is super short and gives almost no information, and the other is huge (36,063 KB). How should I proceed?


Also, not sure if this will give you any additional info or not, but I've noticed that Firefox seems to be the effected browser, even after an uninstall/ reinstall. IE works much better.
  • 0

#9
erindg25
Posted 12 June 2011 - 01:03 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Also, should I have run the fixes on RogueKiller or aswMBR?
Update- my laptop is now making unsolicited clicking noises. UGH!
  • 0

#10
Render
Posted 12 June 2011 - 02:01 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Maybe screen resolution in safe mode was too low to see Report button. So if you did not uninstall AVP tool yet, then you should have Virus Removal Tool folder on your desktop. Open this folder and double click Start to re-run AVP Tool. Now click on Report button and then Save to save report
If you uninstalled AVP Tool please repeat this step as instructed here.

Also, should I have run the fixes on RogueKiller or aswMBR?

No.

Update- my laptop is now making unsolicited clicking noises. UGH!

It could be that your hard disk is dying. Please do the following:

From the Start menu open your Computer
You should see something like this:

Posted Image

Right click your system partition (usually C) and select Properties

Posted Image

Select Tools tab and then Check now...
The second window will popup
Ensure you have ticks in both boxes
Then click Start
Windows will schedule it for the next boot
Reboot
  • 0

Advertisements

#11
erindg25
Posted 12 June 2011 - 03:14 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
I saw the report button, but when I clicked, this is the report I got:

Autoscan: completed 2 minutes ago (events: 2, objects: 527672, time: 01:04:36)
6/13/2011 1:39:00 PM Task completed
6/13/2011 12:34:24 PM Task started

That's it.

Also, the clicking seems to be confined to certain websites. I don't think the HD is crashing. It sounds like a re-direct.
  • 0

#12
Render
Posted 12 June 2011 - 03:43 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

Yes. That's it indeed. This means that AVP Tool didn't find malicious files on your hard drive(s) and that's good.

Also, the clicking seems to be confined to certain websites. I don't think the HD is crashing. It sounds like a re-direct.

OK. I didn't know that you can hear redirects.

If Internet Explorer is unaffected then the best way would be to uninstall Firefox and all Firefox's add-ons. Then give me a fresh OTL scan log:

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt in Notepad window.
  • Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

  • 0

#13
erindg25
Posted 12 June 2011 - 04:10 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Ok, great.

IE is not UNaffected, it just seems to be less obviously "weird." Should I still proceed the same way?
  • 0

#14
Render
Posted 12 June 2011 - 04:14 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi,

No. In this case please proceed with this:

Please download ComboFix from Here or Here to your Desktop.

Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.

  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image
  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection
  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review

Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall.
  • 0

#15
erindg25
Posted 12 June 2011 - 04:35 PM

erindg25

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
OTL logfile created on: 6/13/2011 5:20:25 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\Erin\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 54.92% Memory free
5.49 Gb Paging File | 3.70 Gb Available in Paging File | 67.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 217.20 Gb Free Space | 85.47% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 20.16 Gb Free Space | 69.54% Space Free | Partition Type: NTFS

Computer Name: ERIN-PC | User Name: Erin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/13 17:18:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
PRC - [2011/05/10 07:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/24 16:25:38 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/03/24 16:18:25 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/03/02 17:37:40 | 000,171,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files (x86)\Napster\napster.exe
PRC - [2009/12/18 21:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2008/10/17 16:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe


========== Modules (SafeList) ==========

MOD - [2011/06/13 17:18:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
MOD - [2011/05/10 07:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2011/03/24 06:57:57 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/10 07:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/19 13:19:32 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/22 13:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 09:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/17 20:27:52 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 09:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (ReadyComm.DirectRouter)
SRV - [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\IgrsSvcs.exe -- (PS_MDP)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 06:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/24 07:20:00 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/24 07:20:00 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/07 03:07:16 | 001,326,928 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/07/19 13:45:56 | 007,448,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/19 12:39:40 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/15 07:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/17 04:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/11 22:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/22 05:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/01/15 13:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2010/01/07 07:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/14 07:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/22 13:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\27372602.sys -- (27372602)
DRV:64bit: - [2009/10/18 19:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/10/09 23:30:56 | 000,352,784 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\2737260.sys -- (setup_9.0.0.722_13.06.2011_01-08drv)
DRV:64bit: - [2009/09/25 17:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\27372601.sys -- (27372601)
DRV:64bit: - [2009/07/21 09:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 06:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 22:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/06 07:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-11400357-2044767693-4227606707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/26 11:12:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/13 14:17:53 | 000,000,000 | ---D | M]

[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll
[2010/12/08 16:21:24 | 000,002,224 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\webblog.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20110513212927.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110513212927.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\windows\SysWow64\grpconv.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.06.2011_01-08.lnk = C:\Users\Erin\Desktop\Virus Removal Tool\setup_9.0.0.722_13.06.2011_01-08\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58de1b06-80ef-11e0-8fb1-b870f4001843}\Shell - "" = AutoRun
O33 - MountPoints2\{58de1b06-80ef-11e0-8fb1-b870f4001843}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/13 17:18:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
[2011/06/13 17:08:30 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\27372602.sys
[2011/06/13 17:08:29 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\2737260.sys
[2011/06/13 17:08:29 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\windows\SysNative\drivers\27372601.sys
[2011/06/13 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\Erin\Desktop\Virus Removal Tool
[2011/06/13 14:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/06/13 14:18:28 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Google
[2011/06/13 14:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/06/13 14:18:24 | 000,022,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2011/06/13 14:18:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/13 14:18:23 | 000,287,576 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2011/06/13 14:18:19 | 000,031,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2011/06/13 14:18:18 | 000,053,592 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2011/06/13 14:18:16 | 000,600,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2011/06/13 14:18:09 | 000,253,888 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2011/06/13 14:18:09 | 000,064,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2011/06/13 14:17:47 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/06/13 14:17:45 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2011/06/13 14:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/13 14:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/13 14:10:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/13 14:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/13 13:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/13 12:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/06/13 12:21:16 | 122,756,248 | ---- | C] ( ) -- C:\Users\Erin\Desktop\setup_9.0.0.722_12.06.2011_18-53.exe
[2011/06/13 11:56:44 | 000,000,000 | R--D | C] -- C:\Users\Erin\AppData\Roaming\Brother
[2011/06/12 20:46:46 | 000,000,000 | ---D | C] -- C:\Users\Erin\Desktop\RK_Quarantine
[2011/06/11 17:46:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Erin\Desktop\TFC.exe
[2011/06/06 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Malwarebytes
[2011/06/06 12:11:01 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/06 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/06 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/06 12:10:57 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/06/06 12:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 12:25:06 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Roxio
[2011/05/29 12:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napster
[2011/05/29 12:08:45 | 000,053,488 | ---- | C] (Sonic Solutions) -- C:\windows\SysNative\drivers\PxHlpa64.sys
[2011/05/29 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2011/05/29 12:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/05/29 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/05/29 12:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Napster Shared
[2011/05/29 12:07:09 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\InstallShield
[2011/05/29 12:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2011/05/29 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Napster
[2011/05/29 12:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Napster
[2011/05/26 11:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/05/26 11:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/05/26 11:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/05/26 11:06:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/05/26 11:05:30 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2011/05/26 11:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/05/26 11:03:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/05/26 11:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/05/26 11:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/05/26 11:02:13 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft Help
[2011/05/26 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/05/26 11:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/05/26 11:01:07 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/05/25 21:37:28 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\U3
[2011/05/25 19:30:50 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2011/05/20 06:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/05/19 22:31:12 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\SoftGrid Client
[2011/05/19 22:31:11 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\SoftGrid Client
[2011/05/19 22:29:49 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\TP
[2011/05/18 23:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/05/17 22:21:32 | 000,000,000 | ---D | C] -- C:\Users\Erin\Documents\Adobe Scripts
[2011/05/17 21:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Object
[2011/05/17 21:50:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\MediaGet2
[2011/05/17 21:36:55 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\uTorrent
[2011/05/17 20:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/05/17 20:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/05/17 20:31:35 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Microsoft Games
[2011/05/17 20:31:00 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\spool
[2011/05/17 20:27:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\WinRAR
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/17 20:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/05/17 20:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/05/17 06:26:29 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2011/05/17 06:26:28 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2011/05/17 06:05:12 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll
[2011/05/17 06:05:12 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHost.exe
[2011/05/17 06:05:12 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHost.exe
[2011/05/17 06:05:12 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationHostProxy.dll
[2011/05/17 06:05:12 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationHostProxy.dll
[2011/05/17 06:05:12 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netfxperf.dll
[2011/05/17 06:05:11 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll
[2011/05/17 06:05:11 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netfxperf.dll
[2011/05/16 14:26:23 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DWrite.dll
[2011/05/16 14:26:22 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2011/05/16 14:26:22 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2011/05/16 14:26:22 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d2d1.dll
[2011/05/16 14:26:16 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2011/05/16 14:26:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2011/05/16 11:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/05/16 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/05/16 11:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/05/16 11:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/16 11:57:04 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Apple
[2011/05/16 11:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/05/16 11:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/05/16 11:32:36 | 000,086,016 | ---- | C] (MindVision Software) -- C:\windows\unvise32.exe
[2011/05/16 11:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2011/05/16 11:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Rosetta Stone
[2011/05/16 11:30:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Rosetta Stone
[2011/05/14 21:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother HL-2140
[2011/05/14 21:33:37 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\brlmw03a.dll
[2011/05/14 21:33:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brownie
[2011/05/14 21:31:56 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\windows\SysWow64\BROSNMP.DLL
[2011/05/14 21:31:56 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\windows\SysWow64\BRRBTOOL.EXE
[2011/05/14 21:31:55 | 000,200,704 | ---- | C] (brother) -- C:\windows\SysWow64\Pdrvinst.dll
[2011/05/14 21:31:55 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\windows\SysWow64\BRLM03A.DLL
[2011/05/14 21:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Brother
[2011/05/14 21:26:42 | 000,000,000 | ---D | C] -- C:\Users\Erin\AppData\Local\Adobe
[1 C:\Users\Erin\Documents\*.tmp files -> C:\Users\Erin\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/13 17:23:04 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/13 17:18:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\OTL.exe
[2011/06/13 17:10:01 | 000,002,235 | ---- | M] () -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.06.2011_01-08.lnk
[2011/06/13 16:56:14 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/06/13 16:56:14 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/06/13 16:56:14 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/06/13 14:23:02 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/13 14:21:26 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/13 14:21:26 | 000,002,239 | ---- | M] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/13 14:18:24 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/13 14:18:09 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2011/06/13 13:52:22 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 13:52:22 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/13 13:47:18 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2011/06/13 13:45:48 | 000,000,339 | ---- | M] () -- C:\windows\Brownie.ini
[2011/06/13 13:45:01 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2011/06/13 13:44:55 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/13 12:21:26 | 122,756,248 | ---- | M] ( ) -- C:\Users\Erin\Desktop\setup_9.0.0.722_12.06.2011_18-53.exe
[2011/06/13 11:56:44 | 000,000,426 | ---- | M] () -- C:\windows\BRWMARK.INI
[2011/06/12 21:16:08 | 000,000,512 | ---- | M] () -- C:\Users\Erin\Documents\MBR.dat
[2011/06/11 17:46:39 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Erin\Desktop\TFC.exe
[2011/06/11 17:46:11 | 000,000,456 | ---- | M] () -- C:\Users\Erin\Desktop\LENOVO (D) - Shortcut.lnk
[2011/06/11 16:21:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/06/06 12:11:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/06 12:02:10 | 002,354,040 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2011/06/01 14:42:36 | 000,327,777 | ---- | M] () -- C:\Users\Erin\Documents\Praxis Score Report 4-30-11.pdf
[2011/05/29 12:09:12 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Napster.lnk
[2011/05/29 12:02:42 | 000,003,069 | ---- | M] () -- C:\Users\Erin\Desktop\Napster Download Manager.lnk
[2011/05/29 11:54:13 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/29 09:39:23 | 002,691,832 | ---- | M] () -- C:\Users\Erin\Documents\Understanding by Design 2005
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2011/05/26 13:43:31 | 000,003,584 | ---- | M] () -- C:\Users\Erin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 06:33:24 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/25 20:49:06 | 024,829,973 | ---- | M] () -- C:\Users\Erin\Documents\My Blue Room.mov
[2011/05/24 21:06:57 | 000,808,567 | ---- | M] () -- C:\Users\Erin\Documents\NTP Teaching for Results facilitator's manual.pdf
[2011/05/24 21:06:10 | 000,592,069 | ---- | M] () -- C:\Users\Erin\Documents\NTP Facilitator Orientation Manual.pdf
[2011/05/16 11:58:56 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 11:31:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\QuickTime.qtp
[2011/05/16 11:30:55 | 000,002,169 | ---- | M] () -- C:\Users\Erin\Desktop\The Rosetta Stone.lnk
[2011/05/15 18:30:11 | 000,007,680 | ---- | M] () -- C:\CurrentFileterGrp.grf
[2011/05/14 21:33:44 | 000,000,034 | ---- | M] () -- C:\windows\SysWow64\BD2140.DAT
[2011/05/14 21:33:38 | 000,009,868 | ---- | M] () -- C:\windows\HL-2140.INI
[2011/05/14 21:33:38 | 000,000,151 | ---- | M] () -- C:\windows\BRVIDEO.INI
[2011/05/14 21:33:38 | 000,000,000 | ---- | M] () -- C:\windows\brmx2001.ini
[1 C:\Users\Erin\Documents\*.tmp files -> C:\Users\Erin\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/13 17:10:01 | 000,002,235 | ---- | C] () -- C:\Users\Erin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.06.2011_01-08.lnk
[2011/06/13 14:21:26 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/06/13 14:21:26 | 000,002,239 | ---- | C] () -- C:\Users\Erin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/13 14:18:38 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/13 14:18:35 | 000,000,890 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/13 14:18:24 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/13 14:18:09 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2011/06/12 21:16:08 | 000,000,512 | ---- | C] () -- C:\Users\Erin\Documents\MBR.dat
[2011/06/11 19:58:57 | 000,020,414 | ---- | C] () -- C:\Users\Erin\Documents\Dyslexia Appropriate Classroom Accomodations.pdf
[2011/06/11 19:58:57 | 000,013,343 | ---- | C] () -- C:\Users\Erin\Documents\Dyslexia Module 4 References- Accommodations.pdf
[2011/06/11 19:58:57 | 000,012,370 | ---- | C] () -- C:\Users\Erin\Documents\Dyslexia module- resources on accommodations.pdf
[2011/06/11 17:46:11 | 000,000,456 | ---- | C] () -- C:\Users\Erin\Desktop\LENOVO (D) - Shortcut.lnk
[2011/06/06 12:11:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 14:42:35 | 000,327,777 | ---- | C] () -- C:\Users\Erin\Documents\Praxis Score Report 4-30-11.pdf
[2011/05/29 12:09:12 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Napster.lnk
[2011/05/29 12:02:42 | 000,003,069 | ---- | C] () -- C:\Users\Erin\Desktop\Napster Download Manager.lnk
[2011/05/29 11:54:13 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/05/29 09:39:12 | 002,691,832 | ---- | C] () -- C:\Users\Erin\Documents\Understanding by Design 2005
[2011/05/26 13:43:31 | 000,003,584 | ---- | C] () -- C:\Users\Erin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 12:51:48 | 024,829,973 | ---- | C] () -- C:\Users\Erin\Documents\My Blue Room.mov
[2011/05/24 21:06:57 | 000,808,567 | ---- | C] () -- C:\Users\Erin\Documents\NTP Teaching for Results facilitator's manual.pdf
[2011/05/24 21:06:10 | 000,592,069 | ---- | C] () -- C:\Users\Erin\Documents\NTP Facilitator Orientation Manual.pdf
[2011/05/19 22:30:31 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/17 20:35:08 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2011/05/17 20:33:23 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2011/05/17 20:32:33 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2011/05/17 20:32:22 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2011/05/17 20:30:31 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2011/05/16 11:58:56 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/05/16 11:57:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/05/16 11:31:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\QuickTime.qtp
[2011/05/16 11:30:55 | 000,002,169 | ---- | C] () -- C:\Users\Erin\Desktop\The Rosetta Stone.lnk
[2011/05/15 18:30:11 | 000,007,680 | ---- | C] () -- C:\CurrentFileterGrp.grf
[2011/05/14 21:33:38 | 000,000,151 | ---- | C] () -- C:\windows\BRVIDEO.INI
[2011/05/14 21:33:38 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2011/05/14 21:33:37 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\brlmw03a.ini
[2011/05/14 21:33:35 | 000,009,868 | ---- | C] () -- C:\windows\HL-2140.INI
[2011/05/14 21:32:03 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/05/14 21:32:03 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2140.DAT
[2011/05/14 21:31:35 | 000,000,339 | ---- | C] () -- C:\windows\Brownie.ini
[2011/05/13 20:22:14 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2011/03/24 16:47:28 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/24 16:47:28 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011/03/24 16:38:33 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll
[2011/03/24 16:25:41 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/24 16:25:41 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/24 16:25:34 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/24 16:09:19 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/24 15:52:43 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/03/24 15:45:38 | 000,002,857 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | ---- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/26 08:59:05 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\SoftGrid Client
[2011/05/19 22:31:21 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\TP
[2011/05/17 22:26:05 | 000,000,000 | ---D | M] -- C:\Users\Erin\AppData\Roaming\uTorrent
[2009/07/14 00:08:49 | 000,006,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/03/24 06:50:48 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/03/24 06:52:04 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/03/24 06:50:48 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011/03/24 06:52:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011/03/24 06:50:48 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011/03/24 06:52:04 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/03/24 06:50:48 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/03/24 06:52:04 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/03/24 07:09:15 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/03/24 07:09:15 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011/03/24 07:09:15 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 20:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2011/06/06 00:28:58 | 001,011,768 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 20:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP