Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser redirects and other weird issues

Started by robtoon4 , Jun 05 2011 08:31 PM

  • This topic is locked This topic is locked

#1
robtoon4
Posted 05 June 2011 - 08:31 PM

robtoon4

    Member

  • Member
  • PipPip
  • 20 posts
I need help! We've got some sort of virus and have run several programs to try and get rid of it but are still having problems. First the computer wouldn't restart at all. I tried system restore and that didn't work so I had to do system recovery back to factory default. I did select to save our personal files. We then ran avast and it found nothing. After that I ran Windows Security Essentials and it found something called Trojan tracur.c
It says it has been removed and doesn't show up when I scan again but now we are having browser redirects constantly and now when the computer is inactive for a while, a weird video will pop up. Its a different video each time and it's grainy and keeps trying to buffer. It says to see more videos click here. Its not porn, just random videos. I ran Microsoft Safety scanner before finding this site and it found nothing. Otherwise, the computer seems to function fine but the browser issues are horrible. We are currently using firefox. IE gives us the same issue when we try using it. I ran the OTL and my log is below. Any help would be greatly appreciated! Thanks in advance!
Robin


OTL logfile created on: 6/5/2011 8:58:17 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Toonsday\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 43.18% Memory free
5.49 Gb Paging File | 3.73 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 90.79 Gb Free Space | 66.30% Space Free | Partition Type: NTFS

Computer Name: PRISCILLA | User Name: Toonsday | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 20:57:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toonsday\Downloads\OTL.exe
PRC - [2011/04/29 16:59:32 | 000,227,840 | ---- | M] (Mp3Tube) -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
PRC - [2011/04/29 13:12:50 | 000,184,320 | ---- | M] (Mp3Tube) -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/21 21:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/23 16:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/23 16:51:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/22 16:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/16 22:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/04/09 20:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/04/09 14:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/04/09 11:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 20:57:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toonsday\Downloads\OTL.exe
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/01/23 13:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/06/18 13:08:44 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/06/16 23:29:18 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/04/29 16:59:32 | 000,227,840 | ---- | M] (Mp3Tube) [Auto | Running] -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe -- (Mp3Tube Toolbar Service)
SRV - [2009/11/05 15:20:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/23 16:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/22 16:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/06/16 22:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/09 20:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/04/09 14:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/04/09 11:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/04 20:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 13:15:16 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/06/18 13:15:16 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/06/18 13:15:16 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/06/18 13:08:50 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/09 17:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/06/05 11:41:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/05 10:59:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/05 10:59:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HBLite\bin\11.0.363.0\firefox\extensions [2011/06/05 12:56:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/05 13:01:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/05 13:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toonsday\AppData\Roaming\Mozilla\Extensions
[2011/06/05 13:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/05 13:01:27 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
File not found (No name found) --
[2011/06/05 12:56:59 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.363.0\FIREFOX\EXTENSIONS
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2011/06/05 17:12:42 | 000,001,211 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Mp3Tube.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Mp3Tube Toolbar) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Mp3Tube Toolbar) - {46897C77-E7A6-4C33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 13:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/06/05 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/06/05 13:18:21 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Microsoft Help
[2011/06/05 13:01:35 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Mozilla
[2011/06/05 13:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/06/05 12:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3Tube Toolbar
[2011/06/05 12:57:09 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat
[2011/06/05 12:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blinkx
[2011/06/05 12:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
[2011/06/05 12:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HBLiteSA
[2011/06/05 12:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[2011/06/05 12:56:57 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\HBLite
[2011/06/05 12:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HBLite
[2011/06/05 12:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShoppingReport2
[2011/06/05 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Diagnostics
[2011/06/05 10:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/06/05 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/05 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Mozilla
[2011/06/05 10:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/06/05 10:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2011/06/05 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/06/05 10:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2011/06/05 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\HpUpdate
[2011/06/05 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/06/05 10:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/06/05 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/06/04 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2011/06/04 15:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/04 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/04 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\NPE
[2011/06/04 14:02:14 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/06/04 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Desktop\The Pink Sink
[2011/06/04 13:16:15 | 000,000,000 | R--D | C] -- C:\Backup
[2011/06/04 13:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/06/04 13:13:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/06/04 13:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/06/04 13:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/06/04 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/06/04 13:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/06/04 13:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/04 12:13:40 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/04 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/04 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/04 11:59:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/04 11:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/06/04 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/04 11:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/06/04 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/06/04 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/06/04 11:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/06/04 11:34:34 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\HP
[2011/06/04 11:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/04 11:33:35 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Google
[2011/06/04 11:33:33 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Google
[2011/06/04 11:32:05 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Desktop\Desktop Icons
[2011/06/04 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/06/04 11:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/06/04 11:29:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2011/06/04 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\ATI
[2011/06/04 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\ATI
[2011/06/04 11:27:44 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Acer
[2011/06/04 11:27:41 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Leadertech
[2011/06/04 11:27:26 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\EgisTec
[2011/06/04 11:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/06/04 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Macromedia
[2011/06/04 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Adobe
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Searches
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/04 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Identities
[2011/06/04 11:24:01 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Contacts
[2011/06/04 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\VirtualStore
[2011/06/04 11:22:41 | 000,000,000 | -H-D | C] -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/04 11:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2011/06/04 11:20:22 | 000,000,000 | --SD | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Videos
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Saved Games
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Pictures
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Music
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Links
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Favorites
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Downloads
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\My Documents
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Desktop
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\Temporary Internet Files
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Templates
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Start Menu
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\SendTo
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Recent
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\PrintHood
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\NetHood
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Videos
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Pictures
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Music
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\My Documents
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Local Settings
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\History
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Cookies
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Application Data
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\Application Data
[2011/06/04 11:20:22 | 000,000,000 | -H-D | C] -- C:\Users\Toonsday\AppData
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Temp
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Microsoft
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Media Center Programs
[2011/06/04 11:19:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/06/05 21:00:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/05 17:36:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/05 17:20:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 17:20:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/05 17:17:40 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/05 17:17:40 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/05 17:17:40 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/05 17:13:59 | 000,012,011 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/06/05 17:12:04 | 000,425,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/05 17:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 17:11:25 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 17:10:47 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011/06/05 13:01:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/06/05 13:01:27 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 10:57:24 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/06/05 10:56:10 | 000,002,240 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2011/06/04 19:35:04 | 520,138,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/04 15:09:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/04 15:08:36 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 14:02:14 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/06/04 13:18:07 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/04 13:18:07 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/04 13:14:08 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/06/04 12:13:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/04 11:39:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/04 11:39:52 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/06/04 11:33:20 | 000,001,445 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 11:29:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/04 11:21:16 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/05/10 07:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2011/06/05 17:10:47 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011/06/05 13:01:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/05 13:01:27 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/05 13:01:27 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 10:59:16 | 000,001,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/06/05 10:57:24 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/06/05 10:56:10 | 000,002,240 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2011/06/04 19:35:04 | 520,138,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/04 15:09:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/04 15:08:36 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 15:08:07 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/04 14:04:03 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/06/04 13:09:15 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2011/06/04 13:07:15 | 2211,483,648 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 12:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/04 11:55:01 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 11:54:57 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 11:47:52 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/04 11:47:20 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/04 11:33:20 | 000,001,445 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 11:29:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/04 11:26:41 | 000,001,417 | ---- | C] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/06/04 11:22:03 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/06/04 11:21:16 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/06/04 11:20:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/04 11:20:48 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2011/06/04 11:20:22 | 000,000,290 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/04 11:20:22 | 000,000,272 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/11/05 15:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2009/11/05 14:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/04 11:27:44 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Acer
[2011/06/05 12:56:57 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\HBLite
[2011/06/04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Leadertech
[2011/06/04 11:39:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/06/04 11:39:52 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/14 00:08:49 | 000,004,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8B49EF2

< End of report >
  • 0

Advertisements

#2
robtoon4
Posted 07 June 2011 - 07:47 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Computer went down again and didn't want to restart last night. We finally got it back up and are still having the redirect issues. Need help please...
  • 0

#3
Essexboy
Posted 07 June 2011 - 10:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Help on its way :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/04/29 16:59:32 | 000,227,840 | ---- | M] (Mp3Tube) -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe
    PRC - [2011/04/29 13:12:50 | 000,184,320 | ---- | M] (Mp3Tube) -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe
    SRV - [2011/04/29 16:59:32 | 000,227,840 | ---- | M] (Mp3Tube) [Auto | Running] -- C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe -- (Mp3Tube Toolbar Service)
    FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolba...={searchTerms}"
    FF - prefs.js..keyword.URL: "http://www.questscan...anPB&keywords="
    [2011/06/05 13:01:27 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
    File not found (No name found) --
    [2011/06/05 12:56:59 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES (X86)\HBLITE\BIN\11.0.363.0\FIREFOX\EXTENSIONS
    [2011/06/05 17:12:42 | 000,001,211 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\Mp3Tube.xml
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Mp3Tube Toolbar) - {46897C77-E7A6-4c33-BFFB-E9C2E2718942} - C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.DLL (Mp3Tube Toolbar)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    [2011/06/05 12:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3Tube Toolbar
    [2011/06/05 12:57:09 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\blinkx beat
    [2011/06/05 12:57:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blinkx
    [2011/06/05 12:57:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
    [2011/06/05 12:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\HBLiteSA
    [2011/06/05 12:56:57 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\HBLite
    [2011/06/05 12:56:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HBLite
    [2011/06/05 12:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShoppingReport2
    [2011/06/05 10:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2011/06/05 10:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2011/06/04 16:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
    [2011/06/04 11:21:16 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
    [2011/06/04 11:21:16 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
    [2011/06/05 12:56:57 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\HBLite


    :files
    attrib -H c:\*.* /s /d /c
    ipconfig /flushdns /c
    C:\Program Files (x86)\Mp3Tube Toolbar
    C:\PROGRAM FILES (X86)\HBLITE
    C:\Program Files (x86)\Search Toolbar
    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#4
robtoon4
Posted 10 June 2011 - 08:30 PM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 6/10/2011 9:07:10 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Toonsday\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 53.61% Memory free
5.49 Gb Paging File | 3.96 Gb Available in Paging File | 72.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 89.23 Gb Free Space | 65.16% Space Free | Partition Type: NTFS

Computer Name: PRISCILLA | User Name: Toonsday | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 20:57:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toonsday\Downloads\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/21 21:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/23 16:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/23 16:51:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/22 16:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/16 22:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/04/09 20:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/04/09 14:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/04/09 11:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 20:57:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toonsday\Downloads\OTL.exe
MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/01/23 13:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/06/18 13:08:44 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/06/16 23:29:18 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/05 15:20:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/23 16:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/22 16:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/06/16 22:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/09 20:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/04/09 14:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/04/09 11:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/04 20:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 13:15:16 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/06/18 13:15:16 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/06/18 13:15:16 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/06/18 13:08:50 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/09 17:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: ""
FF - prefs.js..browser.search..defaultenginename: ""
FF - prefs.js..browser.search..order.1: ""
FF - prefs.js..browser.search..selectedEngine: ""
FF - prefs.js..browser.search..selectedEngineURL: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/06/10 23:58:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/05 10:59:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/05 10:59:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/08 17:20:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 17:20:18 | 000,000,000 | ---D | M]

[2011/06/05 13:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toonsday\AppData\Roaming\Mozilla\Extensions
[2011/06/10 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/06/06 23:32:40 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2011/06/06 23:32:40 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/10 19:46:09 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [cftmon] File not found
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [SmartIndex] C:\Windows\Temp\_ex-08.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/10 19:44:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/09 09:26:29 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Documents\My Digital Editions
[2011/06/09 09:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/06/07 08:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/07 08:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/07 07:34:18 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Adobe
[2011/06/07 05:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/06/07 04:54:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/07 04:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/06 23:32:40 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Catalina Marketing Corp
[2011/06/06 23:32:36 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2011/06/06 21:07:43 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Documents\OneNote Notebooks
[2011/06/06 07:23:58 | 000,000,000 | ---D | C] -- C:\bad4f202576efe8b9311f9
[2011/06/05 13:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/06/05 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/06/05 13:18:21 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Microsoft Help
[2011/06/05 13:01:35 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Mozilla
[2011/06/05 13:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/06/05 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Diagnostics
[2011/06/05 10:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/06/05 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/05 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Mozilla
[2011/06/05 10:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/06/05 10:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2011/06/05 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\HpUpdate
[2011/06/05 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/06/05 10:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/06/05 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/06/04 15:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/04 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/04 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\NPE
[2011/06/04 14:02:14 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/06/04 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Desktop\The Pink Sink
[2011/06/04 13:16:15 | 000,000,000 | R--D | C] -- C:\Backup
[2011/06/04 13:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/06/04 13:13:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/06/04 13:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/06/04 13:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/06/04 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/06/04 13:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/06/04 13:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/04 12:13:40 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/04 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/04 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/04 11:59:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/04 11:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/06/04 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/04 11:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/06/04 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/06/04 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/06/04 11:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/06/04 11:34:34 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\HP
[2011/06/04 11:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/04 11:33:35 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Google
[2011/06/04 11:33:33 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Google
[2011/06/04 11:32:05 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Desktop\Desktop Icons
[2011/06/04 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/06/04 11:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/06/04 11:29:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2011/06/04 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\ATI
[2011/06/04 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\ATI
[2011/06/04 11:27:44 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Acer
[2011/06/04 11:27:41 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Leadertech
[2011/06/04 11:27:26 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\EgisTec
[2011/06/04 11:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/06/04 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Macromedia
[2011/06/04 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Adobe
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Searches
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/04 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Identities
[2011/06/04 11:24:01 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Contacts
[2011/06/04 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\VirtualStore
[2011/06/04 11:22:41 | 000,000,000 | -H-D | C] -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/04 11:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2011/06/04 11:20:22 | 000,000,000 | --SD | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Videos
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Saved Games
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Pictures
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Music
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Links
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Favorites
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Downloads
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\My Documents
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Desktop
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\Temporary Internet Files
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Templates
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Start Menu
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\SendTo
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Recent
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\PrintHood
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\NetHood
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Videos
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Pictures
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Music
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\My Documents
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Local Settings
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\History
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Cookies
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Application Data
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\Application Data
[2011/06/04 11:20:22 | 000,000,000 | -H-D | C] -- C:\Users\Toonsday\AppData
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Temp
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Microsoft
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Media Center Programs
[2011/06/04 11:19:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/06/10 21:18:19 | 000,743,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/10 21:18:19 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/10 21:18:19 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/10 21:11:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 21:11:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/10 21:04:15 | 000,014,009 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/06/10 21:04:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 21:02:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/10 21:02:14 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/10 19:46:09 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/09 17:00:07 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 11:10:30 | 000,000,054 | ---- | M] () -- C:\Windows\SysWow64\winset.ini
[2011/06/09 09:33:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/09 09:28:50 | 000,002,483 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/09 09:25:22 | 000,002,210 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011/06/09 09:25:22 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011/06/08 05:08:29 | 000,425,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/07 23:27:14 | 000,902,833 | ---- | M] () -- C:\Users\Toonsday\Documents\writingworksheetsa-z.pdf
[2011/06/07 08:58:09 | 000,001,290 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/07 08:58:09 | 000,001,266 | ---- | M] () -- C:\Users\Toonsday\Desktop\Spybot - Search & Destroy.lnk
[2011/06/06 21:07:43 | 000,001,314 | ---- | M] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/05 13:01:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/06/05 13:01:27 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 10:57:24 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/06/05 10:56:10 | 000,002,240 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2011/06/04 19:35:04 | 520,138,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/04 15:09:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/04 15:08:36 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 14:02:14 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/06/04 13:18:07 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/04 13:18:07 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/04 13:14:08 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/06/04 12:13:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/04 11:39:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/04 11:39:52 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/06/04 11:33:20 | 000,001,445 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 11:29:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2011/06/09 11:10:28 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\winset.ini
[2011/06/09 09:33:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/09 09:25:22 | 000,002,210 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011/06/09 09:25:22 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011/06/09 09:25:22 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011/06/07 23:27:14 | 000,902,833 | ---- | C] () -- C:\Users\Toonsday\Documents\writingworksheetsa-z.pdf
[2011/06/07 09:46:39 | 000,002,483 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/07 08:58:09 | 000,001,290 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/07 08:58:09 | 000,001,266 | ---- | C] () -- C:\Users\Toonsday\Desktop\Spybot - Search & Destroy.lnk
[2011/06/06 21:07:43 | 000,001,314 | ---- | C] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/05 13:01:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/05 13:01:27 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/05 13:01:27 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 10:59:16 | 000,001,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/06/05 10:57:24 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/06/05 10:56:10 | 000,002,240 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2011/06/04 19:35:04 | 520,138,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/04 15:09:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/04 15:08:36 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 15:08:07 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/04 14:04:03 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/06/04 13:09:15 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2011/06/04 13:07:15 | 2211,483,648 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 12:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/04 11:55:01 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 11:54:57 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 11:47:52 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/04 11:47:20 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/04 11:33:20 | 000,001,445 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 11:29:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/04 11:26:41 | 000,001,417 | ---- | C] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/06/04 11:22:03 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/06/04 11:20:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/04 11:20:48 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2011/06/04 11:20:22 | 000,000,290 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/04 11:20:22 | 000,000,272 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/11/05 15:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2009/11/05 14:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/04 11:27:44 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Acer
[2011/06/06 23:32:41 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Catalina Marketing Corp
[2011/06/04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Leadertech
[2011/06/04 11:39:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/06/04 11:39:52 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/14 00:08:49 | 000,006,896 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8B49EF2

< End of report >
  • 0

#5
robtoon4
Posted 10 June 2011 - 08:35 PM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-06-10 21:32:31
-----------------------------
21:32:32.352 OS Version: Windows x64 6.1.7600
21:32:32.352 Number of processors: 1 586 0x7C02
21:32:32.353 ComputerName: PRISCILLA UserName: Toonsday
21:32:46.291 Initialize success
21:32:59.215 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:32:59.218 Disk 0 Vendor: TOSHIBA_MK1655GSX FG011J Size: 152627MB BusType: 11
21:32:59.222 Device \Driver\atapi -> MajorFunction fffffa80030b56c0
21:33:01.230 Disk 0 MBR read successfully
21:33:01.233 Disk 0 MBR scan
21:33:01.238 Disk 0 TDL4@MBR code has been found
21:33:01.242 Disk 0 Windows 7 default MBR code found via API
21:33:01.246 Disk 0 MBR hidden
21:33:01.250 Disk 0 MBR [TDL4] **ROOTKIT**
21:33:01.258 Disk 0 trace - called modules:
21:33:01.264 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80030b56c0]<<
21:33:01.271 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003054750]
21:33:01.277 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa8003053760]
21:33:01.285 5 ACPI.sys[fffff88000e65781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fe5060]
21:33:01.637 \Driver\atapi[0xfffffa80030526c0] -> IRP_MJ_CREATE -> 0xfffffa80030b56c0
21:33:01.647 Scan finished successfully
21:34:32.474 Disk 0 MBR has been saved successfully to "C:\Users\Toonsday\Desktop\MBR.dat"
21:34:33.099 The log file has been saved successfully to "C:\Users\Toonsday\Desktop\aswMBR.txt"
  • 0

#6
Essexboy
Posted 11 June 2011 - 05:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time to get busy now and kill the remains of what I see

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

THEN

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [SmartIndex] C:\Windows\Temp\_ex-08.exe ()

    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

:Nearly there

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#7
robtoon4
Posted 11 June 2011 - 10:12 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
2011/06/11 11:03:00.0438 5336 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 11:03:01.0624 5336 ================================================================================
2011/06/11 11:03:01.0624 5336 SystemInfo:
2011/06/11 11:03:01.0624 5336
2011/06/11 11:03:01.0624 5336 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/11 11:03:01.0624 5336 Product type: Workstation
2011/06/11 11:03:01.0624 5336 ComputerName: PRISCILLA
2011/06/11 11:03:01.0624 5336 UserName: Toonsday
2011/06/11 11:03:01.0624 5336 Windows directory: C:\Windows
2011/06/11 11:03:01.0624 5336 System windows directory: C:\Windows
2011/06/11 11:03:01.0624 5336 Running under WOW64
2011/06/11 11:03:01.0624 5336 Processor architecture: Intel x64
2011/06/11 11:03:01.0624 5336 Number of processors: 1
2011/06/11 11:03:01.0624 5336 Page size: 0x1000
2011/06/11 11:03:01.0624 5336 Boot type: Normal boot
2011/06/11 11:03:01.0624 5336 ================================================================================
2011/06/11 11:03:05.0836 5336 Initialize success
2011/06/11 11:03:09.0221 3632 ================================================================================
2011/06/11 11:03:09.0221 3632 Scan started
2011/06/11 11:03:09.0221 3632 Mode: Manual;
2011/06/11 11:03:09.0221 3632 ================================================================================
2011/06/11 11:03:11.0327 3632 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/11 11:03:11.0655 3632 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/11 11:03:11.0857 3632 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/11 11:03:12.0232 3632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/11 11:03:12.0591 3632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/11 11:03:12.0949 3632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/11 11:03:13.0355 3632 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/11 11:03:13.0589 3632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/11 11:03:13.0839 3632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/11 11:03:14.0213 3632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/11 11:03:14.0509 3632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/11 11:03:14.0587 3632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/11 11:03:14.0868 3632 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/11 11:03:15.0227 3632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/11 11:03:15.0617 3632 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/11 11:03:15.0898 3632 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/11 11:03:16.0272 3632 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/11 11:03:16.0631 3632 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/11 11:03:16.0959 3632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/11 11:03:17.0177 3632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/11 11:03:17.0645 3632 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
2011/06/11 11:03:18.0503 3632 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/11 11:03:19.0158 3632 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/06/11 11:03:19.0579 3632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/11 11:03:20.0016 3632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/11 11:03:20.0484 3632 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
2011/06/11 11:03:20.0890 3632 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/11 11:03:21.0405 3632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/11 11:03:21.0670 3632 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/11 11:03:22.0060 3632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/11 11:03:22.0278 3632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/11 11:03:22.0590 3632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/11 11:03:22.0840 3632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/11 11:03:23.0167 3632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/11 11:03:23.0495 3632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/11 11:03:23.0776 3632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/11 11:03:24.0181 3632 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/11 11:03:24.0603 3632 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/11 11:03:24.0915 3632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/11 11:03:25.0149 3632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/11 11:03:25.0523 3632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/11 11:03:25.0773 3632 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/11 11:03:26.0163 3632 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/11 11:03:26.0631 3632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/11 11:03:26.0927 3632 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/11 11:03:27.0192 3632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/11 11:03:27.0645 3632 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/11 11:03:27.0941 3632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/11 11:03:28.0191 3632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/11 11:03:28.0674 3632 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2011/06/11 11:03:29.0095 3632 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/11 11:03:29.0532 3632 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/11 11:03:30.0156 3632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/11 11:03:30.0796 3632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/11 11:03:31.0201 3632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/11 11:03:31.0513 3632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/11 11:03:31.0825 3632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/11 11:03:32.0075 3632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/11 11:03:32.0340 3632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/11 11:03:32.0590 3632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/11 11:03:32.0824 3632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/11 11:03:33.0198 3632 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/11 11:03:33.0510 3632 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/11 11:03:33.0807 3632 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/11 11:03:34.0072 3632 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/11 11:03:34.0368 3632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/11 11:03:34.0914 3632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/11 11:03:35.0304 3632 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/11 11:03:35.0585 3632 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/11 11:03:35.0835 3632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/11 11:03:36.0396 3632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/11 11:03:36.0708 3632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/11 11:03:37.0629 3632 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/11 11:03:37.0894 3632 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/11 11:03:38.0253 3632 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/11 11:03:38.0471 3632 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/11 11:03:39.0454 3632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/11 11:03:40.0000 3632 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/11 11:03:40.0624 3632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/11 11:03:41.0451 3632 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/11 11:03:42.0168 3632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/11 11:03:42.0964 3632 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/11 11:03:43.0713 3632 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/11 11:03:44.0571 3632 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/11 11:03:45.0803 3632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/11 11:03:46.0177 3632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/11 11:03:46.0427 3632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/11 11:03:46.0661 3632 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/11 11:03:47.0238 3632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/11 11:03:47.0925 3632 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/11 11:03:48.0205 3632 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/11 11:03:48.0533 3632 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/11 11:03:48.0907 3632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/11 11:03:50.0265 3632 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
2011/06/11 11:03:51.0013 3632 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/11 11:03:51.0949 3632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/11 11:03:52.0308 3632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/11 11:03:52.0573 3632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/11 11:03:52.0839 3632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/11 11:03:53.0400 3632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/11 11:03:53.0821 3632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/11 11:03:54.0133 3632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/11 11:03:54.0430 3632 mfeavfk (088620da20b98578bfc4b97043f24042) C:\Windows\system32\drivers\mfeavfk.sys
2011/06/11 11:03:54.0695 3632 mfehidk (239e677e3e9047550c18b30c26c3ba3e) C:\Windows\system32\drivers\mfehidk.sys
2011/06/11 11:03:54.0882 3632 mferkdk (bb6bdc9029ca71d652eadc40ff78f7cb) C:\Windows\system32\drivers\mferkdk.sys
2011/06/11 11:03:55.0272 3632 mfesmfk (1f56e31db436287581cbe9a5c4c70e0e) C:\Windows\system32\drivers\mfesmfk.sys
2011/06/11 11:03:55.0756 3632 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/11 11:03:56.0099 3632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/11 11:03:56.0364 3632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/11 11:03:56.0754 3632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/11 11:03:57.0035 3632 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/11 11:03:57.0378 3632 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/06/11 11:03:57.0597 3632 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/06/11 11:03:57.0784 3632 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/11 11:03:58.0065 3632 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/06/11 11:03:58.0252 3632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/11 11:03:58.0642 3632 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/11 11:03:58.0954 3632 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/11 11:03:59.0359 3632 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/11 11:03:59.0687 3632 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/11 11:03:59.0983 3632 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/11 11:04:00.0217 3632 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/11 11:04:00.0607 3632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/11 11:04:00.0795 3632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/11 11:04:01.0153 3632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/11 11:04:01.0497 3632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/11 11:04:01.0809 3632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/11 11:04:02.0167 3632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/11 11:04:02.0448 3632 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/11 11:04:02.0791 3632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/11 11:04:03.0197 3632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/11 11:04:03.0447 3632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/11 11:04:03.0743 3632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/11 11:04:04.0055 3632 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
2011/06/11 11:04:04.0336 3632 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
2011/06/11 11:04:04.0648 3632 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
2011/06/11 11:04:05.0178 3632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/11 11:04:05.0599 3632 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/11 11:04:05.0802 3632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/11 11:04:06.0083 3632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/11 11:04:06.0442 3632 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/11 11:04:06.0691 3632 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/11 11:04:06.0910 3632 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/11 11:04:07.0206 3632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/11 11:04:07.0487 3632 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/11 11:04:07.0861 3632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/11 11:04:08.0158 3632 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/06/11 11:04:08.0439 3632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/11 11:04:08.0657 3632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/11 11:04:08.0985 3632 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/11 11:04:09.0453 3632 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
2011/06/11 11:04:09.0687 3632 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/11 11:04:09.0921 3632 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/11 11:04:10.0170 3632 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/11 11:04:10.0451 3632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/11 11:04:10.0763 3632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/11 11:04:11.0169 3632 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/11 11:04:11.0434 3632 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/11 11:04:11.0668 3632 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/11 11:04:11.0855 3632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/11 11:04:12.0089 3632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/11 11:04:12.0323 3632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/11 11:04:12.0666 3632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/11 11:04:13.0212 3632 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/11 11:04:13.0431 3632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/11 11:04:13.0758 3632 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/11 11:04:14.0086 3632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/11 11:04:14.0445 3632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/11 11:04:14.0710 3632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/11 11:04:14.0928 3632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/11 11:04:15.0162 3632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/11 11:04:15.0443 3632 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/11 11:04:15.0817 3632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/11 11:04:16.0239 3632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/11 11:04:16.0473 3632 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/11 11:04:16.0800 3632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/11 11:04:17.0190 3632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/11 11:04:17.0518 3632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/11 11:04:17.0736 3632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/11 11:04:17.0814 3632 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/11 11:04:18.0204 3632 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/11 11:04:18.0532 3632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/11 11:04:19.0343 3632 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/11 11:04:19.0671 3632 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/11 11:04:19.0983 3632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/11 11:04:20.0263 3632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/11 11:04:20.0575 3632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/11 11:04:20.0809 3632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/11 11:04:21.0215 3632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/11 11:04:21.0465 3632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/11 11:04:21.0761 3632 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/11 11:04:22.0042 3632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/11 11:04:22.0401 3632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/11 11:04:22.0775 3632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/11 11:04:23.0196 3632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/11 11:04:23.0555 3632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/11 11:04:23.0883 3632 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/06/11 11:04:24.0210 3632 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/11 11:04:24.0647 3632 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/11 11:04:25.0224 3632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/11 11:04:25.0692 3632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/11 11:04:26.0254 3632 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
2011/06/11 11:04:26.0815 3632 Tcpip (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\drivers\tcpip.sys
2011/06/11 11:04:27.0580 3632 TCPIP6 (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/11 11:04:27.0939 3632 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/11 11:04:28.0469 3632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/11 11:04:28.0687 3632 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/11 11:04:29.0155 3632 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/11 11:04:29.0499 3632 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/11 11:04:30.0029 3632 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/11 11:04:30.0372 3632 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/11 11:04:30.0653 3632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/11 11:04:30.0918 3632 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
2011/06/11 11:04:31.0137 3632 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/11 11:04:31.0417 3632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/11 11:04:31.0807 3632 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/11 11:04:32.0041 3632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/11 11:04:32.0307 3632 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/11 11:04:32.0899 3632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/11 11:04:33.0118 3632 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/11 11:04:33.0960 3632 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/06/11 11:04:34.0303 3632 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/11 11:04:34.0647 3632 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/11 11:04:34.0974 3632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/11 11:04:35.0286 3632 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/11 11:04:35.0583 3632 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/11 11:04:35.0832 3632 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/11 11:04:36.0269 3632 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/06/11 11:04:36.0675 3632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/11 11:04:37.0002 3632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/11 11:04:37.0330 3632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/11 11:04:37.0642 3632 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/11 11:04:38.0016 3632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/11 11:04:38.0375 3632 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/11 11:04:38.0671 3632 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/11 11:04:39.0264 3632 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/11 11:04:39.0576 3632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/11 11:04:39.0888 3632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/06/11 11:04:40.0185 3632 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/06/11 11:04:40.0606 3632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/11 11:04:40.0933 3632 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 11:04:41.0043 3632 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 11:04:41.0370 3632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/11 11:04:41.0651 3632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/11 11:04:42.0041 3632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/11 11:04:42.0291 3632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/11 11:04:42.0727 3632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/11 11:04:43.0008 3632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/11 11:04:43.0367 3632 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/11 11:04:43.0648 3632 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/11 11:04:43.0835 3632 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/06/11 11:04:43.0851 3632 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/11 11:04:43.0866 3632 ================================================================================
2011/06/11 11:04:43.0866 3632 Scan finished
2011/06/11 11:04:43.0866 3632 ================================================================================
2011/06/11 11:04:43.0897 4296 Detected object count: 1
2011/06/11 11:04:43.0897 4296 Actual detected object count: 1
2011/06/11 11:04:53.0211 4296 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/11 11:04:53.0211 4296 \Device\Harddisk0\DR0 - ok
2011/06/11 11:04:53.0211 4296 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/11 11:05:26.0692 1096 Deinitialize success
  • 0

#8
robtoon4
Posted 11 June 2011 - 10:26 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SmartIndex deleted successfully.
C:\Windows\Temp\_ex-08.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Toonsday\Downloads\cmd.bat deleted successfully.
C:\Users\Toonsday\Downloads\cmd.txt deleted successfully.
< attrib -H c:\*.* /s /d /c >
Error opening cmd.txt file...
C:\Users\Toonsday\Downloads\cmd.bat deleted successfully.
C:\Users\Toonsday\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Toonsday
->Temp folder emptied: 779079 bytes
->Temporary Internet Files folder emptied: 350405212 bytes
->FireFox cache emptied: 48911358 bytes
->Flash cache emptied: 653 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21438888 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 402.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Toonsday
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.23.0 log created on 06112011_111402

Files\Folders moved on Reboot...
C:\Users\Toonsday\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\urlclassifier3.sqlite moved successfully.
C:\Users\Toonsday\AppData\Local\Mozilla\Firefox\Profiles\enoregqb.default\XUL.mfl moved successfully.
File\Folder C:\Windows\temp\mcmsc_20ZbMyf1yefFj9s not found!
File\Folder C:\Windows\temp\mcmsc_JNl8AnDoPRuiQb8 not found!
File\Folder C:\Windows\temp\mcmsc_l7ntS0gQWDnQYqf not found!
C:\Windows\temp\MpCmdRun.log moved successfully.
C:\Windows\temp\MpSigStub.log moved successfully.
C:\Windows\temp\sqlite_0Phm5EBFldoK4tP moved successfully.
C:\Windows\temp\sqlite_9L8Anv1JKNPmJZ3 moved successfully.
File\Folder C:\Windows\temp\sqlite_furo2jSqXw1FZwi not found!
File\Folder C:\Windows\temp\sqlite_ginZDwyEJ8aD9wa not found!
File\Folder C:\Windows\temp\sqlite_Pdcv5Y05OCahFt8 not found!
C:\Windows\temp\sqlite_RudiIzX9rq15gcu moved successfully.
File\Folder C:\Windows\temp\sqlite_YZPXBb8q8OCPzXl not found!

Registry entries deleted on Reboot...
  • 0

#9
robtoon4
Posted 11 June 2011 - 10:33 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay, last one...


RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Toonsday [Admin rights]
Mode: Shortcuts HJfix -- Date : 06/11/2011 11:31:18

Bad processes: 0

File attributes restored:
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 65 / Fail 0
My documents: Success 5 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 563 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#10
Essexboy
Posted 11 June 2011 - 10:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Phew :)

OK could you now check for redirects please, ensure that all files and folders are present on your start menu. Once you are happy with that bit we will then sweep for orphans and see what problems remain

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

Advertisements

#11
robtoon4
Posted 11 June 2011 - 10:46 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Forgot this one.



OTL logfile created on: 6/11/2011 11:36:07 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Toonsday\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 57.73% Memory free
5.49 Gb Paging File | 3.97 Gb Available in Paging File | 72.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 136.95 Gb Total Space | 89.06 Gb Free Space | 65.03% Space Free | Partition Type: NTFS

Computer Name: PRISCILLA | User Name: Toonsday | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/05 20:57:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toonsday\Downloads\OTL.exe
PRC - [2011/04/14 11:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:47:34 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/10/21 21:53:42 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/23 16:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/23 16:51:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2009/07/22 16:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/16 22:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/04/09 20:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/04/09 14:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/04/09 11:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | R-S- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe


========== Modules (SafeList) ==========

MOD - [2011/06/05 20:57:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Toonsday\Downloads\OTL.exe
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009/01/23 13:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/06/18 13:08:44 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/06/16 23:29:18 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/05 15:20:00 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/23 16:51:26 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/22 16:16:30 | 000,894,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/06/16 22:00:46 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/09 20:04:30 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
SRV - [2009/04/09 14:46:14 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/04/09 11:18:50 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/23 13:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2009/10/04 20:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 13:15:16 | 000,307,400 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/06/18 13:15:16 | 000,102,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/06/18 13:15:16 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/06/18 13:08:50 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/09 17:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...h4z195t4812x208
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: ""
FF - prefs.js..browser.search..defaultenginename: ""
FF - prefs.js..browser.search..order.1: ""
FF - prefs.js..browser.search..selectedEngine: ""
FF - prefs.js..browser.search..selectedEngineURL: ""
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/06/11 13:50:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/05 10:59:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/05 10:59:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/08 17:20:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 17:20:18 | 000,000,000 | ---D | M]

[2011/06/05 13:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Toonsday\AppData\Roaming\Mozilla\Extensions
[2011/06/10 19:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/06/06 23:32:40 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
[2011/06/06 23:32:40 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/11 11:15:33 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [cftmon] File not found
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 11:31:18 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Desktop\RK_Quarantine
[2011/06/10 19:44:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/09 09:26:29 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Documents\My Digital Editions
[2011/06/09 09:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Toonsday\Desktop\TDSSKiller.exe
[2011/06/07 08:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/06/07 08:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/06/07 07:34:18 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Adobe
[2011/06/07 05:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/06/07 04:54:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/06/07 04:54:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/06/06 23:32:40 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Catalina Marketing Corp
[2011/06/06 23:32:36 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
[2011/06/06 21:07:43 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Documents\OneNote Notebooks
[2011/06/06 07:23:58 | 000,000,000 | ---D | C] -- C:\bad4f202576efe8b9311f9
[2011/06/05 13:25:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2011/06/05 13:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/06/05 13:18:21 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Microsoft Help
[2011/06/05 13:01:35 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Mozilla
[2011/06/05 13:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/06/05 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Diagnostics
[2011/06/05 10:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011/06/05 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/06/05 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Mozilla
[2011/06/05 10:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011/06/05 10:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2011/06/05 10:56:42 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\HpUpdate
[2011/06/05 10:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/06/05 10:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/06/05 10:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/06/04 15:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/06/04 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/04 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\NPE
[2011/06/04 14:02:14 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2011/06/04 13:23:43 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Desktop\The Pink Sink
[2011/06/04 13:16:15 | 000,000,000 | R--D | C] -- C:\Backup
[2011/06/04 13:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/06/04 13:13:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/06/04 13:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2011/06/04 13:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/06/04 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/06/04 13:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/06/04 13:10:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/06/04 12:13:40 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/06/04 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/04 12:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/04 11:59:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/04 11:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/06/04 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/06/04 11:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/06/04 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/06/04 11:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/06/04 11:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/06/04 11:34:34 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\HP
[2011/06/04 11:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/06/04 11:33:35 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Google
[2011/06/04 11:33:33 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Google
[2011/06/04 11:32:05 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Desktop\Desktop Icons
[2011/06/04 11:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/06/04 11:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/06/04 11:29:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2011/06/04 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\ATI
[2011/06/04 11:28:27 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\ATI
[2011/06/04 11:27:44 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Acer
[2011/06/04 11:27:41 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Leadertech
[2011/06/04 11:27:26 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\EgisTec
[2011/06/04 11:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2011/06/04 11:27:03 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Macromedia
[2011/06/04 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Adobe
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Searches
[2011/06/04 11:24:40 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/06/04 11:24:07 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Identities
[2011/06/04 11:24:01 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Contacts
[2011/06/04 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\VirtualStore
[2011/06/04 11:22:41 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/06/04 11:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2011/06/04 11:20:22 | 000,000,000 | --SD | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Videos
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Saved Games
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Pictures
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Music
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Links
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Favorites
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Downloads
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\My Documents
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\Desktop
[2011/06/04 11:20:22 | 000,000,000 | R--D | C] -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\Temporary Internet Files
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Templates
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Start Menu
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\SendTo
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Recent
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\PrintHood
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\NetHood
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Videos
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Pictures
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Documents\My Music
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\My Documents
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Local Settings
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\History
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Cookies
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\Application Data
[2011/06/04 11:20:22 | 000,000,000 | -HSD | C] -- C:\Users\Toonsday\AppData\Local\Application Data
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Temp
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Local\Microsoft
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData\Roaming\Media Center Programs
[2011/06/04 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Toonsday\AppData
[2011/06/04 11:19:59 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2011/06/11 11:32:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 11:32:30 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/11 11:25:25 | 000,014,325 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011/06/11 11:24:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 11:23:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/11 11:23:42 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 11:15:33 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/06/11 11:04:29 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/11 11:04:29 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/11 11:04:28 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/11 11:00:08 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/09 11:10:30 | 000,000,054 | ---- | M] () -- C:\Windows\SysWow64\winset.ini
[2011/06/09 09:33:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/09 09:28:50 | 000,002,483 | ---- | M] () -- C:\Windows\wininit.ini
[2011/06/09 09:25:22 | 000,002,210 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011/06/09 09:25:22 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011/06/08 05:08:29 | 000,425,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/07 23:27:14 | 000,902,833 | ---- | M] () -- C:\Users\Toonsday\Documents\writingworksheetsa-z.pdf
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Toonsday\Desktop\TDSSKiller.exe
[2011/06/07 08:58:09 | 000,001,290 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/07 08:58:09 | 000,001,266 | ---- | M] () -- C:\Users\Toonsday\Desktop\Spybot - Search & Destroy.lnk
[2011/06/06 21:07:43 | 000,001,314 | ---- | M] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/05 13:01:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/06/05 13:01:27 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 10:57:24 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/06/05 10:56:10 | 000,002,240 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2011/06/04 19:35:04 | 520,138,127 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/04 15:09:09 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/06/04 15:08:36 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 14:02:14 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2011/06/04 13:18:07 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/06/04 13:18:07 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/06/04 13:14:08 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2011/06/04 12:13:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/06/04 11:39:52 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/04 11:39:52 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011/06/04 11:33:20 | 000,001,445 | ---- | M] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 11:29:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

========== Files Created - No Company Name ==========

[2011/06/09 11:10:28 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\winset.ini
[2011/06/09 09:33:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/06/09 09:25:22 | 000,002,210 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011/06/09 09:25:22 | 000,002,198 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2011/06/09 09:25:22 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions.lnk
[2011/06/07 23:27:14 | 000,902,833 | ---- | C] () -- C:\Users\Toonsday\Documents\writingworksheetsa-z.pdf
[2011/06/07 09:46:39 | 000,002,483 | ---- | C] () -- C:\Windows\wininit.ini
[2011/06/07 08:58:09 | 000,001,290 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/06/07 08:58:09 | 000,001,266 | ---- | C] () -- C:\Users\Toonsday\Desktop\Spybot - Search & Destroy.lnk
[2011/06/06 21:07:43 | 000,001,314 | ---- | C] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/06/05 13:01:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/05 13:01:27 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/06/05 13:01:27 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/05 10:59:16 | 000,001,384 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011/06/05 10:57:24 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2011/06/05 10:56:10 | 000,002,240 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk
[2011/06/04 19:35:04 | 520,138,127 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/04 15:09:09 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/06/04 15:08:36 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/04 15:08:07 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/04 14:04:03 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2011/06/04 13:09:15 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\oem3.inf
[2011/06/04 13:07:15 | 2211,483,648 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 12:13:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/04 11:55:01 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/04 11:54:57 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/04 11:47:52 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/04 11:47:20 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/04 11:33:20 | 000,001,445 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/04 11:29:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/06/04 11:26:41 | 000,001,417 | ---- | C] () -- C:\Users\Toonsday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/06/04 11:22:03 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
[2011/06/04 11:20:51 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\McDefragTask.job
[2011/06/04 11:20:48 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\McQcTask.job
[2011/06/04 11:20:22 | 000,000,290 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/06/04 11:20:22 | 000,000,272 | ---- | C] () -- C:\Users\Toonsday\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2009/11/05 15:38:52 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
[2009/11/05 14:49:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/06/04 11:27:44 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Acer
[2011/06/06 23:32:41 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Catalina Marketing Corp
[2011/06/04 11:27:41 | 000,000,000 | ---D | M] -- C:\Users\Toonsday\AppData\Roaming\Leadertech
[2011/06/04 11:39:52 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2011/06/04 11:39:52 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/14 00:08:49 | 000,007,404 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:F8B49EF2

< End of report >
  • 0

#12
robtoon4
Posted 11 June 2011 - 11:16 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6835

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/11/2011 12:07:30 PM
mbam-log-2011-06-11 (12-07-30).txt

Scan type: Quick scan
Objects scanned: 161629
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mp3Tube Toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4C33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Trojan.Autorun) -> Value: cftmon -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\winset.ini (Malware.Trace) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf_update.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
  • 0

#13
Essexboy
Posted 11 June 2011 - 11:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#14
robtoon4
Posted 11 June 2011 - 11:39 AM

robtoon4

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
so far no redirects or weird things popping up. We were also having thousands of "updates" configuring on reboot and that has stopped as well. Do you think its cleaned out now? Thanks so very much for your help by the way!
  • 0

#15
Essexboy
Posted 11 June 2011 - 11:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was probably all the windows updates that were blocked

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP