Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Infections limiting internet access

Started by AZCMer , Jul 05 2011 12:14 AM

  • Please log in to reply

#31
Cold Titanium
Posted 12 July 2011 - 08:50 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Welp, I didn't get a response so we are on our own. Let's do this:

If you don't have a blank cd do you have a USB drive we could use?


  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached scan.txt into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to a USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

Advertisements

#32
AZCMer
Posted 12 July 2011 - 10:38 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Ok...thanks for taking the time to continue to help me.

Just to let me be clear about this:

We are making a boot disc and running an otl scan. Is this correct?

What is preventing me from running otl directly? And what kind of information are you trying to glen from this?

Will this boot disc help us get to the point of being able to boot into safe mode? And will it work on a windows 7 system?

I hope you don't mind me making sure I'm clear about what we are doing.

Thanks so much.

Edit:

I made the disc, but haven't run the scan as of yet. I feel like I fell off the horse and am reticent to get back on.

13. Drag and drop this attached scan.txt into the Custom scans and fixes box


Did you mean to attach a file to your post?

Edited by AZCMer, 13 July 2011 - 12:12 AM.

  • 0

#33
Cold Titanium
Posted 13 July 2011 - 06:46 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Ok hold on, I just got a response. They are telling me that one possible cause is an incorrect BIOS setting.

I did some research and all problems described is related to wrong HDD setting in BIOS. Please check if mode of the hard drive is RAID in BIOS. If it is, that is your problem! Change it to ACHI or IDE (what ever is available) and I think this should help.


What is the make and model of your computer? Or if you know how to get into your BIOS look around for the hard drive mode setting and see if it is in RAID.
  • 0

#34
AZCMer
Posted 13 July 2011 - 09:27 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Thanks so much for replying.

My computer is an HP Pavilion p6210y
AMD Athlon II x4 620 Processor
6 gb ram
64-bit operating system

I believe to go to BIOS, I hit the F10 key. Not sure where to check for the hard drive mode. Will check and get back with you.
  • 0

#35
Cold Titanium
Posted 13 July 2011 - 10:10 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
  • Reboot
  • F10
  • Use the arrow keys to go down and select your main hard drive then press enter, you should enter a sub-menu for the HD. See if anything is set to RAID

  • 0

#36
AZCMer
Posted 13 July 2011 - 10:38 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I am unable to get into BIOS.
  • 0

#37
Cold Titanium
Posted 13 July 2011 - 10:52 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Why not? What's happening?
  • 0

#38
AZCMer
Posted 13 July 2011 - 07:03 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
It acts the same way as when I try to get into safe mode...

I start the machine and hit the F10 key repeatedly and the screen remains black.

My only option is to turn the machine off and back on again.
  • 0

#39
Cold Titanium
Posted 13 July 2011 - 07:12 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Ah, this is starting to sound like a hardware error. Tell you what, I'm going to let the hardware technicians take a looksie at you and see what they can find, then you'll return here.

Please start a new topic HERE. Make sure to include a link back to this topic so the techs can look over what we've done so far.

Make sure you tell them about all those errors you got. Everything was going fine until you were browsing and it went nuts.
  • 0

#40
AZCMer
Posted 14 July 2011 - 05:55 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Okay. Thanks so much for your help.

I restored the desktop by doing a system restore which means I had to also get rid of the virii again. My desktop is back and it is looking like my system is clean although I haven't run OTL since the last time on this thread.

I still cannot boot into Safe Mode or access my BIOS.

I have run a hardware check and everything is okay as far as the software tests say.

So, I will post one more OTL log hoping you will check through it one more time and then I will follow your advice by making my way over to the hardware forum and posting there. I do wonder if the remaining trouble has to do with my boot sector since I do not see my splash screen when booting.

Here is my OTL log:

OTL logfile created on: 7/14/2011 4:45:00 PM - Run 7
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\The Reeve Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 73.44% Memory free
17.47 Gb Paging File | 15.57 Gb Available in Paging File | 89.12% Paging File free
Paging file location(s): c:\pagefile.sys 12000 18000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.07 Gb Total Space | 142.40 Gb Free Space | 24.38% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 1.86 Gb Free Space | 15.49% Space Free | Partition Type: NTFS

Computer Name: FAMILYCOMPUTER | User Name: The Reeve Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
PRC - [2011/06/22 13:49:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/18 04:42:52 | 000,275,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2006/06/10 02:10:57 | 000,351,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/11/20 05:19:48 | 002,341,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
MOD - [2010/11/20 04:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009/07/13 18:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 18:15:44 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msiltcfg.dll
MOD - [2009/07/13 18:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/11/23 15:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/11/23 15:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/05/27 14:04:32 | 004,407,152 | ---- | M] (MediaMall Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/07/07 20:07:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/08 13:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 09:33:14 | 002,746,624 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/24 22:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/14 10:02:20 | 000,027,304 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/12 09:03:34 | 000,651,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/09/12 09:03:34 | 000,539,520 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/02/16 10:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...bestbuy&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57131

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {47624dda-b77e-4feb-820a-e4f077d5d4ca}:11.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57131
FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\The Reeve Family\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\The Reeve Family\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/07 01:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/05/25 07:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/22 13:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/16 17:04:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\The Reeve Family\AppData\Roaming\Move Networks [2010/01/09 18:18:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/15 17:51:54 | 000,000,000 | ---D | M]

[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions
[2011/05/07 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/14 13:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions
[2010/10/26 07:37:55 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2011/06/21 12:57:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/21 12:22:23 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\extensions\[email protected]
[2011/07/13 10:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions
[2011/07/13 10:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{4bca5683-57cf-48b1-821c-6d66d3434164}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/29 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\8vfszevh.default\extensions\staged-xpis
[2010/09/22 10:01:11 | 000,002,160 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage-https.xml
[2010/09/22 10:00:52 | 000,002,152 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\Mozilla\Firefox\Profiles\5oidu41j.default\searchplugins\startpage.xml
[2011/07/14 13:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/27 08:40:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\THE REEVE FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5OIDU41J.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/06/22 13:49:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2009/11/06 09:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2010/11/27 08:40:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 09:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/06/03 09:50:13 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110601092809.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110601092809.dll (McAfee, Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [L07AXLRD_2063144] C:\Program Files (x86)\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files (x86)\PicLensIE\cooliris.dll (Cooliris Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: grillflame.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([h50203.www5] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hp.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/14 16:43:11 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2011/07/14 16:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/07/14 13:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/07/14 12:53:56 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\IObit
[2011/07/14 12:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2011/07/14 10:14:04 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{4DDEA5E2-ADA6-4F52-810B-519A012D8AF2}
[2011/07/14 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\HPAppData
[2011/07/13 11:24:49 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/07/13 11:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011/07/13 11:07:29 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Simply Super Software
[2011/07/13 11:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/10 19:17:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/10 09:38:14 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{5A0D5837-605D-4C59-82A9-0ECF369D9AEE}
[2011/07/09 22:45:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/09 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2F4725B1-CD02-43BB-94A1-6A43FA5685B4}
[2011/07/09 20:37:48 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{39A35FF1-12DF-4C1A-B3C5-461CAC397838}
[2011/07/09 08:37:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{D78AA17E-C1AE-4A03-A1E0-EFE804A80412}
[2011/07/08 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{C37D2A75-0ACA-4BA4-B813-852E172DE875}
[2011/07/08 13:10:54 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{2C411667-EE6F-41DD-A08D-A59E2D7F885B}
[2011/07/08 00:04:11 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{1BA57C1F-805C-4C0A-AA48-3C062D1EED45}
[2011/07/08 00:04:00 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{68A82311-8337-4565-82BB-EF91BDF1AD0D}
[2011/07/07 17:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoStitch
[2011/07/07 16:57:45 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\ZoomBrowser EX
[2011/07/07 12:03:15 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{E85CC538-A8B5-4622-930F-F10FCAF03B93}
[2011/07/06 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{9EFAC25E-B872-4E4D-9E2A-71FC08A14B00}
[2011/07/05 21:48:41 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{02D52A9B-68E2-4381-9FCF-51113F4A5747}
[2011/07/05 11:27:10 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Photography
[2011/07/05 09:48:00 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\{152FDEF7-6DF2-42A0-88F9-E16E54781D77}
[2011/07/03 17:22:37 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\Documents\Tessera
[2011/06/20 23:37:11 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Roaming\Canon
[2011/06/20 23:30:25 | 000,000,000 | ---D | C] -- C:\Users\The Reeve Family\AppData\Local\CANON_INC
[2011/06/20 21:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2011/06/20 21:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011/06/20 21:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011/06/20 21:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon

========== Files - Modified Within 30 Days ==========

[2011/07/14 16:43:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\The Reeve Family\Desktop\OTL.exe
[2011/07/14 16:26:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 16:26:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 16:19:50 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/07/14 16:19:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/14 16:19:20 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/14 15:43:59 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/14 15:43:59 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/14 15:43:59 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/14 13:46:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\file.ext
[2011/07/14 13:20:04 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/13 21:42:36 | 000,377,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/13 12:30:13 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/07/04 21:56:57 | 000,006,102 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\B1C6.454
[2011/07/04 21:46:59 | 000,000,106 | ---- | M] () -- C:\Windows\SysWow64\573779942
[2011/06/30 10:24:40 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/06/29 11:24:46 | 000,001,092 | ---- | M] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2011/06/20 21:21:41 | 000,001,294 | ---- | M] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/06/20 21:21:14 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/06/20 21:21:12 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/06/20 21:20:58 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2011/06/16 17:04:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011/07/14 13:20:04 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/07/13 11:08:35 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForThe Reeve Family.job
[2011/07/02 22:32:56 | 000,006,102 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\B1C6.454
[2011/07/01 22:30:14 | 000,000,106 | ---- | C] () -- C:\Windows\SysWow64\573779942
[2011/06/22 10:22:41 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/06/20 21:21:41 | 000,001,294 | ---- | C] () -- C:\Users\Public\Desktop\ZoomBrowser EX.lnk
[2011/06/20 21:21:14 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Picture Style Editor.lnk
[2011/06/20 21:21:12 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\EOS Utility.lnk
[2011/06/20 21:20:58 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Digital Photo Professional.lnk
[2010/07/15 18:07:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat.temp
[2010/07/15 17:46:54 | 000,171,932 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/06/27 13:29:20 | 000,000,070 | ---- | C] () -- C:\Windows\FSaver.ini
[2010/06/27 13:29:19 | 000,000,103 | ---- | C] () -- C:\Windows\Wingmakers.ini
[2010/06/06 08:18:23 | 000,003,235 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp11.html
[2010/06/06 08:18:08 | 000,000,778 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Temp1.html
[2010/04/30 22:34:58 | 000,000,036 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\housecall.guid.cache
[2010/04/30 06:37:02 | 000,003,276 | ---- | C] () -- C:\Windows\SysWow64\NVTBM.ini
[2010/04/08 10:53:05 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/22 08:00:15 | 000,007,605 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Local\Resmon.ResmonCfg
[2010/02/02 13:05:58 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/12/21 10:06:32 | 000,002,325 | ---- | C] () -- C:\Windows\checkip.dat
[2009/12/12 09:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/07 14:41:31 | 000,000,022 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/11/27 09:05:23 | 000,000,848 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2009/11/26 10:12:08 | 000,001,092 | ---- | C] () -- C:\Users\The Reeve Family\AppData\Roaming\wklnhst.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/05 17:01:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2007/08/23 09:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
[2000/06/28 03:00:00 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll

========== LOP Check ==========

[2011/03/24 13:22:25 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Amazon
[2010/01/20 09:15:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Audio Recorder for Free
[2010/05/28 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Barnes & Noble
[2009/11/27 07:32:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\BNeReader
[2010/05/29 12:00:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\calibre
[2011/06/20 23:37:11 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Canon
[2010/11/04 07:37:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Digiarty
[2011/06/07 07:12:03 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Dropbox
[2009/12/02 09:14:06 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit
[2010/01/07 23:08:35 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Foxit Software
[2011/07/14 12:53:56 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\IObit
[2011/03/19 11:53:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Jasc
[2010/03/26 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Leadertech
[2010/08/24 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\muvee Technologies
[2010/07/15 06:30:48 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OpenDNS Updater
[2010/01/09 18:27:12 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\OverDrive
[2009/11/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\PictureMover
[2010/11/27 14:49:57 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\QuickScan
[2010/02/23 15:48:31 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SecondLife
[2010/03/24 21:27:43 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\SystemRequirementsLab
[2009/11/26 10:12:30 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Template
[2011/05/07 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Thunderbird
[2011/02/02 11:46:05 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Visan
[2009/12/18 20:09:29 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WildTangent
[2009/11/26 21:09:37 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WinBatch
[2010/08/07 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\Windows Live Writer
[2010/07/03 07:49:54 | 000,000,000 | ---D | M] -- C:\Users\The Reeve Family\AppData\Roaming\WTouch
[2011/06/30 10:24:40 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/05/26 11:17:36 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 985 bytes -> C:\Users\The Reeve Family\Documents\Lezli, welcome to www_realmindpowersecrets_com !.eml:OECustomProperty
@Alternate Data Stream - 1719 bytes -> C:\Users\The Reeve Family\Documents\Nieuwjaar 2010.eml:OECustomProperty
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
  • 0

Advertisements

#41
Cold Titanium
Posted 14 July 2011 - 07:45 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
What all problems are you experiencing?

One other scan before the techs look at you:

aswMBR got updated, delete the copy on your desktop.

Download aswMBR.exe ( 1.8MB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post the aswMBR scan and I'll take a look and see if we should send you to the techs.
  • 0

#42
AZCMer
Posted 15 July 2011 - 11:59 AM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I am very grateful for this forum and for your help. My system was in sad, sad shape and now it is coming back. Thank you.

The only problems I've experienced so far are the inability to go into safe mode and to get into BIOS.

I haven't tried going into safe mode through msconfig mostly because at the time I was considering it, my system was infected and I was running on a temporary desktop. Still, I'm not sure about it. What would happen if I couldn't stop booting into safe mode?

I've been reading about BIOS and I'm not finding any information out there about other ways to get into BIOS. I have read, however, that perhaps BIOS could be updated. Can one update BIOS without having to be in BIOS to do it?

Another thing I was thinking about is that perhaps my boot sequence has changed because of the malware that has been on my computer. Maybe that is why I cannot do these things. After all, I do not see the splash screen when I boot up my pc.

I'll keep experimenting with my computer to see if there is anything else I ought to be able to do but can't. If I find anything, I'll just post here.

Edit: I went into msconfig and under the boot tab, I check OS boot information thinking that this would put up system information while booting. Though I did see some screen flashes, my monitor screen remained black.

Edit: I read somewhere that hitting the Esc key during startup forces the computer to automatically slip into F2 mode. I tried this and this does not work on my system.

aswMBR log:

aswMBR version 0.9.7.747 Copyright© 2011 AVAST Software
Run date: 2011-07-14 18:54:04
-----------------------------
18:54:04.821 OS Version: Windows x64 6.1.7601 Service Pack 1
18:54:04.822 Number of processors: 2 586 0x502
18:54:04.823 ComputerName: FAMILYCOMPUTER UserName:
18:54:06.904 Initialize success
18:54:43.216 AVAST engine defs: 11071401
18:59:06.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
18:59:07.001 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
18:59:09.020 Disk 0 MBR read successfully
18:59:09.022 Disk 0 MBR scan
18:59:09.027 Disk 0 Windows 7 default MBR code
18:59:09.030 Service scanning
18:59:10.007 Disk 0 trace - called modules:
18:59:10.011 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
18:59:10.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005a54060]
18:59:10.017 3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> [0xfffffa80058c23e0]
18:59:10.020 5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\00000062[0xfffffa80058c2600]
18:59:11.678 AVAST engine scan C:\Windows
21:07:26.957 AVAST engine scan C:\Users\The Reeve Family
03:58:48.259 AVAST engine scan C:\ProgramData
04:49:42.349 Scan finished successfully
10:43:06.992 Disk 0 MBR has been saved successfully to "C:\Users\The Reeve Family\Desktop\MBR.dat"
10:43:06.992 The log file has been saved successfully to "C:\Users\The Reeve Family\Desktop\aswMBR071511.txt"

Edited by AZCMer, 15 July 2011 - 02:04 PM.

  • 0

#43
Cold Titanium
Posted 15 July 2011 - 01:59 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hold off messing with MSConfig please. I'll let a techie look at you for those issues.

Could you zip up MBR.dat and send it to me in a pm?

After that go post in the hardware forum like my last instructions stated. Once the techs clear you, return here and I will finish cleaning you up.
  • 0

#44
AZCMer
Posted 15 July 2011 - 02:23 PM

AZCMer

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
I could, however, attach the zipped version of mbr.dat here. Would that be okay?

Attached Files

  • Attached File  MBR.zip   573bytes   175 downloads

  • 0

#45
Cold Titanium
Posted 15 July 2011 - 06:14 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Ok thanks, go ahead and let the techies take a look at you then return here please :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP