Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Privacy Protection & System Restore Virus [Solved]

Started by Stv73 , Nov 08 2011 06:44 PM

  • This topic is locked This topic is locked

#31
Essexboy
Posted 01 December 2011 - 01:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - re-reading the post I noticed that we failed to get some analysis done due to the boot problem

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Please download GetPartitions from the link bellow. You must right click on the link and choose Save as.... Save it as GetPartitions.bat on your desktop

getpartitions.bat

Double click it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
It will produce C:\DiskReport.txt log please post results from that log here to me.

FINALLY

Could you produce a fresh OTL scan log for me
  • 0

Advertisements

#32
Stv73
Posted 02 December 2011 - 01:11 AM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Got hit with a blue screen during the aswMBR scan. It mentioned something about critical processes attempting to be altered and thus Windows needed to shut down in order to prevent damage from occurring (something along those lines, walked in at the last second).

Windows started back up normally without problems.
  • 0

#33
Essexboy
Posted 02 December 2011 - 11:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that gives me a clue, so I would like you to do two things for me please

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your next post

THEN

Please download GetPartitions from the link below on your desktop

getpartitions.exe

Double click to run it
It will produce C:\DiskReport.txt log please post results from that log here to me.
  • 0

#34
Stv73
Posted 03 December 2011 - 12:24 AM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here's the disk report. I'll find a place to upload the image of Disk Management, though it does look exactly like the Disk Report. Here it is so far:

Microsoft DiskPart version 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
On computer: HONOR

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System
Volume 2 C ACER NTFS Partition 452 GB Healthy Boot
Volume 3 PQSERVICE NTFS Partition 12 GB Healthy Hidden


  • 0

#35
Stv73
Posted 03 December 2011 - 02:54 AM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
And here's the Disk Management screenshot. It's hosted on a temporary 24-hour image hosting slot, so if it poofs by the time you see it let me know.

Posted Image
  • 0

#36
Essexboy
Posted 03 December 2011 - 06:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see the infection - please read this carefully three or four times as it is a complex procedure, printing this post may be a good idea

Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows 7 64-Bit (x64) Recovery Environment

Create a bootable CD, 1 for Gparted and 1 for the Windows 7 Recovery Enviroment, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below
Posted Image
According to your logs, the partition that you want to delete is 1MB
[attachment=54136:Capture.JPG]
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows 7 Recovery Environment CD and execute the following commands:

  • bootrec /FixMbr
  • bootrec /FixBoot
  • exit

Once back in Windows.

If you are unable to get to windows then run the recovery disc again and select this option:

Startup Repair

Download MBRCheck.exe to your desktop.
[list][*]Be sure to disable your security programs
[*]Double click on the file to run it (Confirm the UAC prompt)
[*]A window will open on your desktop
[*]if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
[*]If nothing unusual is found just press Enter
[*]A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • 0

#37
Stv73
Posted 03 December 2011 - 05:14 PM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Do I have to select reboot while exiting Gparted? Or can I just shut down and then boot from the Windows Recovery CD? Because I'm just not sure if I can swap the CDs quick enough during a reboot.
  • 0

#38
Essexboy
Posted 03 December 2011 - 05:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Go for a reboot initially - If the system fails to boot then run the recovery cd options
  • 0

#39
Stv73
Posted 04 December 2011 - 01:13 AM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
DONE!!!

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 7551
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 233):
0x02256000 \SystemRoot\system32\ntoskrnl.exe
0x0220D000 \SystemRoot\system32\hal.dll
0x020A8000 \SystemRoot\system32\kdcom.dll
0x00CAA000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB7000 \SystemRoot\system32\PSHED.dll
0x00CCB000 \SystemRoot\system32\CLFS.SYS
0x00D29000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE9000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDE000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F35000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3E000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F48000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F7B000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F88000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E5C000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E63000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E73000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E8D000 \SystemRoot\System32\drivers\nipbcfk.sys
0x00E95000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E9E000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00EC8000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00ED3000 \SystemRoot\system32\drivers\amdxata.sys
0x010FE000 \SystemRoot\system32\drivers\fltmgr.sys
0x0114A000 \SystemRoot\system32\drivers\fileinfo.sys
0x0115E000 \SystemRoot\system32\drivers\mfehidk.sys
0x01251000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0105E000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0140F000 \SystemRoot\system32\drivers\ndis.sys
0x01501000 \SystemRoot\system32\drivers\NETIO.SYS
0x01561000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01600000 \SystemRoot\System32\drivers\tcpip.sys
0x0158C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x018C5000 \SystemRoot\system32\drivers\mfewfpk.sys
0x01909000 \SystemRoot\system32\drivers\TDI.SYS
0x01916000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01962000 \SystemRoot\System32\Drivers\spldr.sys
0x0196A000 \SystemRoot\System32\drivers\rdyboost.sys
0x01A8A000 \SystemRoot\System32\drivers\nipalk.sys
0x01B71000 \SystemRoot\System32\Drivers\mup.sys
0x01B83000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B8C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01BC6000 \SystemRoot\system32\DRIVERS\disk.sys
0x01A00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01A30000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x019A4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01A70000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x01A79000 \SystemRoot\System32\Drivers\Null.SYS
0x01A82000 \SystemRoot\System32\Drivers\Beep.SYS
0x01BDC000 \SystemRoot\System32\drivers\vga.sys
0x019CE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01BEA000 \SystemRoot\System32\drivers\watchdog.sys
0x019F3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01800000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01809000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01812000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0181D000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0182E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0184C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x028A8000 \SystemRoot\system32\drivers\afd.sys
0x02931000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x0293C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02945000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0296B000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02981000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x02992000 \SystemRoot\system32\DRIVERS\netbios.sys
0x029A1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x029BC000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x029C8000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x02800000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02814000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02865000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02871000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x02884000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x0288C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02897000 \SystemRoot\System32\drivers\discache.sys
0x01891000 \SystemRoot\System32\Drivers\dfsc.sys
0x018AF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x015D6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x01235000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x00FC7000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x03070000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x036DF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03000000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03046000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02E6A000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x038A1000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x03B90000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x03B9D000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x03BA5000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x03BAD000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03800000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03856000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x03863000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03874000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03879000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03BB8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03BC7000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x02EBB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03BD2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03BD4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03BE3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03BEC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03BFC000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x02F08000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x03897000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02F21000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F37000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02F5B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02F67000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02F96000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FB1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x02FD2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02E00000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x02E25000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x02E4E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03E67000 \SystemRoot\system32\DRIVERS\ks.sys
0x03EAA000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03EBC000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x03EC4000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x03ECE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03F28000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03F35000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x03F3D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03F52000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x03F74000 \SystemRoot\system32\drivers\portcls.sys
0x03FB1000 \SystemRoot\system32\drivers\drmk.sys
0x03FD3000 \SystemRoot\system32\drivers\ksthunk.sys
0x04697000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x048B9000 \SystemRoot\system32\drivers\mfeavfk.sys
0x048E6000 \SystemRoot\system32\drivers\mfefirek.sys
0x04950000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x0496D000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x0499B000 \SystemRoot\System32\drivers\Dxapi.sys
0x049A7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004A0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x04600000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00810000 \SystemRoot\System32\ATMFD.DLL
0x04654000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04662000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0466E000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04679000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x049B5000 \SystemRoot\system32\drivers\luafv.sys
0x049D8000 \SystemRoot\system32\drivers\WudfPf.sys
0x03FD9000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x03FE9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02E50000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06605000 \SystemRoot\system32\drivers\HTTP.sys
0x066CD000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x066D7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x066F5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0670D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0673A000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06788000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x067AB000 \??\C:\Windows\system32\drivers\hcmon.sys
0x067B7000 \??\C:\Windows\system32\drivers\vmci.sys
0x06AFA000 \??\C:\Windows\system32\drivers\vmx86.sys
0x06BD0000 \??\C:\Windows\system32\drivers\nipxirmkl.sys
0x06BD6000 \??\C:\Windows\system32\drivers\nipxirmk.dll
0x06A00000 \??\C:\Windows\system32\drivers\niorbk.dll
0x06A12000 \??\C:\Windows\system32\drivers\nimdbgk.dll
0x06A5B000 \??\C:\Windows\system32\drivers\nidimk.dll
0x06AA5000 \??\C:\Windows\system32\drivers\nidimkl.sys
0x06AAB000 \??\C:\Windows\system32\drivers\nimdbgkl.sys
0x06AB1000 \??\C:\Windows\system32\drivers\nimstskl.sys
0x06AB7000 \??\C:\Windows\system32\drivers\nimstsk.dll
0x06AD5000 \??\C:\Windows\system32\drivers\nimxdfkl.sys
0x08CCA000 \??\C:\Windows\system32\drivers\nimxdfk.dll
0x08D39000 \SystemRoot\System32\drivers\NiViPxiKl.sys
0x08D3F000 \SystemRoot\System32\drivers\NiViPxiK.sys
0x08C00000 \SystemRoot\system32\drivers\peauth.sys
0x08CA6000 \??\C:\Windows\system32\drivers\nimru2kl.sys
0x08D4D000 \??\C:\Windows\system32\drivers\nimru2k.dll
0x08DBD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x067CF000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x08CAC000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08DC8000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x08DE7000 \??\C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
0x09484000 \SystemRoot\System32\DRIVERS\srv2.sys
0x094EB000 \SystemRoot\system32\drivers\mfeapfk.sys
0x09507000 \SystemRoot\System32\DRIVERS\srv.sys
0x09400000 \SystemRoot\system32\drivers\spsys.sys
0x771F0000 \Windows\System32\ntdll.dll
0x48480000 \Windows\System32\smss.exe
0xFF510000 \Windows\System32\apisetschema.dll
0xFFE40000 \Windows\System32\autochk.exe
0xFF4B0000 \Windows\System32\ws2_32.dll
0xFF3D0000 \Windows\System32\oleaut32.dll
0xFE640000 \Windows\System32\shell32.dll
0x76FE0000 \Windows\System32\iertutil.dll
0x773C0000 \Windows\System32\normaliz.dll
0xFE630000 \Windows\System32\nsi.dll
0xFE5E0000 \Windows\System32\Wldap32.dll
0xFE5C0000 \Windows\System32\imagehlp.dll
0xFE540000 \Windows\System32\difxapi.dll
0x76E90000 \Windows\System32\urlmon.dll
0xFE330000 \Windows\System32\ole32.dll
0xFE310000 \Windows\System32\sechost.dll
0xFE270000 \Windows\System32\msvcrt.dll
0x76D30000 \Windows\System32\wininet.dll
0xFE260000 \Windows\System32\lpk.dll
0xFE190000 \Windows\System32\usp10.dll
0xFE120000 \Windows\System32\gdi32.dll
0xFDFF0000 \Windows\System32\rpcrt4.dll
0xFDEE0000 \Windows\System32\msctf.dll
0xFDE40000 \Windows\System32\clbcatq.dll
0x773B0000 \Windows\System32\psapi.dll
0x76C30000 \Windows\System32\user32.dll
0xFDDA0000 \Windows\System32\comdlg32.dll
0xFDBC0000 \Windows\System32\setupapi.dll
0xFDB40000 \Windows\System32\shlwapi.dll
0xFDB10000 \Windows\System32\imm32.dll
0xFDA30000 \Windows\System32\advapi32.dll
0x76B10000 \Windows\System32\kernel32.dll
0xFDA10000 \Windows\System32\devobj.dll
0xFD9A0000 \Windows\System32\KernelBase.dll
0xFD960000 \Windows\System32\wintrust.dll
0xFD920000 \Windows\System32\cfgmgr32.dll
0xFD880000 \Windows\System32\comctl32.dll
0xFD710000 \Windows\System32\crypt32.dll
0xFD700000 \Windows\System32\msasn1.dll

Processes (total 113):
0 System Idle Process
4 System
308 C:\Windows\System32\smss.exe
548 csrss.exe
612 C:\Windows\System32\wininit.exe
648 csrss.exe
672 C:\Windows\System32\services.exe
716 C:\Windows\System32\winlogon.exe
728 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
844 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\atiesrxx.exe
336 C:\Windows\System32\svchost.exe
364 C:\Windows\System32\svchost.exe
560 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\audiodg.exe
1056 C:\Windows\System32\svchost.exe
1192 C:\Program Files\Tablet\Pen\Pen_TouchService.exe
1340 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\atieclxx.exe
1436 C:\Windows\System32\wlanext.exe
1444 C:\Windows\System32\conhost.exe
1492 C:\Windows\System32\wisptis.exe
1512 C:\Windows\System32\spoolsv.exe
1572 C:\Windows\System32\svchost.exe
1796 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1996 C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
2020 C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
1044 C:\Windows\SysWOW64\lkads.exe
1220 C:\Windows\SysWOW64\lktsrv.exe
1368 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
1640 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
2084 C:\Windows\System32\taskhost.exe
2180 C:\Windows\System32\dwm.exe
2220 C:\Windows\System32\wisptis.exe
2236 C:\Windows\System32\taskeng.exe
2268 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2316 C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
2388 C:\Windows\explorer.exe
2424 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
2680 C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
2696 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2708 C:\Windows\PLFSetI.exe
2716 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2724 C:\Windows\System32\rundll32.exe
2732 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
2740 C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
2748 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2816 C:\Program Files (x86)\AIM\aim.exe
2904 C:\Program Files\Windows Sidebar\sidebar.exe
2980 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2636 C:\Windows\SysWOW64\rundll32.exe
2092 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
1740 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3084 C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
3100 C:\Program Files (x86)\Launch Manager\LManager.exe
3144 C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
3164 C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
3180 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3188 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3304 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3528 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
3540 C:\Program Files (x86)\Launch Manager\LMworker.exe
3588 C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
3632 C:\Windows\SysWOW64\nipalsm.exe
3652 nipalsm.exe
3672 C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
3704 C:\Windows\SysWOW64\nisvcloc.exe
3864 C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
3972 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
4008 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
4056 C:\Windows\SysWOW64\PnkBstrA.exe
4080 C:\Windows\SysWOW64\PnkBstrB.exe
3120 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2400 C:\Windows\System32\svchost.exe
3472 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
3956 C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
3068 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
4172 C:\Windows\SysWOW64\vmnat.exe
4236 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
4324 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
4392 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
4424 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
4464 C:\Windows\SysWOW64\nipalsm.exe
4504 C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
4528 C:\Program Files\Tablet\Pen\Pen_Tablet.exe
4644 C:\Windows\SysWOW64\vmnetdhcp.exe
4728 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
5028 C:\Windows\System32\wbem\unsecapp.exe
2128 WmiPrvSE.exe
4028 WmiPrvSE.exe
1700 C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
5152 C:\Windows\System32\svchost.exe
5196 C:\Windows\System32\SearchIndexer.exe
5684 C:\Windows\System32\svchost.exe
5932 C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
6000 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2216 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3500 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5144 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
6072 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2448 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5896 C:\Windows\System32\sppsvc.exe
3436 C:\Windows\System32\svchost.exe
4816 C:\Program Files\Windows Media Player\wmpnetwk.exe
1868 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
800 C:\Windows\System32\SearchProtocolHost.exe
3828 C:\Windows\System32\SearchFilterHost.exe
4244 C:\Windows\servicing\TrustedInstaller.exe
5416 C:\Windows\System32\wuauclt.exe
3152 C:\Users\Steve\Desktop\MBRCheck.exe
5372 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`32d00000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000003`2c900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


  • 0

#40
Stv73
Posted 04 December 2011 - 01:26 AM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
At this point, I am no longer getting Google redirects!

Here are some notes regarding the procedure..

1. In GParted, the 1 MB partition was marked as hidden and also had an exclamation icon next to it.

2. Boot up didn't work, so I ran the recovery CD. It was actually a Vista CD, and it asked to install Windows, but I went into Repair instead. There it gave me the option to repair startup and reboot. There was never an option or a console where I could have entered those commands you offered in the first recovery option.

3. My startup splash screen changed.. it actually is a Vista splash screen now (the green progress bar) instead of the Windows 7 graphical one. I have no problem with that, I'm just letting you know in case that is significant.

4. Windows boot up normally after the recovery CD and everything looked fine so far. Also like I said before, I tried Google and got no redirects this time.

For now the affected PC is shut down... continuing to avoid using it until everything is clear.
  • 0

Advertisements

#41
Essexboy
Posted 04 December 2011 - 05:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The splash is because you used a VIsta repair CD .. You could create your own windows 7 one (if the manufacturer of the computer enabled it )

Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. .
  • You now have a Windows 7 System Repair Disc.

Thanks for the note on it now being hidden

Could you run a final OTL scan for me please and let me know how the computer is behaving
  • 0

#42
Stv73
Posted 04 December 2011 - 07:14 PM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Thank you for the instructions to restore the splash screen. I actually don't mind the Vista splash, but the instructions are good to have.

Here's my latest OTL scan.

OTL logfile created on: 12/4/2011 8:00:26 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 68.00% Memory free
7.99 Gb Paging File | 6.54 Gb Available in Paging File | 81.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 198.42 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.87 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: HONOR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 12:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 18:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/04 00:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/04 00:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 13:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/24 20:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 20:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008/12/30 10:19:14 | 000,109,136 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
PRC - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/11 12:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 12:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/08 19:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/10/13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/08/24 13:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/08/24 13:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/03/29 11:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/02/05 22:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/28 18:13:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/13 03:57:13 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 13:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/26 10:49:18 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/10/31 13:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (ni488enumsvc)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/11 12:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 12:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 12:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 12:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 11:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 09:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 09:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/24 13:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/08/24 13:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/24 13:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/07/12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 19:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/29 11:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 10:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 09:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/21 12:58:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2009/06/21 12:58:06 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/17 14:26:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2009/06/17 10:35:48 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2009/06/17 00:15:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2009/06/16 23:05:24 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2009/06/14 14:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:02:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/28 21:16:50 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2009/05/28 21:16:44 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2009/05/28 21:15:32 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2009/05/28 21:14:48 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2009/05/28 21:13:54 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2009/05/28 21:11:18 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2009/05/28 21:11:12 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2009/05/28 21:11:06 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2009/05/26 19:35:44 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2009/05/26 19:34:42 | 000,883,288 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2009/05/26 19:33:28 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/01 14:31:02 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2009/04/01 14:16:54 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2009/03/30 12:59:00 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2009/03/30 12:58:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2009/03/05 15:16:10 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2009/02/05 21:32:20 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2009/02/05 21:32:16 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2009/01/05 08:28:30 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2009/01/05 08:28:28 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2009/01/02 16:54:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2009/01/02 16:40:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2009/01/02 16:37:02 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2009/01/02 16:02:10 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2008/12/29 17:24:58 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2008/12/29 17:17:34 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2008/12/05 15:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/11/24 00:41:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2008/10/21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/08/21 20:04:58 | 000,016,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2008/07/28 14:08:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2008/06/25 11:02:26 | 000,022,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2008/06/13 13:51:10 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2008/06/13 13:50:42 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2008/06/13 13:49:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2007/03/15 14:05:04 | 000,032,768 | ---- | M] (BIOPAC Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mp35usb.sys -- (MP35USB)
DRV:64bit: - [2007/02/26 11:40:46 | 000,017,696 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni488lock.sys -- (ni488lock)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/10/18 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/13 23:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 22:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/07 15:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/01 20:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ikq4y6cr.default\extensions
[2011/12/01 01:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/09 00:06:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/22 15:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 23:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/21 16:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/07 04:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/01 01:03:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/13 23:10:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/09/30 15:21:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 17:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/06/23 18:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/09/17 01:26:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/28 19:50:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3B00ED-3938-4F4E-AD76-8ED6004628A2}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 05:05:14 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/03 01:19:24 | 000,080,896 | ---- | C] (maliprog) -- C:\Users\Steve\Desktop\getpartitions.exe
[2011/12/02 01:22:17 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR(1).exe
[2011/12/01 01:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/28 19:50:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/28 18:58:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/28 18:58:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/28 18:58:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/28 18:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 18:57:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/28 18:56:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 18:17:32 | 004,310,219 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2011/11/27 04:04:47 | 000,000,000 | ---D | C] -- C:\found.000
[2011/11/27 03:45:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 22:57:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2011/11/08 19:16:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/11/08 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/08 01:01:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2011/11/08 01:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 01:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011/11/07 16:27:58 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/05 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\mlclass-ex1
[2010/05/13 07:18:52 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

========== Files - Modified Within 30 Days ==========

[2011/12/04 20:05:43 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 20:05:43 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 19:59:07 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/12/04 19:58:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/04 19:57:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/04 19:57:42 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/04 02:10:42 | 000,080,384 | ---- | M] () -- C:\Users\Steve\Desktop\MBRCheck.exe
[2011/12/04 02:08:15 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/03 01:19:24 | 000,080,896 | ---- | M] (maliprog) -- C:\Users\Steve\Desktop\getpartitions.exe
[2011/12/02 01:57:51 | 687,479,518 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/02 01:22:49 | 000,000,131 | ---- | M] () -- C:\Users\Steve\Desktop\getpartitions.bat
[2011/12/02 01:22:25 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR(1).exe
[2011/11/30 18:42:22 | 000,389,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/28 19:50:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/28 18:17:40 | 004,310,219 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2011/11/27 04:12:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\dYp1AeS3R.dat
[2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/11/08 16:09:59 | 001,008,092 | ---- | M] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | M] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 05:43:26 | 000,888,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 05:43:26 | 000,737,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 05:43:26 | 000,151,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 01:00:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/11/07 16:27:58 | 001,563,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
[2011/11/06 02:00:34 | 000,000,727 | ---- | M] () -- C:\Users\Steve\.octave_hist
[2011/11/06 01:55:37 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2011/11/05 20:29:59 | 000,517,350 | ---- | M] () -- C:\Users\Steve\Desktop\ex1.pdf
[2011/11/05 01:46:16 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

========== Files Created - No Company Name ==========

[2011/12/04 02:10:41 | 000,080,384 | ---- | C] () -- C:\Users\Steve\Desktop\MBRCheck.exe
[2011/12/02 01:22:49 | 000,000,131 | ---- | C] () -- C:\Users\Steve\Desktop\getpartitions.bat
[2011/11/28 18:58:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 18:58:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 18:58:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 18:58:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 18:58:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/27 04:12:38 | 000,000,000 | ---- | C] () -- C:\ProgramData\dYp1AeS3R.dat
[2011/11/13 22:58:21 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/13 22:58:21 | 000,002,622 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/11/13 22:58:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/13 22:58:21 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Vanguard.lnk
[2011/11/13 22:58:21 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/13 22:58:20 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/11/13 22:58:20 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2011/11/13 22:58:20 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\BSL Lessons 3.7.lnk
[2011/11/13 22:58:20 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\BSL PRO 3.7 .lnk
[2011/11/13 22:58:20 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/11/13 22:58:20 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2011/11/13 22:58:20 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/13 22:58:20 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/11/13 22:58:20 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/13 22:58:20 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Octave-3.2.4.lnk
[2011/11/13 22:58:20 | 000,001,323 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/11/13 22:58:20 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/11/13 22:58:20 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 22:58:20 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2011/11/13 22:58:20 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/11/13 22:58:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2011/11/13 22:58:20 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk
[2011/11/13 22:58:19 | 000,002,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/13 22:58:19 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:58:19 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 22:58:19 | 000,001,422 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/13 22:58:19 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/13 22:58:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 22:58:19 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/13 22:58:19 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 22:58:19 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 22:58:18 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 22:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 22:58:15 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 8.5.lnk
[2011/11/13 22:58:13 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/13 22:58:13 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/13 22:58:13 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 22:58:11 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/11/13 22:58:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 22:58:10 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2011/11/13 22:58:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/13 22:58:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/13 22:58:05 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/08 16:18:39 | 001,008,092 | ---- | C] () -- C:\Users\Steve\Desktop\7k34v9.com.com
[2011/11/08 06:02:42 | 000,852,777 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | C] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 01:00:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/08 00:10:39 | 000,000,685 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/03/04 02:07:33 | 000,149,504 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2010/11/25 01:30:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/26 02:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/15 18:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nidmfpan.ini
[2010/09/17 13:34:48 | 000,000,069 | ---- | C] () -- C:\Windows\pxisys.ini
[2010/09/17 13:34:48 | 000,000,030 | ---- | C] () -- C:\Windows\pxiesys.ini
[2010/09/03 17:27:02 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/03 17:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/03 17:26:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/03 17:26:33 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/03 17:26:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/03 17:26:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/03 17:25:41 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/31 17:04:48 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2010/08/31 17:01:48 | 000,882,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/26 23:59:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/26 23:59:27 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/26 23:59:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/13 08:00:36 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/13 07:59:42 | 000,001,614 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/13 07:29:46 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/13 07:18:52 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/05/13 07:18:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/13 07:18:52 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/05/13 07:18:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/05/13 07:18:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/13 07:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/13 04:16:14 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/04/13 04:16:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/13 04:16:14 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/07 17:20:24 | 000,050,208 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2009/01/05 08:28:12 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
[2005/10/18 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys

========== LOP Check ==========

[2010/08/26 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\acccore
[2010/11/17 07:07:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2011/03/04 02:11:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CoffeeCup Software
[2011/06/28 21:10:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Elluminate
[2010/11/07 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\fltk.org
[2011/11/02 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2010/11/29 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\inkscape
[2011/05/25 01:06:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Notepad++
[2010/11/22 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2011/07/13 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Rift
[2011/04/24 01:00:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2010/10/26 02:11:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thunderbird
[2010/08/31 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Turbine
[2010/10/23 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wolfram Research
[2011/04/21 22:08:58 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 945 bytes -> C:\Users\Steve\Documents\Re Medical Imaging Related Course at NYU.eml:OECustomProperty

< End of report >


  • 0

#43
Stv73
Posted 04 December 2011 - 07:24 PM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Oh, also, there has been no strange behavior to note.
  • 0

#44
Essexboy
Posted 05 December 2011 - 12:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK tidying up time methinks - I will remove some strays and if you could then update and run Malwarebytes for any orphans. Once that is completed could you confirm that windows updates is working and you are happy :) :)

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    [2010/09/09 22:41:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/01 23:06:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/21 16:06:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/07/07 04:20:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/12/01 01:03:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
    [2011/12/03 01:19:24 | 000,080,896 | ---- | C] (maliprog) -- C:\Users\Steve\Desktop\getpartitions.exe
    [2011/12/02 01:22:17 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Steve\Desktop\aswMBR(1).exe
    [2011/11/08 17:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2011/11/07 16:27:58 | 001,563,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steve\Desktop\4634.com.exe
    [2011/12/04 02:10:42 | 000,080,384 | ---- | M] () -- C:\Users\Steve\Desktop\MBRCheck.exe
    [2011/11/27 04:12:38 | 000,000,000 | ---- | M] () -- C:\ProgramData\dYp1AeS3R.dat
    [2011/11/08 16:09:59 | 001,008,092 | ---- | M] () -- C:\Users\Steve\Desktop\7k34v9.com.com
    [2011/11/08 00:10:39 | 000,000,685 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
    [2011/11/08 00:10:39 | 000,000,685 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#45
Stv73
Posted 06 December 2011 - 03:45 AM

Stv73

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
All done. Also, Windows Update actually installed something during shut down when the system went to reboot during the OTL fix.

The OTL fix log:

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} folder moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
C:\Users\Steve\Desktop\getpartitions.exe moved successfully.
C:\Users\Steve\Desktop\aswMBR(1).exe moved successfully.
C:\ProgramData\Kaspersky Lab folder moved successfully.
C:\Users\Steve\Desktop\4634.com.exe moved successfully.
C:\Users\Steve\Desktop\MBRCheck.exe moved successfully.
C:\ProgramData\dYp1AeS3R.dat moved successfully.
C:\Users\Steve\Desktop\7k34v9.com.com moved successfully.
C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk moved successfully.
File C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Steve\Desktop\cmd.bat deleted successfully.
C:\Users\Steve\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steve
->Temp folder emptied: 65153438 bytes
->Temporary Internet Files folder emptied: 493023361 bytes
->Java cache emptied: 2023 bytes
->FireFox cache emptied: 45717121 bytes
->Flash cache emptied: 2714 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1668521 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 578.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_023516

Files\Folders moved on Reboot...
C:\Users\Steve\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP00000001B8F71AB65235DDC3 not found!

Registry entries deleted on Reboot...



The log of a FULL scan in MalwareBytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8320

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

12/6/2011 4:32:49 AM
mbam-log-2011-12-06 (04-32-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 544618
Time elapsed: 1 hour(s), 48 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And the final OTL Quick Scan log:

OTL logfile created on: 12/6/2011 4:34:41 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 54.99% Memory free
7.99 Gb Paging File | 6.13 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.97 Gb Total Space | 200.91 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 71.87 Mb Free Space | 71.87% Space Free | Partition Type: NTFS

Computer Name: HONOR | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2011/01/05 12:11:04 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AIM\aim.exe
PRC - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 12:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2010/03/08 18:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/03/04 00:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/04 00:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/02/01 13:05:02 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/24 20:45:16 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009/12/24 20:44:48 | 000,201,512 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
PRC - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
PRC - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
PRC - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nisvcloc.exe
PRC - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008/12/30 10:19:14 | 000,109,136 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
PRC - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\nipalsm.exe
PRC - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/01/05 12:06:43 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\AIM\nssckbi.dll
MOD - [2010/11/11 12:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/11/11 12:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/03/08 19:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2010/01/13 12:47:44 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/05/20 17:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 11:41:06 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/10/13 11:41:04 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/08/24 13:57:38 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/08/24 13:57:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/03/29 11:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/02/05 22:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/28 18:13:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/11/11 12:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 12:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 12:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 11:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/26 23:59:51 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010/08/26 23:59:27 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/04/13 03:57:13 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 18:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/04 00:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/02/01 13:04:40 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/26 10:49:18 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009/06/18 06:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009/06/18 05:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
SRV - [2009/06/18 05:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
SRV - [2009/06/15 19:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/04 03:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/03/05 15:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008/10/31 13:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nipxirmu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (nidevldu)
SRV - [2008/08/21 22:51:44 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\nipalsm.exe -- (ni488enumsvc)
SRV - [2008/06/20 14:46:24 | 000,607,848 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2007/05/09 14:34:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Opcenum.exe -- (OpcEnum)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 16:21:12 | 000,156,080 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010/11/11 12:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 12:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 12:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 12:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 11:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 09:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 09:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/24 13:57:38 | 000,529,000 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,441,072 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/08/24 13:57:38 | 000,283,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,094,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/08/24 13:57:38 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/08/24 13:57:38 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/07/12 13:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/04/14 00:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/01 19:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/03/29 11:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 10:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/09 09:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/01 21:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/10/16 05:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/09/17 23:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/21 12:58:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2009/06/21 12:58:06 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2009/06/19 21:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/17 14:26:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidsarkl.sys -- (nidsark)
DRV:64bit: - [2009/06/17 10:35:48 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1045kl.sys -- (ni1045k)
DRV:64bit: - [2009/06/17 00:15:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidmxfkl.sys -- (nidmxfk)
DRV:64bit: - [2009/06/16 23:05:24 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimxpkl.sys -- (nimxpk)
DRV:64bit: - [2009/06/14 14:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 16:02:22 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\nipxirmkl.sys -- (nipxirmk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/28 21:16:50 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niwfrkl.sys -- (niwfrk)
DRV:64bit: - [2009/05/28 21:16:44 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nissrkl.sys -- (nissrk)
DRV:64bit: - [2009/05/28 21:15:32 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niesrkl.sys -- (niesrk)
DRV:64bit: - [2009/05/28 21:14:48 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nixsrkl.sys -- (nixsrk)
DRV:64bit: - [2009/05/28 21:13:54 | 000,011,880 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niufurkl.sys -- (niufurk)
DRV:64bit: - [2009/05/28 21:11:18 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkl.sys -- (niemrk)
DRV:64bit: - [2009/05/28 21:11:12 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicsrkl.sys -- (nicsrk)
DRV:64bit: - [2009/05/28 21:11:06 | 000,011,336 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niemrkw.sys -- (niemrkw)
DRV:64bit: - [2009/05/26 19:35:44 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2009/05/26 19:34:42 | 000,883,288 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2009/05/26 19:33:28 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/01 14:31:02 | 000,026,704 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1065k.sys -- (ni1065k)
DRV:64bit: - [2009/04/01 14:16:54 | 000,030,800 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni1006k.sys -- (ni1006k)
DRV:64bit: - [2009/03/30 12:59:00 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisftkl.sys -- (nisftk)
DRV:64bit: - [2009/03/30 12:58:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ninshsdkl.sys -- (ninshsdk)
DRV:64bit: - [2009/03/05 15:16:10 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2009/02/05 21:32:20 | 000,011,312 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb6xxxkw.sys -- (usb6xxxkw)
DRV:64bit: - [2009/02/05 21:32:16 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nisdigkl.sys -- (nisdigk)
DRV:64bit: - [2009/01/05 08:28:30 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nispdkl.sys -- (nispdk)
DRV:64bit: - [2009/01/05 08:28:28 | 000,011,888 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niscdkl.sys -- (niscdk)
DRV:64bit: - [2009/01/02 16:54:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nitiorkl.sys -- (nitiork)
DRV:64bit: - [2009/01/02 16:40:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistcrkl.sys -- (nistcrk)
DRV:64bit: - [2009/01/02 16:37:02 | 000,011,824 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nistc2kl.sys -- (nistc2k)
DRV:64bit: - [2009/01/02 16:02:10 | 000,011,864 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nicdrkl.sys -- (nicdrk)
DRV:64bit: - [2008/12/29 17:24:58 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nimsdrkl.sys -- (nimsdrk)
DRV:64bit: - [2008/12/29 17:17:34 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimstskl.sys -- (nimstsk)
DRV:64bit: - [2008/12/05 15:21:30 | 000,025,224 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvalarmk.sys -- (lvalarmk)
DRV:64bit: - [2008/11/24 00:41:54 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimru2kl.sys -- (nimru2k)
DRV:64bit: - [2008/10/21 08:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 08:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 08:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 08:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 08:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 08:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/08/21 20:04:58 | 000,016,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2008/07/28 14:08:00 | 000,011,848 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niswdkl.sys -- (niswdk)
DRV:64bit: - [2008/06/25 11:02:26 | 000,022,104 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipxigpk.sys -- (nipxigpk)
DRV:64bit: - [2008/06/13 13:51:10 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2008/06/13 13:50:42 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimxdfkl.sys -- (nimxdfk)
DRV:64bit: - [2008/06/13 13:49:08 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nimdbgkl.sys -- (nimdbgk)
DRV:64bit: - [2007/03/15 14:05:04 | 000,032,768 | ---- | M] (BIOPAC Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mp35usb.sys -- (MP35USB)
DRV:64bit: - [2007/02/26 11:40:46 | 000,017,696 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ni488lock.sys -- (ni488lock)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/10/18 09:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...48z155t4551o616
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Steve\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/13 23:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 15:21:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/08 22:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/07 15:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2010/10/26 02:11:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/09/01 20:03:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\ikq4y6cr.default\extensions
[2011/12/06 02:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/09 00:06:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/22 15:04:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/11/13 23:10:11 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/09/30 15:21:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 13:57:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2006/01/23 09:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV80Win32.dll
[2007/02/08 09:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\NPLV82Win32.dll
[2007/07/24 17:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv85win32.dll
[2008/12/10 13:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/06/23 18:40:40 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/09/17 01:26:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/11/28 19:50:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100916195647.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands64.dll (Wolfram Research, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Wolfram Toolbar) - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll (Wolfram Research, Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [niDevMon] C:\Program Files (x86)\National Instruments\NI-DAQ\HWConfig\nidevmon.exe (National Instruments Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3B00ED-3938-4F4E-AD76-8ED6004628A2}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 05:05:14 | 000,000,000 | -HSD | C] -- C:\Boot
[2011/12/01 01:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/11/28 19:50:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/11/28 18:58:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/28 18:58:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/28 18:58:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/28 18:57:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 18:57:08 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/28 18:56:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 18:17:32 | 004,310,219 | R--- | C] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2011/11/27 04:04:47 | 000,000,000 | ---D | C] -- C:\found.000
[2011/11/27 03:45:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/13 22:57:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\RK_Quarantine
[2011/11/08 19:16:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/11/08 01:01:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2011/11/08 01:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 01:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 01:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/08 00:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010/05/13 07:18:52 | 000,049,464 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe

========== Files - Modified Within 30 Days ==========

[2011/12/06 04:07:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 03:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 02:48:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 02:48:10 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 02:40:51 | 000,000,105 | ---- | M] () -- C:\Windows\Brownie.ini
[2011/12/06 02:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 02:39:43 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 01:57:51 | 687,479,518 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/02 01:22:49 | 000,000,131 | ---- | M] () -- C:\Users\Steve\Desktop\getpartitions.bat
[2011/11/30 18:42:22 | 000,389,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/28 19:50:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/28 18:17:40 | 004,310,219 | R--- | M] (Swearware) -- C:\Users\Steve\Desktop\ComboFix.exe
[2011/11/08 19:16:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2011/11/08 06:02:42 | 000,852,777 | ---- | M] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | M] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | M] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | M] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 05:43:26 | 000,888,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 05:43:26 | 000,737,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 05:43:26 | 000,151,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/08 01:00:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/12/02 01:22:49 | 000,000,131 | ---- | C] () -- C:\Users\Steve\Desktop\getpartitions.bat
[2011/11/28 18:58:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 18:58:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 18:58:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 18:58:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 18:58:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/13 22:58:21 | 000,002,659 | ---- | C] () -- C:\Users\Public\Desktop\SmartFTP Client.lnk
[2011/11/13 22:58:21 | 000,002,622 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2011/11/13 22:58:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/13 22:58:21 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Vanguard.lnk
[2011/11/13 22:58:21 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/13 22:58:20 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2011/11/13 22:58:20 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk
[2011/11/13 22:58:20 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\BSL Lessons 3.7.lnk
[2011/11/13 22:58:20 | 000,002,312 | ---- | C] () -- C:\Users\Public\Desktop\BSL PRO 3.7 .lnk
[2011/11/13 22:58:20 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2011/11/13 22:58:20 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2011/11/13 22:58:20 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/13 22:58:20 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Play RIFT.lnk
[2011/11/13 22:58:20 | 000,001,832 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2011/11/13 22:58:20 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\Octave-3.2.4.lnk
[2011/11/13 22:58:20 | 000,001,323 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/11/13 22:58:20 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Works.lnk
[2011/11/13 22:58:20 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2011/11/13 22:58:20 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Measurement & Automation.lnk
[2011/11/13 22:58:20 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2011/11/13 22:58:20 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2011/11/13 22:58:20 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan Toolbox 4.9.lnk
[2011/11/13 22:58:19 | 000,002,450 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/11/13 22:58:19 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/11/13 22:58:19 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/11/13 22:58:19 | 000,001,422 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/11/13 22:58:19 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/11/13 22:58:19 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/11/13 22:58:19 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/11/13 22:58:19 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/11/13 22:58:19 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/11/13 22:58:18 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/11/13 22:58:17 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/11/13 22:58:15 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments LabVIEW 8.5.lnk
[2011/11/13 22:58:13 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011/11/13 22:58:13 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/11/13 22:58:13 | 000,001,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/13 22:58:11 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/11/13 22:58:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/11/13 22:58:10 | 000,001,035 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2011/11/13 22:58:06 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/11/13 22:58:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/11/13 22:58:05 | 000,001,011 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/11/08 06:02:42 | 000,852,777 | ---- | C] () -- C:\Users\Steve\AppData\Local\census.cache
[2011/11/08 06:02:22 | 000,079,198 | ---- | C] () -- C:\Users\Steve\AppData\Local\ars.cache
[2011/11/08 05:48:15 | 000,000,036 | ---- | C] () -- C:\Users\Steve\AppData\Local\housecall.guid.cache
[2011/11/08 05:44:36 | 000,001,464 | ---- | C] () -- C:\Users\Steve\Desktop\firefox - Shortcut.lnk
[2011/11/08 01:00:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/04 02:07:33 | 000,149,504 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\SharedSettings.ccs
[2010/11/25 01:30:35 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/10/26 02:11:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/15 18:07:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nidmfpan.ini
[2010/09/17 13:34:48 | 000,000,069 | ---- | C] () -- C:\Windows\pxisys.ini
[2010/09/17 13:34:48 | 000,000,030 | ---- | C] () -- C:\Windows\pxiesys.ini
[2010/09/03 17:27:02 | 000,000,152 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2010/09/03 17:27:02 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2010/09/03 17:26:34 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010/09/03 17:26:33 | 000,009,868 | ---- | C] () -- C:\Windows\HL-2170W.INI
[2010/09/03 17:26:27 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/09/03 17:26:27 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2010/09/03 17:25:41 | 000,000,105 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/08/31 17:04:48 | 000,000,093 | ---- | C] () -- C:\Users\Steve\AppData\Local\fusioncache.dat
[2010/08/31 17:01:48 | 000,882,898 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/26 23:59:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/08/26 23:59:27 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010/08/26 23:59:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/05/13 08:00:36 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/05/13 07:59:42 | 000,001,614 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/05/13 07:29:46 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/05/13 07:18:52 | 000,632,056 | ---- | C] () -- C:\Windows\Image.dll
[2010/05/13 07:18:52 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/13 07:18:52 | 000,025,848 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2010/05/13 07:18:52 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini
[2010/05/13 07:18:52 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/13 07:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/13 04:16:14 | 000,000,193 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/04/13 04:16:14 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/13 04:16:14 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 16:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 16:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 13:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\SysWow64\nirpc.ini
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/01/07 17:20:24 | 000,050,208 | ---- | C] () -- C:\Windows\SysWow64\nispdu.dll
[2009/01/05 08:28:12 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\niscdrau.dll
[2005/10/18 09:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\cvintdrv.sys

========== LOP Check ==========

[2010/08/26 07:10:22 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\acccore
[2010/11/17 07:07:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2011/03/04 02:11:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CoffeeCup Software
[2011/06/28 21:10:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Elluminate
[2010/11/07 01:52:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\fltk.org
[2011/11/02 02:00:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2010/11/29 23:41:30 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\inkscape
[2011/05/25 01:06:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Notepad++
[2010/11/22 15:38:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\OpenOffice.org
[2011/07/13 00:56:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Rift
[2011/04/24 01:00:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2010/10/26 02:11:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thunderbird
[2010/08/31 17:05:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Turbine
[2010/10/23 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wolfram Research
[2011/04/21 22:08:58 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 945 bytes -> C:\Users\Steve\Documents\Re Medical Imaging Related Course at NYU.eml:OECustomProperty

< End of report >


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP