[BeckyH]

the next to last one was before I turned something off you told me (windows search maybe?)

while looking in the area for the "beep" file there is not one listed...it just doesn't exist...so I'm gonna install and reboot as you said..
Can't uninstall download manager...it says it can't find a dll file...do you need the specific name?


I have no idea what an IIS is but I do have a database on my computer that was built for me that is managed through a web browser...would that be it?

also have no idea what an SQL server is...

[Advertisements]

SQL server is where the database lives so appears this is something you want but it claims it is not working. The webbrowser would be created using IIS so that's OK too.

Right click on Computer ans select Manage (continue) then Services and Applications then Services and see if you can find the SQL Server or Microsoft SQL Server service. Right click on it and select Properties then see if you can Start the service.

Run the Vino's Event Viewer as before so I can see what errors we are now getting.

Ron

[RKinner]

SQL server is where the database lives so appears this is something you want but it claims it is not working. The webbrowser would be created using IIS so that's OK too.

Right click on Computer ans select Manage (continue) then Services and Applications then Services and see if you can find the SQL Server or Microsoft SQL Server service. Right click on it and select Properties then see if you can Start the service.

Run the Vino's Event Viewer as before so I can see what errors we are now getting.

Ron

[BeckyH]

the database I only use at specific times (I have it based as the Opera homepage and when I open Opera, it starts right up, otherwise it isn't running until needed)


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 16/06/2011 7:08:33 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2011 11:03:21 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/06/2011 11:02:47 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 11:02:36 PM
Type: Error Category: 0
Event: 4321 Source: netbt
The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.100 did not allow the name to be claimed by this computer.

Log: 'System' Date/Time: 16/06/2011 11:01:56 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\System32\Drivers\Beep.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 16/06/2011 10:38:06 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.102 for the Network Card with network address 0021005E8662 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 16/06/2011 6:52:47 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 6:52:18 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/06/2011 6:43:06 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 6:41:35 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/06/2011 5:31:54 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/06/2011 5:31:54 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Log: 'System' Date/Time: 16/06/2011 5:30:30 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 16/06/2011 5:30:14 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 5:16:16 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

Log: 'System' Date/Time: 16/06/2011 5:16:16 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 16/06/2011 5:16:16 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.

Log: 'System' Date/Time: 16/06/2011 5:15:43 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2011 10:38:06 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 16/06/2011 10:38:03 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0021005E8662. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/06/2011 10:37:56 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0021005E8662. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/06/2011 6:50:03 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/06/2011 6:50:03 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 16/06/2011 6:39:17 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/06/2011 6:39:17 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Log: 'System' Date/Time: 16/06/2011 5:06:05 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 16/06/2011 5:06:05 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\bcmihvsrv64.dll

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 16/06/2011 7:11:04 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/06/2011 11:00:06 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1900 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 16/06/2011 6:50:01 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1880 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 16/06/2011 6:50:00 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 13 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000:
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\My
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\CA
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Policies\Microsoft\SystemCertificates
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Policies\Microsoft\SystemCertificates
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Policies\Microsoft\SystemCertificates
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\Root
Process 3296 (\Device\HarddiskVolume1\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000\Software\Microsoft\SystemCertificates\trust


Log: 'Application' Date/Time: 16/06/2011 6:39:14 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1980 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 16/06/2011 5:28:12 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1844 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


Log: 'Application' Date/Time: 16/06/2011 5:05:59 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-2902236165-3934322-1294904898-1000_Classes:
Process 1748 (\Device\HarddiskVolume1\WINDOWS\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2902236165-3934322-1294904898-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache


sorry you're sick...thats always a bummer...

[BeckyH]

also while trying to uninstall the adobe download manager it gives me this error
Error loading C:\Program Files(x86)\NOS\bin\getPlus_Helper_3004.dll
The specified module cannot be found

[RKinner]

Did you check in Device Manager to see if Beep is working now? IF not make sure the firle is still in C:\Windows\System32\drivers. I wouldnot be surprised to see that McAfee has decided it's a virus and is eating it.

Windows Live is causing some errors. If you are not a big user of it I would uninstall.

I'm also seeing this error
http://support.microsoft.com/kb/955560
but it will probably be fixed when you get SP2.

We can try to uninstall the AdobeDownload Manager:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"nosGetPlusHelper"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go and Combofix should start on its own.

Copy and paste the log you get. Also run ProcessExplorer again as before and post its log.

Ron

[BeckyH]

the beep file is still showing in the folder but its not showing in the plug and play thing...

ComboFix 11-06-16.01 - Owner 06/16/2011 22:53:46.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2470 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\userinit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 03:06 . 2011-06-17 03:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-16 12:37 . 2011-06-16 12:37 -------- d-----w- C:\_OTL
2011-06-15 22:21 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 22:21 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 22:19 . 2011-05-28 04:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 22:19 . 2011-05-28 04:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-15 21:54 . 2011-04-29 13:41 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 21:54 . 2011-04-29 13:40 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 21:54 . 2011-04-21 14:20 405504 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 21:53 . 2011-04-30 06:09 758784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:53 . 2011-04-30 06:22 1027584 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:52 . 2011-04-29 13:39 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 21:52 . 2011-04-29 13:39 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 21:52 . 2011-04-29 13:39 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 21:51 . 2011-05-18 13:56 2762752 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 21:50 . 2011-05-02 12:02 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-06-15 21:50 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 21:40 . 2011-04-14 15:14 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 21:40 . 2011-05-02 17:13 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 21:40 . 2011-05-02 17:16 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-14 13:10 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84847BE6-06F0-43A7-B3B1-837E9BA2ADCD}\mpengine.dll
2011-06-13 21:54 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-13 21:53 . 2011-06-13 21:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-12 20:33 . 2011-06-13 11:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2011-06-12 20:32 . 2011-06-16 13:15 -------- d-----w- c:\program files (x86)\Auslogics
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 10:57 . 2011-06-05 10:57 0 ---ha-w- c:\users\Owner\AppData\Local\BIT9645.tmp
2011-06-05 06:59 . 2011-03-13 15:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-04 22:42 . 2011-06-04 22:42 -------- d-----w- c:\users\Owner\AppData\Local\Knowledge Networks
2011-06-04 22:42 . 2011-06-04 22:42 -------- d-----w- c:\program files (x86)\Knowledge Networks
2011-05-26 22:34 . 2011-06-16 23:02 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBug
2011-05-26 22:34 . 2011-05-26 22:34 -------- d-----w- c:\users\Owner\AppData\Roaming\WeatherBug
2011-05-26 22:32 . 2011-05-26 22:32 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-05-26 22:32 . 2011-05-26 22:32 11264 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-05-26 22:32 . 2011-05-26 22:32 -------- d-----w- c:\program files (x86)\AWS
2011-05-25 21:01 . 2011-05-25 21:39 -------- d-----w- c:\users\Owner\AppData\Local\Nemex
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Mouse Recorder Pro
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\program files (x86)\Nemex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 22:46 . 2008-01-20 23:23 6144 ----a-w- c:\windows\system32\drivers\beep.sys
2011-05-29 13:11 . 2009-08-06 02:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 03:36 . 2011-05-15 03:36 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-16_13.48.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 23:27 . 2011-06-16 13:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-02 23:27 . 2011-06-17 02:43 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-02 23:27 . 2011-06-17 02:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 23:27 . 2011-06-16 13:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 23:27 . 2011-06-17 02:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-02 23:27 . 2011-06-16 13:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-06-05 01:36 72704 ----a-w- c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\pahelper_1502.2011.0310.1640.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"PanelApp"="c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe" [2010-04-15 31232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
c:\program files (x86)\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe [BU]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c99f87d3bc63b0;Google Update Service (gupdate1c99f87d3bc63b0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 cpuz135;cpuz135;c:\users\Owner\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PanelSvc;PanelSvc;c:\program files (x86)\Knowledge Networks\PanelApp\PanelSvc.exe [2010-04-15 91136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 158832]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 23:44]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 00:49]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 00:49]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 13:15]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 13:15]
.
2011-05-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2011-06-16 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-02-12 19:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-06-05 01:36 90624 ----a-w- c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\pahelper64_1502.2011.0310.1640.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 24.159.64.23 24.178.162.3 97.81.22.195
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-06-16 23:24:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-17 03:24
ComboFix2.txt 2011-06-16 13:55
.
Pre-Run: 100,673,921,024 bytes free
Post-Run: 100,654,104,576 bytes free
.
- - End Of File - - B9BFE1EBD5059568736E8A9FAB3CC9C4


and now the procep

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 77.38 0 K 24 K
WmiPrvSE.exe 4384 7.74 9,308 K 15,900 K
Interrupts n/a 6.19 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1696 3.10 36,952 K 33,496 K Desktop Window Manager Microsoft Corporation
procexp64.exe 3684 2.32 20,228 K 30,452 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 556 0.77 97,236 K 111,856 K Host Process for Windows Services Microsoft Corporation
lsass.exe 720 0.77 6,028 K 13,312 K Local Security Authority Process Microsoft Corporation
igfxsrvc.exe 4772 0.77 2,324 K 6,112 K igfxsrvc Module Intel Corporation
csrss.exe 640 0.77 3,796 K 10,360 K
ApMsgFwd.exe 4652 0.77 1,472 K 3,516 K
firefox.exe 4908 < 0.01 106,428 K 122,640 K Firefox Mozilla Corporation
plugin-container.exe 2548 < 0.01 23,760 K 31,060 K Plugin Container for Firefox Mozilla Corporation
PanelApp.exe 916 < 0.01 21,388 K 30,736 K
Weather.exe 3068 < 0.01 43,580 K 896 K AWS Convergence Technologies, Inc.
explorer.exe 1812 < 0.01 30,816 K 45,152 K Windows Explorer Microsoft Corporation
hkcmd.exe 3756 < 0.01 2,488 K 6,204 K hkcmd Module Intel Corporation
Apoint.exe 852 < 0.01 3,424 K 8,564 K Alps Pointing-device Driver Alps Electric Co., Ltd.
taskeng.exe 1916 < 0.01 11,020 K 13,828 K Task Scheduler Engine Microsoft Corporation
HPKBDAPP.exe 2484 < 0.01 7,160 K 7,848 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
wmpnscfg.exe 4620 2,508 K 6,820 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 4196 3,860 K 7,956 K
WLIDSVCM.EXE 2712 1,536 K 3,612 K
WLIDSVC.EXE 3036 8,500 K 15,836 K
wlanext.exe 1592 2,576 K 6,476 K
winlogon.exe 704 2,724 K 7,116 K
wininit.exe 628 1,728 K 5,044 K
ViewpointService.exe 2848 1,900 K 5,440 K ViewMgr Viewpoint Corporation
taskeng.exe 1784 2,740 K 7,608 K
System 4 0 K 35,188 K
svchost.exe 496 144,932 K 153,372 K Host Process for Windows Services Microsoft Corporation
svchost.exe 400 16,364 K 16,444 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1376 19,176 K 19,964 K Host Process for Windows Services Microsoft Corporation
svchost.exe 884 3,932 K 7,784 K Host Process for Windows Services Microsoft Corporation
svchost.exe 944 5,580 K 9,844 K Host Process for Windows Services Microsoft Corporation
svchost.exe 980 73,356 K 41,036 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1116 2,852 K 6,260 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1164 11,088 K 18,096 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1804 15,728 K 20,704 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2088 6,244 K 10,952 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2148 4,128 K 8,196 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2576 1,320 K 3,768 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2604 1,280 K 3,456 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2624 2,312 K 5,912 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2816 4,808 K 8,556 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2892 6,100 K 10,040 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2924 1,136 K 2,824 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3532 4,312 K 8,028 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4284 2,328 K 6,312 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 2680 9,004 K 17,424 K IDT PC Audio IDT, Inc.
stacsv64.exe 524 8,448 K 7,824 K IDT PC Audio IDT, Inc.
sqlwriter.exe 2780 4,300 K 8,708 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2348 44,952 K 2,432 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 2756 1,532 K 4,500 K SQL Browser Service EXE Microsoft Corporation
spoolsv.exe 1740 9,220 K 17,124 K Spooler SubSystem App Microsoft Corporation
smss.exe 516 480 K 984 K
SLsvc.exe 1140 8,540 K 13,076 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 676 3,428 K 8,372 K
SeaPort.exe 2720 5,576 K 9,740 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 4376 2,532 K 3,632 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2400 2,256 K 2,928 K
rundll32.exe 2416 2,752 K 5,064 K
QLBCTRL.exe 428 4,516 K 9,992 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 4988 3,488 K 9,236 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
notepad.exe 3708 2,324 K 6,264 K
mfevtps.exe 2328 5,428 K 8,312 K McAfee Process Validation Service McAfee, Inc.
mfefire.exe 1636 4,916 K 7,920 K McAfee Core Firewall Service McAfee, Inc.
McVsShld.exe 1672 8,616 K 17,328 K McAfee VirusScan Alerter McAfee, Inc.
McVsMap.exe 972 3,548 K 7,332 K
mcupdate.exe 2692 3,868 K 7,664 K
McSvHost.exe 3196 45,444 K 26,152 K McAfee Service Host McAfee, Inc.
mcshield.exe 3056 193,556 K 51,624 K McAfee On-Access Scanner service McAfee, Inc.
mcsacore.exe 2288 9,360 K 6,060 K SiteAdvisor McAfee, Inc.
mcagent.exe 2376 32,764 K 4,240 K McAfee Security Center McAfee, Inc.
lsm.exe 728 3,232 K 5,368 K
inetinfo.exe 2244 11,080 K 18,484 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 2468 1,260 K 4,384 K hpwuSchd Application Hewlett-Packard
hpservice.exe 1272 3,328 K 5,920 K HpService Hewlett-Packard Corporation
hpqWmiEx.exe 4112 3,168 K 7,184 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 2568 5,044 K 12,708 K HP Digital Imaging Monitor Hewlett-Packard Co.
HPDrvMntSvc.exe 2124 1,208 K 4,112 K HP Quick Synchronization Service Hewlett-Packard Company
ehtray.exe 3848 2,252 K 1,764 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 3076 1,932 K 5,608 K Media Center Media Status Aggregator Service Microsoft Corporation
csrss.exe 584 2,812 K 7,568 K
Com4QLBEx.exe 4588 1,492 K 5,344 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 2640 1,600 K 4,852 K STServices
audiodg.exe 1056 14,456 K 17,828 K
ApntEx.exe 3872 2,308 K 5,144 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 2064 1,204 K 2,980 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 1204 772 K 2,244 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation

[RKinner]

Not sure why you can't see beep.sys in the Device Manager. You do see the non-plug and play section, right?

Download, Save and Run the Norton Removal tool:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe



Combofix found something this time:
"c:\windows\SysWow64\userinit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe"

I'd run Combofix again (without the script) just to make sure it doesn't come back. Post the new log.

This one:

"Interrupts n/a 6.19 0 K 0 K Hardware Interrupts and DPCs "
is way too high and is usually caused by a bad battery. Pull the main battery and run Process Explorer again and post the new log.

Ron

[BeckyH]

yes I can see the non plug and play and beep isn't there..in the nonplug and play drivers it goes straight from arcses to cmdide

the power supply connection isn't great and without a battery in, it has a tendency of turning off (big downfall of the HP's of the time I bought this I found out after the fact, that and they run hot). I have my screen set so that if it gets disconnected the screen get dimmer so I know to check immediately to get it plugged back in. The battery that is in however has less than 2 months of use on it so it should be good.

here's latest combofix
ComboFix 11-06-16.02 - Owner 06/17/2011 7:45.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2321 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\userinit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 12:00 . 2011-06-17 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 06:10 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8349DE7-138F-4F13-82EF-73E3FA5493CF}\mpengine.dll
2011-06-16 12:37 . 2011-06-16 12:37 -------- d-----w- C:\_OTL
2011-06-15 22:21 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 22:21 . 2010-12-20 16:35 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 22:19 . 2011-05-28 04:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 22:19 . 2011-05-28 04:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-15 21:54 . 2011-04-29 13:41 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 21:54 . 2011-04-29 13:40 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 21:54 . 2011-04-21 14:20 405504 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 21:53 . 2011-04-30 06:09 758784 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:53 . 2011-04-30 06:22 1027584 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 21:52 . 2011-04-29 13:39 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 21:52 . 2011-04-29 13:39 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 21:52 . 2011-04-29 13:39 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 21:51 . 2011-05-18 13:56 2762752 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 21:50 . 2011-05-02 12:02 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-06-15 21:50 . 2011-05-02 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 21:40 . 2011-04-14 15:14 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 21:40 . 2011-05-02 17:13 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 21:40 . 2011-05-02 17:16 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-13 21:54 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-13 21:53 . 2011-06-13 21:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-12 20:33 . 2011-06-13 11:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2011-06-12 20:32 . 2011-06-16 13:15 -------- d-----w- c:\program files (x86)\Auslogics
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-06-05 10:57 . 2011-06-05 10:57 0 ---ha-w- c:\users\Owner\AppData\Local\BIT9645.tmp
2011-06-05 06:59 . 2011-03-13 15:42 24376 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll
2011-06-04 22:42 . 2011-06-04 22:42 -------- d-----w- c:\users\Owner\AppData\Local\Knowledge Networks
2011-06-04 22:42 . 2011-06-04 22:42 -------- d-----w- c:\program files (x86)\Knowledge Networks
2011-05-26 22:34 . 2011-06-16 23:02 -------- d-----w- c:\users\Owner\AppData\Local\WeatherBug
2011-05-26 22:34 . 2011-05-26 22:34 -------- d-----w- c:\users\Owner\AppData\Roaming\WeatherBug
2011-05-26 22:32 . 2011-05-26 22:32 18944 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2011-05-26 22:32 . 2011-05-26 22:32 11264 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2011-05-26 22:32 . 2011-05-26 22:32 -------- d-----w- c:\program files (x86)\AWS
2011-05-25 21:01 . 2011-05-25 21:39 -------- d-----w- c:\users\Owner\AppData\Local\Nemex
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\users\Owner\AppData\Roaming\Mouse Recorder Pro
2011-05-25 20:59 . 2011-05-25 20:59 -------- d-----w- c:\program files (x86)\Nemex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 22:46 . 2008-01-20 23:23 6144 ----a-w- c:\windows\system32\drivers\beep.sys
2011-05-29 13:11 . 2009-08-06 02:25 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 03:36 . 2011-05-15 03:36 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-16_13.48.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-02 23:27 . 2011-06-16 13:00 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-02 23:27 . 2011-06-17 11:40 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-02 23:27 . 2011-06-17 11:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 23:27 . 2011-06-16 13:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-02 23:27 . 2011-06-17 11:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-02 23:27 . 2011-06-16 13:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-06-05 01:36 72704 ----a-w- c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\pahelper_1502.2011.0310.1640.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
"PanelApp"="c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe" [2010-04-15 31232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-02 1658440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
c:\program files (x86)\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe [BU]
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1c99f87d3bc63b0;Google Update Service (gupdate1c99f87d3bc63b0);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 cpuz135;cpuz135;c:\users\Owner\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 133104]
R3 PanelSvc;PanelSvc;c:\program files (x86)\Knowledge Networks\PanelApp\PanelSvc.exe [2010-04-15 91136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 101048]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-03-13 208272]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-03-13 158832]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 23:44]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 00:49]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-08 00:49]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 13:15]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-21 13:15]
.
2011-05-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2011-06-16 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2011-02-12 19:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2011-06-05 01:36 90624 ----a-w- c:\users\Owner\AppData\Local\Knowledge Networks\PanelApp\pahelper64_1502.2011.0310.1640.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 24.159.64.23 24.178.162.3 97.81.22.195
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-06-17 08:23:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-17 12:23
ComboFix2.txt 2011-06-17 03:24
ComboFix3.txt 2011-06-16 13:55
.
Pre-Run: 96,084,234,240 bytes free
Post-Run: 96,180,469,760 bytes free
.
- - End Of File - - 62A10CB4CEF2A37386351451E347DE58

and the process explorer
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 68.46 0 K 24 K
mcshield.exe 2988 13.85 201,072 K 159,092 K McAfee On-Access Scanner service McAfee, Inc.
WmiPrvSE.exe 1588 10.00 9,940 K 16,452 K WMI Provider Host Microsoft Corporation
dwm.exe 1660 2.31 40,100 K 37,188 K Desktop Window Manager Microsoft Corporation
System 4 1.54 0 K 35,796 K
procexp64.exe 4964 1.54 22,896 K 32,416 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
svchost.exe 588 0.77 120,136 K 213,104 K Host Process for Windows Services Microsoft Corporation
McSvHost.exe 1972 0.77 45,436 K 25,052 K McAfee Service Host McAfee, Inc.
mcods.exe 4604 0.77 19,324 K 27,468 K McAfee VirusScan On-Demand Scan McAfee, Inc.
spoolsv.exe 1772 < 0.01 9,360 K 81,884 K Spooler SubSystem App Microsoft Corporation
Weather.exe 3232 < 0.01 49,976 K 5,800 K AWS Convergence Technologies, Inc.
firefox.exe 3824 < 0.01 100,868 K 113,532 K Firefox Mozilla Corporation
svchost.exe 1464 < 0.01 18,744 K 82,132 K Host Process for Windows Services Microsoft Corporation
explorer.exe 1728 < 0.01 34,164 K 173,780 K Windows Explorer Microsoft Corporation
igfxsrvc.exe 1436 < 0.01 2,500 K 6,424 K igfxsrvc Module Intel Corporation
PanelApp.exe 604 < 0.01 21,960 K 31,344 K
lsass.exe 780 < 0.01 6,004 K 67,320 K Local Security Authority Process Microsoft Corporation
mfevtps.exe 2380 < 0.01 7,168 K 9,656 K McAfee Process Validation Service McAfee, Inc.
svchost.exe 540 < 0.01 150,912 K 226,504 K Host Process for Windows Services Microsoft Corporation
csrss.exe 684 < 0.01 3,996 K 9,696 K Client Server Runtime Process Microsoft Corporation
mcagent.exe 2212 < 0.01 31,520 K 1,272 K McAfee Security Center McAfee, Inc.
stacsv64.exe 804 < 0.01 8,436 K 7,852 K IDT PC Audio IDT, Inc.
svchost.exe 468 < 0.01 16,780 K 68,212 K Host Process for Windows Services Microsoft Corporation
svchost.exe 984 < 0.01 5,544 K 45,548 K Host Process for Windows Services Microsoft Corporation
wlanext.exe 1672 < 0.01 2,568 K 6,524 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
hkcmd.exe 3640 < 0.01 2,464 K 6,228 K hkcmd Module Intel Corporation
Apoint.exe 2480 < 0.01 3,232 K 8,384 K Alps Pointing-device Driver Alps Electric Co., Ltd.
mfefire.exe 3032 < 0.01 4,660 K 7,716 K McAfee Core Firewall Service McAfee, Inc.
svchost.exe 3692 < 0.01 4,184 K 44,816 K Host Process for Windows Services Microsoft Corporation
csrss.exe 628 < 0.01 2,696 K 7,420 K Client Server Runtime Process Microsoft Corporation
taskeng.exe 1936 < 0.01 10,792 K 13,716 K Task Scheduler Engine Microsoft Corporation
sqlservr.exe 2440 < 0.01 41,400 K 3,080 K SQL Server Windows NT Microsoft Corporation
svchost.exe 1208 < 0.01 10,332 K 79,176 K Host Process for Windows Services Microsoft Corporation
hpservice.exe 1300 < 0.01 3,316 K 5,948 K HpService Hewlett-Packard Corporation
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wuauclt.exe 4880 3,464 K 6,904 K Windows Update Microsoft Corporation
wmpnscfg.exe 4272 2,324 K 6,540 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 3500 4,024 K 8,180 K WMI Provider Host Microsoft Corporation
WLIDSVCM.EXE 312 1,528 K 3,636 K Microsoft® Windows Live ID Service Monitor Microsoft Corp.
WLIDSVC.EXE 2884 8,336 K 15,992 K Microsoft® Windows Live ID Service Microsoft Corp.
winlogon.exe 720 2,756 K 31,072 K Windows Logon Application Microsoft Corporation
wininit.exe 664 1,788 K 5,124 K Windows Start-Up Application Microsoft Corporation
ViewpointService.exe 2796 1,892 K 5,444 K ViewMgr Viewpoint Corporation
taskeng.exe 1832 2,756 K 7,644 K Task Scheduler Engine Microsoft Corporation
svchost.exe 1152 2,904 K 31,176 K Host Process for Windows Services Microsoft Corporation
svchost.exe 920 3,968 K 36,516 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2840 6,728 K 38,292 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2856 1,136 K 14,164 K Host Process for Windows Services Microsoft Corporation
svchost.exe 124 73,528 K 138,896 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1796 17,320 K 71,320 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2140 6,176 K 63,196 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2220 3,972 K 42,432 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2496 1,316 K 29,836 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2528 1,272 K 21,620 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2568 2,300 K 37,512 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2752 4,832 K 56,292 K Host Process for Windows Services Microsoft Corporation
svchost.exe 5036 2,536 K 24,968 K Host Process for Windows Services Microsoft Corporation
sttray64.exe 3952 8,760 K 17,168 K IDT PC Audio IDT, Inc.
sqlwriter.exe 2732 4,296 K 8,844 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlbrowser.exe 2692 1,532 K 4,620 K SQL Browser Service EXE Microsoft Corporation
smss.exe 560 476 K 980 K Windows Session Manager Microsoft Corporation
SLsvc.exe 1168 8,528 K 13,432 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 760 3,228 K 39,688 K Services and Controller app Microsoft Corporation
SeaPort.exe 2660 5,596 K 9,844 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 4488 2,528 K 27,348 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2388 2,256 K 24,356 K Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2408 2,756 K 37,684 K Windows host process (Rundll32) Microsoft Corporation
QLBCTRL.exe 516 4,608 K 10,252 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 2968 3,488 K 9,256 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
notepad.exe 1232 2,324 K 6,184 K Notepad Microsoft Corporation
mcsacore.exe 2340 6,804 K 4,992 K SiteAdvisor McAfee, Inc.
lsm.exe 788 3,160 K 5,464 K Local Session Manager Service Microsoft Corporation
inetinfo.exe 2284 11,040 K 73,584 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 3784 1,256 K 4,432 K hpwuSchd Application Hewlett-Packard
hpqWmiEx.exe 5048 3,120 K 7,180 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 2864 5,108 K 12,776 K HP Digital Imaging Monitor Hewlett-Packard Co.
HPKBDAPP.exe 1596 7,128 K 7,868 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPDrvMntSvc.exe 2176 1,212 K 4,124 K HP Quick Synchronization Service Hewlett-Packard Company
ehtray.exe 584 2,248 K 1,808 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 4076 1,912 K 5,616 K Media Center Media Status Aggregator Service Microsoft Corporation
Com4QLBEx.exe 3164 1,480 K 5,332 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 2584 1,592 K 4,968 K STServices
audiodg.exe 1108 14,264 K 17,616 K Windows Audio Device Graph Isolation Microsoft Corporation
ApntEx.exe 4808 2,108 K 4,884 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
ApMsgFwd.exe 976 1,468 K 3,528 K ApMsgFwd Alps Electric Co., Ltd.
agr64svc.exe 2120 1,200 K 3,000 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 2084 776 K 2,252 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation

[RKinner]

Right click on the OTL icon and Run As Administrator. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%temp%\smtmp\*.* /s
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
beep.sys
WmiPrvSE.exe
dwm.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

Removing the battery dropped it way down:

Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs

So the battery may not be the right battery.

McAfee is hogging the CPU now. Do you have the McAfee user account and password for it so we could uninstall it temporarily?
Don't do it yet. We need to replace userinit.exe first.

Ron

[BeckyH]

I'm sure I have the user name and password somewhere for the macafee but don't know where right off the top of my head...

The battery that is in it is the original battery it came with, I had bought an extended life battery and that is what I had been using up until about a month ago when it finally got to where it isn't holding but half a charge and that is when I put the original one it came with back in.

it did not create two logs, only the one below..so maybe I didn't do something right?


OTL logfile created on: 6/17/2011 1:08:23 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 54.74% Memory free
8.02 Gb Paging File | 6.15 Gb Available in Paging File | 76.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 88.95 Gb Free Space | 40.13% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.46 Gb Free Space | 13.00% Space Free | Partition Type: NTFS

Computer Name: BECKY | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/17 13:05:53 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/15 13:54:02 | 000,031,232 | ---- | M] () -- C:\Users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe
PRC - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2011/06/17 13:05:53 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
MOD - [2011/04/08 16:56:28 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/03/17 16:39:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/13 11:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/03/13 11:37:22 | 000,208,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/03/13 11:37:06 | 000,197,960 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/01/20 22:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/16 15:49:08 | 000,101,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/15 14:02:50 | 000,091,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Knowledge Networks\PanelApp\PanelSvc.exe -- (PanelSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/04/25 19:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/13 11:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,481,376 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/03/13 11:20:10 | 000,281,928 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,227,856 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,098,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/03/13 11:20:10 | 000,075,672 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/03/13 11:20:10 | 000,065,128 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/06 00:23:48 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/07/06 00:23:48 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2010/02/25 15:19:02 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/25 06:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/10/28 09:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/07/17 12:38:16 | 000,143,248 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/04 13:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 22:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008/01/20 22:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 22:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 22:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/09 22:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://aol.com/"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/14 00:51:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/16 09:13:35 | 000,000,000 | ---D | M]

[2009/03/20 19:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/06/02 10:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2av9j7tm.Charlie\extensions
[2011/05/06 15:58:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2av9j7tm.Charlie\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/03 22:09:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4czq74lk.Candy\extensions
[2011/05/06 11:26:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\4czq74lk.Candy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/16 08:37:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions
[2010/10/03 23:07:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/10 13:07:13 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\extensions\[email protected]
[2010/02/19 06:39:42 | 000,000,923 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\searchplugins\conduit.xml
[2009/11/17 14:14:50 | 000,005,413 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\64tmwv5x.default\searchplugins\fast-browser-search.xml
[2011/06/16 08:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/03/22 21:33:40 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{23975c36-bc72-b8ae-b22a-c7f9768a02be}
File not found (No name found) --
[2011/06/04 21:36:38 | 000,000,000 | ---D | M] (Panel Application Bho) -- C:\USERS\OWNER\APPDATA\LOCAL\KNOWLEDGE NETWORKS\PANELAPP\FF
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\64TMWV5X.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/17 08:03:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110605025904.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110605025937.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [PanelApp] C:\Users\Owner\AppData\Local\Knowledge Networks\PanelApp\PanelApp.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.184.64.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\Pictures\zilla yawning.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\Pictures\zilla yawning.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 13:05:52 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/17 09:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/06/17 08:04:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/16 22:48:08 | 004,129,851 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/06/16 14:01:09 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2011/06/16 12:46:30 | 002,497,536 | ---- | C] (Topala Software Solutions) -- C:\Users\Owner\Desktop\siw.exe
[2011/06/16 12:29:33 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
[2011/06/16 11:33:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/16 11:31:05 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/06/16 11:21:31 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2011/06/16 09:24:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/16 09:24:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/16 09:24:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/16 09:24:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/16 09:24:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/16 08:37:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/15 10:25:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Documents\OTL.exe
[2011/06/13 17:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/13 17:54:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/13 17:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/12 16:33:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2011/06/12 16:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2011/06/12 16:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011/06/04 18:42:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Knowledge Networks
[2011/06/04 18:42:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Knowledge Networks
[2011/06/04 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Knowledge Networks
[2011/05/26 18:34:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\WeatherBug
[2011/05/26 18:34:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2011/05/26 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2011/05/26 18:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AWS
[2011/05/25 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Recorded Scripts
[2011/05/25 17:01:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nemex
[2011/05/25 16:59:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mouse Recorder Pro
[2011/05/25 16:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Recorder Pro 2
[2011/05/25 16:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nemex
[2009/08/17 13:31:14 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/08/17 13:31:13 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/08/17 13:31:12 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/08/17 13:31:11 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/08/17 13:31:10 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[9 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 13:05:53 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2011/06/17 12:59:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 12:59:08 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 12:50:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/17 12:50:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/17 12:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000UA.job
[2011/06/17 11:43:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/06/17 10:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 09:00:05 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/06/17 08:03:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/06/17 07:42:50 | 004,129,851 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2011/06/17 07:34:43 | 000,920,384 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/06/16 19:29:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2902236165-3934322-1294904898-1000Core.job
[2011/06/16 18:41:49 | 000,002,242 | ---- | M] () -- C:\Users\Owner\Desktop\beep.zip
[2011/06/16 16:00:31 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2011/06/16 14:50:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/16 14:01:11 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
[2011/06/16 12:46:32 | 002,497,536 | ---- | M] (Topala Software Solutions) -- C:\Users\Owner\Desktop\siw.exe
[2011/06/16 12:29:44 | 003,412,856 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Owner\Desktop\procexp.exe
[2011/06/16 11:33:18 | 552,268,433 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/16 11:31:06 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2011/06/16 11:21:31 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2011/06/16 09:13:36 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/06/16 06:25:59 | 000,403,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/15 10:25:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\OTL.exe
[2011/06/14 20:32:23 | 000,002,039 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/14 20:32:22 | 000,002,077 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2011/06/14 10:00:23 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/06/13 17:54:10 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 16:33:14 | 000,001,041 | ---- | M] () -- C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
[2011/06/08 19:36:09 | 000,000,842 | ---- | M] () -- C:\Users\Owner\Desktop\GiftBox+.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/05/25 16:59:20 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk
[2011/05/25 16:59:20 | 000,000,880 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Recorder Play.lnk
[2011/05/23 10:05:14 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[9 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/17 07:34:42 | 000,920,384 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
[2011/06/16 18:41:46 | 000,002,242 | ---- | C] () -- C:\Users\Owner\Desktop\beep.zip
[2011/06/16 11:33:18 | 552,268,433 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/16 09:24:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/16 09:24:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/16 09:24:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/16 09:24:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/16 09:24:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/13 17:54:10 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 16:33:14 | 000,001,041 | ---- | C] () -- C:\Users\Owner\Desktop\Auslogics Disk Defrag.lnk
[2011/06/04 21:34:50 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/05/25 16:59:20 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Pro 2.lnk
[2011/05/25 16:59:20 | 000,000,880 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Recorder Play.lnk
[2011/02/14 12:48:46 | 000,208,138 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/04/05 13:29:33 | 000,771,602 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/01 10:04:26 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/29 17:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/09/15 21:00:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/15 20:59:32 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/09/15 20:58:45 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:55:55 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/04 19:52:40 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/03/08 21:09:18 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2009/01/18 19:05:45 | 000,024,576 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 15:17:47 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2009/01/09 12:59:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2009/01/02 17:31:14 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/09/02 12:19:34 | 002,026,604 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2008/09/02 12:19:34 | 000,445,796 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2008/08/04 05:57:37 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/04 04:29:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/12 14:49:22 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

========== LOP Check ==========

[2009/09/05 07:07:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\aHisoft
[2011/06/13 07:29:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2009/10/26 17:32:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2009/10/31 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/05/04 19:22:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hewlett Packard
[2009/05/02 11:39:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/05/25 16:59:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mouse Recorder Pro
[2011/06/15 09:27:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2011/06/16 07:59:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/05/26 18:34:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug
[2011/06/17 08:59:09 | 000,032,630 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2011/06/16 16:00:31 | 000,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\vtscheduletask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %temp%\smtmp\*.* /s >


< MD5 for: BEEP.SYS >
[2011/06/16 18:46:58 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\SysNative\drivers\beep.sys

< MD5 for: DWM.EXE >
[2009/04/11 03:10:15 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=449F5AB17863698F12F0BC8E99079AA6 -- C:\Windows\SysNative\dwm.exe
[2009/04/11 03:10:15 | 000,098,304 | ---- | M] (Microsoft Corporation) MD5=449F5AB17863698F12F0BC8E99079AA6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_ebada8a472b137b9\dwm.exe
[2008/01/20 22:49:32 | 000,098,816 | ---- | M] (Microsoft Corporation) MD5=BD5DEBBE43A492CC75D25AF43E686D17 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_e9c22f98758f6c6d\dwm.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\ERDNT\cache86\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\ERDNT\cache86\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\WINDOWS\ERDNT\cache64\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\ERDNT\cache86\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\WINDOWS\ERDNT\cache64\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\WINDOWS\ERDNT\cache64\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WMIPRVSE.EXE >
[2009/03/02 22:24:44 | 000,349,184 | ---- | M] (Microsoft Corporation) MD5=33C4F8EAA0F6D77576FA0ECD5C81032E -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_6a7aaf7146b4382d\WmiPrvSE.exe
[2009/03/02 22:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation) MD5=3B5EC9CCBFABE17656F394C5B9D7A617 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_6c71bfbf43cd4537\WmiPrvSE.exe
[2008/01/20 22:49:34 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4FB464BD442B7CE2144320A02C366B42 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_76d6046178233cf8\WmiPrvSE.exe
[2009/03/02 22:33:57 | 000,351,744 | ---- | M] (Microsoft Corporation) MD5=51B84DD8F7AFFCF4ABB29829665380C9 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_6cbd7de05d18d8ac\WmiPrvSE.exe
[2008/01/20 22:48:58 | 000,348,672 | ---- | M] (Microsoft Corporation) MD5=673D84E36D12BBCDD44929E6CD7D4BB1 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_6c815a0f43c27afd\WmiPrvSE.exe
[2009/03/02 22:15:33 | 000,349,184 | ---- | M] (Microsoft Corporation) MD5=7806BBF2F72E7751E37ABCEB2A157CD8 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_6b11f5285fc73b4d\WmiPrvSE.exe
[2009/03/02 21:59:26 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=8339E480B3D4740404D8EE50D415935B -- C:\WINDOWS\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.16830_none_74cf59c37b14fa28\WmiPrvSE.exe
[2009/03/02 21:57:32 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=945B5A9280D3A8190C6446943BE7237D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6000.21023_none_75669f7a9427fd48\WmiPrvSE.exe
[2009/04/11 02:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=9495FCC01D7AB7B60E5B8BA7AEFE9E3D -- C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
[2009/04/11 02:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=9495FCC01D7AB7B60E5B8BA7AEFE9E3D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_78c17d6d75450844\WmiPrvSE.exe
[2009/03/02 22:16:04 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=A859852DEA22D60295A69B8BF92928F1 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_76c66a11782e0732\WmiPrvSE.exe
[2009/03/02 22:03:55 | 000,247,296 | ---- | M] (Microsoft Corporation) MD5=DABC9045A39B7B1198B88362B5E42945 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.22389_none_7712283291799aa7\WmiPrvSE.exe
[2009/04/11 03:11:11 | 000,351,744 | ---- | M] (Microsoft Corporation) MD5=E97B6931B5629D7E9F6EE29A68FD6123 -- C:\Windows\SysNative\wbem\WmiPrvSE.exe
[2009/04/11 03:11:11 | 000,351,744 | ---- | M] (Microsoft Corporation) MD5=E97B6931B5629D7E9F6EE29A68FD6123 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_6e6cd31b40e44649\WmiPrvSE.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011/05/28 00:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ShowIconsCommand [2011/06/15 09:28:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Opera\Opera.exe" /HideIconsCommand [2011/06/15 09:28:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Opera\Opera.exe" /ReInstallBrowser [2011/06/15 09:28:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\Program Files (x86)\Opera\Opera.exe" [2011/06/15 09:28:27 | 000,941,936 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/28 00:53:19 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/28 00:53:19 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/28 00:53:19 | 000,070,656 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/05/28 02:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\OPERA\OPERA.EXE" [2011/06/15 09:28:27 | 000,941,936 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:EA031481

< End of report >

[RKinner]

I think we need to uninstall McAfee and put on the free Avast for now. You can put it back later.

Download, Save, the Free Avast installer.
http://www.avast.com...ivirus-download

Download and Save the McAfee Removal tool.
(It's a very slow site so be patient.)



http://service.mcafe...spx?id=TS100507

Close all browsers and programs.

Uninstall McAfee using Control panel, Programs.

Run the McAfee Removal tool ( I don't need the log)

Right click on the Avast installer and Run As Administrator. Once it installs and upgrades:
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.
Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Run Process Explorer again as before and post the log.

Ron

[BeckyH]

that is just a document telling me how to deactivate etc the macafee but there is no link to download the tool that I can find on it

[RKinner]

It's there

http://download.mcaf...tches/MCPR.exe.

Ron

[BeckyH]

sorry...it was listed under the xp section and I didn't look there since I don't run xp

ok I'll work in this

[BeckyH]

according to the log there were 7 found of which 4 were successfully moved to chest and 3 were not.


Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 87.53 0 K 24 K
WmiPrvSE.exe 3984 5.42 9,184 K 16,104 K
spoolsv.exe 1636 2.32 9,820 K 18,520 K Spooler SubSystem App Microsoft Corporation
Interrupts n/a 2.32 0 K 0 K Hardware Interrupts and DPCs
dwm.exe 1712 1.55 38,564 K 37,656 K Desktop Window Manager Microsoft Corporation
procexp64.exe 4484 0.77 20,844 K 31,756 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
explorer.exe 1732 0.77 31,960 K 48,616 K Windows Explorer Microsoft Corporation
firefox.exe 2000 < 0.01 101,964 K 115,196 K Firefox Mozilla Corporation
igfxsrvc.exe 2776 < 0.01 2,960 K 6,912 K igfxsrvc Module Intel Corporation
PanelApp.exe 928 < 0.01 21,064 K 31,380 K
hkcmd.exe 1340 < 0.01 3,080 K 7,136 K hkcmd Module Intel Corporation
AvastUI.exe 2304 < 0.01 20,000 K 5,192 K avast! Antivirus AVAST Software
Apoint.exe 2044 < 0.01 4,124 K 9,636 K Alps Pointing-device Driver Alps Electric Co., Ltd.
ApMsgFwd.exe 4820 < 0.01 2,048 K 4,208 K
taskeng.exe 1276 < 0.01 11,280 K 14,340 K Task Scheduler Engine Microsoft Corporation
sttray64.exe 1452 < 0.01 9,404 K 18,060 K IDT PC Audio IDT, Inc.
wmpnscfg.exe 4428 2,980 K 7,296 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
WmiPrvSE.exe 4072 4,460 K 8,940 K
WLIDSVCM.EXE 3736 2,112 K 4,324 K
WLIDSVC.EXE 3464 8,912 K 16,608 K
wlanext.exe 1572 3,032 K 7,128 K
winlogon.exe 716 3,396 K 8,000 K
wininit.exe 668 2,388 K 5,928 K
ViewpointService.exe 3380 2,196 K 5,836 K ViewMgr Viewpoint Corporation
taskeng.exe 748 3,352 K 8,392 K
taskeng.exe 5008 2,532 K 6,076 K
System 4 0 K 35,624 K
svchost.exe 1436 17,212 K 20,896 K Host Process for Windows Services Microsoft Corporation
svchost.exe 240 104,428 K 118,840 K Host Process for Windows Services Microsoft Corporation
svchost.exe 564 142,424 K 150,600 K Host Process for Windows Services Microsoft Corporation
svchost.exe 516 17,912 K 18,556 K Host Process for Windows Services Microsoft Corporation
svchost.exe 308 74,116 K 42,560 K Host Process for Windows Services Microsoft Corporation
svchost.exe 932 4,248 K 8,432 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3864 4,832 K 8,708 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1196 11,640 K 18,892 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1632 20,516 K 26,360 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3312 5,316 K 9,232 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1004 6,224 K 10,732 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3100 3,592 K 7,600 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2264 4,168 K 8,432 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3412 6,700 K 10,920 K Host Process for Windows Services Microsoft Corporation
svchost.exe 2464 1,904 K 4,532 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3052 6,824 K 11,868 K Host Process for Windows Services Microsoft Corporation
svchost.exe 4988 2,812 K 6,888 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3088 1,764 K 4,128 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1100 3,392 K 6,932 K Host Process for Windows Services Microsoft Corporation
svchost.exe 3432 1,624 K 3,428 K Host Process for Windows Services Microsoft Corporation
stacsv64.exe 580 8,732 K 8,272 K IDT PC Audio IDT, Inc.
sqlwriter.exe 3244 4,896 K 9,528 K SQL Server VSS Writer - 64 Bit Microsoft Corporation
sqlservr.exe 2496 44,708 K 2,340 K SQL Server Windows NT Microsoft Corporation
sqlbrowser.exe 3220 1,820 K 5,040 K SQL Browser Service EXE Microsoft Corporation
smss.exe 504 504 K 1,044 K
SLsvc.exe 1120 8,576 K 13,464 K Microsoft Software Licensing Service Microsoft Corporation
services.exe 756 3,924 K 9,164 K
SeaPort.exe 3176 5,992 K 10,296 K Microsoft SeaPort Search Enhancement Broker Microsoft Corporation
rundll32.exe 2828 3,092 K 4,344 K Windows host process (Rundll32) Microsoft Corporation
QLBCTRL.exe 2268 4,288 K 10,096 K Quick Launch Buttons Hewlett-Packard Development Company, L.P.
procexp.exe 5000 3,788 K 9,660 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
plugin-container.exe 3996 11,932 K 15,636 K Plugin Container for Firefox Mozilla Corporation
lsm.exe 780 3,724 K 6,044 K
lsass.exe 772 5,412 K 12,624 K Local Security Authority Process Microsoft Corporation
inetinfo.exe 2076 11,728 K 19,648 K Internet Information Services Microsoft Corporation
hpwuschd2.exe 2276 1,552 K 4,756 K hpwuSchd Application Hewlett-Packard
HPWAMain.exe 2296 34,036 K 31,644 K HP Wireless Assistant Main Program Hewlett-Packard Company
hpservice.exe 1280 3,912 K 6,708 K HpService Hewlett-Packard Company
hpqWmiEx.exe 3376 3,504 K 7,756 K hpqwmiex Module Hewlett-Packard Company
hpqtra08.exe 1532 5,360 K 13,220 K HP Digital Imaging Monitor Hewlett-Packard Co.
HpqToaster.exe 4540 2,848 K 8,908 K HpqToaster Module
HPKBDAPP.exe 1380 7,776 K 8,768 K HP QuickTouch On Screen Display Hewlett-Packard Development Company, L.P.
HPHC_Service.exe 4064 29,484 K 12,688 K HP Support Assistant Hewlett-Packard Company
HPDrvMntSvc.exe 1868 1,512 K 4,508 K HP Quick Synchronization Service Hewlett-Packard Company
hpCaslNotification.exe 4720 31,992 K 9,140 K hpCaslNotification Hewlett-Packard Development Company L.P.
ehtray.exe 1156 2,980 K 2,068 K Media Center Tray Applet Microsoft Corporation
ehmsas.exe 2232 2,544 K 6,456 K Media Center Media Status Aggregator Service Microsoft Corporation
csrss.exe 676 2,884 K 8,604 K
csrss.exe 624 2,696 K 7,436 K
Com4QLBEx.exe 4380 1,776 K 5,800 K Com for QLB application Hewlett-Packard Development Company, L.P.
BLService.exe 3120 1,888 K 5,412 K STServices
AvastSvc.exe 1560 25,492 K 19,396 K avast! Service AVAST Software
audiodg.exe 1064 13,788 K 17,160 K
ApntEx.exe 4904 2,888 K 5,808 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd.
agr64svc.exe 3040 1,776 K 3,700 K LSI Soft Modem Call Progress Service LSI Corporation
AESTSr64.exe 3020 1,268 K 2,984 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation