BerttheGreat

It's running pretty good so far, about normal now. Is there anything else we need to do or do you think that's good for now? Either way I don't mind. Thanks!

Here it is. Internet Explorer wouldn't open so it gave me quite a scare for a minute... ComboFix 12-02-02.02 - Marty 02/02/2012 17:21:13.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7931.6449 [GMT -7:00] Running from: c:\users\Marty\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 ))))))))))))))))))))))))))))))) . . 2012-02-03 00:28 . 2012-02-03 00:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-31 15:01 . 2012-01-31 15:01 -------- d-----w- C:\_OTL 2012-01-16 05:21 . 2012-01-16 05:21 -------- d-----w- c:\windows\Sun 2012-01-16 05:20 . 2012-01-16 05:20 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-01-16 05:20 . 2011-11-10 12:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-11 05:49 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 05:49 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 05:49 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 05:49 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 05:49 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 05:49 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 05:49 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 05:49 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-08 22:47 . 2012-01-08 22:47 388096 ----a-r- c:\users\Marty\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-08 22:47 . 2012-01-08 22:47 -------- d-----w- c:\program files (x86)\Trend Micro 2012-01-07 07:18 . 2012-01-07 07:18 -------- d-----w- c:\users\Marty\AppData\Roaming\Malwarebytes 2012-01-07 07:18 . 2012-01-07 07:18 -------- d-----w- c:\programdata\Malwarebytes 2012-01-07 07:17 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-07 07:17 . 2012-01-07 07:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-07 16:13 . 2011-12-07 16:13 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin 2011-11-24 04:52 . 2011-12-14 19:34 3145216 ----a-w- c:\windows\system32\win32k.sys 2011-11-05 05:32 . 2011-12-14 19:34 2048 ----a-w- c:\windows\system32\tzres.dll 2011-11-05 04:26 . 2011-12-14 19:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="-scheduler" [X] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-25 3077528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-26 336384] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160] "PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Converter 7\RegistryController.exe" [2010-08-18 121120] "Nuance PDF Converter 7-reminder"="c:\program files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" [2010-07-05 333088] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2011-07-19 606392] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/30 15:38;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-10-18 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-26 365568] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-07-19 722616] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - CLKMDRV10_38F51D56 *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-02-01 c:\windows\Tasks\HPCeeScheduleForMarty.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-10-18 1128448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100 IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\atibtmon.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-02-02 17:35:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-02-03 00:35 . Pre-Run: 542,343,049,216 bytes free Post-Run: 541,816,537,088 bytes free . - - End Of File - - E756AF53ED4C1A1B9386C3B1D04484D9

Ack... I couldn't get my McAfee antivirus to disable, I turned off the scans and the firewall and in the instructions there was no icon on the bottom right corner... I looked around other sites and tried other ways but combofix still says it's running. Not sure what to do, sorry..

Alright, here it is: 08:45:47.0007 3944 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 08:45:49.0019 3944 ============================================================ 08:45:49.0019 3944 Current date / time: 2012/02/02 08:45:49.0019 08:45:49.0019 3944 SystemInfo: 08:45:49.0019 3944 08:45:49.0019 3944 OS Version: 6.1.7601 ServicePack: 1.0 08:45:49.0019 3944 Product type: Workstation 08:45:49.0019 3944 ComputerName: ROBNBOBBLASTER 08:45:49.0019 3944 UserName: Marty 08:45:49.0019 3944 Windows directory: C:\Windows 08:45:49.0019 3944 System windows directory: C:\Windows 08:45:49.0019 3944 Running under WOW64 08:45:49.0019 3944 Processor architecture: Intel x64 08:45:49.0019 3944 Number of processors: 4 08:45:49.0019 3944 Page size: 0x1000 08:45:49.0019 3944 Boot type: Normal boot 08:45:49.0019 3944 ============================================================ 08:45:51.0687 3944 Initialize success 08:46:18.0706 5888 ============================================================ 08:46:18.0706 5888 Scan started 08:46:18.0706 5888 Mode: Manual; SigCheck; TDLFS; 08:46:18.0706 5888 ============================================================ 08:46:20.0547 5888 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:46:20.0812 5888 1394ohci - ok 08:46:21.0202 5888 Accelerometer (7a330a42870eb1fa81f88be514d2d566) C:\Windows\system32\DRIVERS\Accelerometer.sys 08:46:21.0436 5888 Accelerometer - ok 08:46:21.0857 5888 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:46:21.0904 5888 ACPI - ok 08:46:22.0310 5888 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:46:22.0450 5888 AcpiPmi - ok 08:46:22.0871 5888 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 08:46:22.0903 5888 adp94xx - ok 08:46:23.0339 5888 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 08:46:23.0386 5888 adpahci - ok 08:46:23.0776 5888 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 08:46:23.0807 5888 adpu320 - ok 08:46:24.0229 5888 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 08:46:24.0400 5888 AFD - ok 08:46:24.0775 5888 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:46:24.0821 5888 agp440 - ok 08:46:25.0227 5888 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:46:25.0243 5888 aliide - ok 08:46:25.0757 5888 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:46:25.0773 5888 amdide - ok 08:46:26.0319 5888 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 08:46:26.0459 5888 amdiox64 - ok 08:46:26.0974 5888 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 08:46:27.0021 5888 AmdK8 - ok 08:46:27.0583 5888 amdkmdag (cf5fc8d37f10c9c374ae6d990c9d2cd7) C:\Windows\system32\DRIVERS\atikmdag.sys 08:46:28.0051 5888 amdkmdag - ok 08:46:28.0472 5888 amdkmdap (2bd89cb34b67edc64e741aa3864d8c1a) C:\Windows\system32\DRIVERS\atikmpag.sys 08:46:28.0597 5888 amdkmdap - ok 08:46:28.0987 5888 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:46:29.0018 5888 AmdPPM - ok 08:46:29.0392 5888 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:46:29.0486 5888 amdsata - ok 08:46:29.0923 5888 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 08:46:29.0954 5888 amdsbs - ok 08:46:30.0453 5888 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:46:30.0547 5888 amdxata - ok 08:46:31.0077 5888 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:46:31.0280 5888 AppID - ok 08:46:31.0701 5888 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 08:46:31.0717 5888 arc - ok 08:46:32.0122 5888 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 08:46:32.0138 5888 arcsas - ok 08:46:32.0543 5888 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:46:32.0653 5888 AsyncMac - ok 08:46:33.0074 5888 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:46:33.0089 5888 atapi - ok 08:46:33.0542 5888 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 08:46:33.0620 5888 AtiHdmiService - ok 08:46:34.0072 5888 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 08:46:34.0150 5888 AtiPcie - ok 08:46:34.0556 5888 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 08:46:34.0618 5888 b06bdrv - ok 08:46:35.0289 5888 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:46:35.0445 5888 b57nd60a - ok 08:46:36.0178 5888 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 08:46:36.0241 5888 BCM43XX - ok 08:46:36.0662 5888 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:46:36.0724 5888 Beep - ok 08:46:37.0192 5888 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 08:46:37.0223 5888 blbdrive - ok 08:46:37.0754 5888 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:46:37.0894 5888 bowser - ok 08:46:38.0331 5888 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 08:46:38.0378 5888 BrFiltLo - ok 08:46:38.0721 5888 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 08:46:38.0752 5888 BrFiltUp - ok 08:46:39.0142 5888 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:46:39.0220 5888 Brserid - ok 08:46:39.0610 5888 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:46:39.0641 5888 BrSerWdm - ok 08:46:40.0031 5888 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:46:40.0063 5888 BrUsbMdm - ok 08:46:40.0437 5888 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:46:40.0468 5888 BrUsbSer - ok 08:46:40.0874 5888 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 08:46:40.0905 5888 BTHMODEM - ok 08:46:41.0295 5888 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:46:41.0357 5888 cdfs - ok 08:46:41.0747 5888 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 08:46:41.0857 5888 cdrom - ok 08:46:42.0293 5888 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys 08:46:42.0403 5888 cfwids - ok 08:46:42.0808 5888 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:46:42.0855 5888 circlass - ok 08:46:43.0167 5888 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:46:43.0229 5888 CLFS - ok 08:46:43.0697 5888 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys 08:46:43.0791 5888 clwvd - ok 08:46:44.0165 5888 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 08:46:44.0197 5888 CmBatt - ok 08:46:44.0587 5888 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:46:44.0618 5888 cmdide - ok 08:46:44.0992 5888 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 08:46:45.0086 5888 CNG - ok 08:46:45.0491 5888 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 08:46:45.0507 5888 Compbatt - ok 08:46:45.0991 5888 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:46:46.0162 5888 CompositeBus - ok 08:46:46.0693 5888 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 08:46:46.0708 5888 crcdisk - ok 08:46:47.0176 5888 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:46:47.0317 5888 DfsC - ok 08:46:47.0691 5888 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:46:47.0753 5888 discache - ok 08:46:48.0159 5888 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 08:46:48.0175 5888 Disk - ok 08:46:48.0580 5888 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:46:48.0658 5888 drmkaud - ok 08:46:49.0064 5888 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:46:49.0235 5888 DXGKrnl - ok 08:46:49.0641 5888 EagleX64 - ok 08:46:50.0093 5888 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 08:46:50.0187 5888 ebdrv - ok 08:46:50.0655 5888 ElRawDisk (d38a883309e04b9fbffe1aca60ea3bbf) C:\Windows\system32\drivers\ElRawDsk.sys 08:46:50.0764 5888 ElRawDisk - ok 08:46:51.0201 5888 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 08:46:51.0232 5888 elxstor - ok 08:46:51.0638 5888 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:46:51.0685 5888 ErrDev - ok 08:46:52.0106 5888 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:46:52.0168 5888 exfat - ok 08:46:52.0574 5888 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:46:52.0699 5888 fastfat - ok 08:46:53.0089 5888 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 08:46:53.0151 5888 fdc - ok 08:46:53.0557 5888 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:46:53.0572 5888 FileInfo - ok 08:46:53.0931 5888 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:46:53.0993 5888 Filetrace - ok 08:46:54.0446 5888 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 08:46:54.0493 5888 flpydisk - ok 08:46:54.0867 5888 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:46:54.0945 5888 FltMgr - ok 08:46:55.0366 5888 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:46:55.0382 5888 FsDepends - ok 08:46:55.0756 5888 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 08:46:55.0787 5888 Fs_Rec - ok 08:46:56.0193 5888 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:46:56.0318 5888 fvevol - ok 08:46:56.0739 5888 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 08:46:56.0755 5888 gagp30kx - ok 08:46:57.0160 5888 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:46:57.0238 5888 GEARAspiWDM - ok 08:46:57.0628 5888 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:46:57.0691 5888 hcw85cir - ok 08:46:58.0096 5888 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:46:58.0205 5888 HdAudAddService - ok 08:46:58.0611 5888 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:46:58.0642 5888 HDAudBus - ok 08:46:59.0001 5888 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 08:46:59.0048 5888 HidBatt - ok 08:46:59.0422 5888 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 08:46:59.0453 5888 HidBth - ok 08:46:59.0890 5888 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 08:46:59.0921 5888 HidIr - ok 08:47:00.0311 5888 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 08:47:00.0421 5888 HidUsb - ok 08:47:00.0842 5888 hpdskflt (a4be23c451adeb252cd17a0532cae220) C:\Windows\system32\DRIVERS\hpdskflt.sys 08:47:00.0920 5888 hpdskflt - ok 08:47:01.0372 5888 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:47:01.0450 5888 HpSAMD - ok 08:47:01.0871 5888 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:47:02.0012 5888 HTTP - ok 08:47:02.0402 5888 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:47:02.0480 5888 hwpolicy - ok 08:47:02.0917 5888 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 08:47:02.0948 5888 i8042prt - ok 08:47:03.0369 5888 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:47:03.0509 5888 iaStorV - ok 08:47:03.0915 5888 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 08:47:03.0946 5888 iirsp - ok 08:47:04.0336 5888 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:47:04.0352 5888 intelide - ok 08:47:04.0757 5888 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 08:47:04.0804 5888 intelppm - ok 08:47:05.0288 5888 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:47:05.0428 5888 IpFilterDriver - ok 08:47:05.0818 5888 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:47:05.0912 5888 IPMIDRV - ok 08:47:06.0302 5888 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:47:06.0380 5888 IPNAT - ok 08:47:06.0785 5888 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:47:06.0926 5888 IRENUM - ok 08:47:07.0316 5888 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:47:07.0331 5888 isapnp - ok 08:47:07.0737 5888 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:47:07.0831 5888 iScsiPrt - ok 08:47:08.0221 5888 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 08:47:08.0252 5888 kbdclass - ok 08:47:08.0642 5888 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:47:08.0751 5888 kbdhid - ok 08:47:09.0141 5888 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 08:47:09.0219 5888 KSecDD - ok 08:47:09.0593 5888 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 08:47:09.0687 5888 KSecPkg - ok 08:47:10.0124 5888 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:47:10.0186 5888 ksthunk - ok 08:47:10.0639 5888 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:47:10.0701 5888 lltdio - ok 08:47:11.0200 5888 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 08:47:11.0247 5888 LSI_FC - ok 08:47:11.0871 5888 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 08:47:11.0887 5888 LSI_SAS - ok 08:47:12.0526 5888 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 08:47:12.0542 5888 LSI_SAS2 - ok 08:47:13.0228 5888 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 08:47:13.0259 5888 LSI_SCSI - ok 08:47:13.0790 5888 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:47:13.0899 5888 luafv - ok 08:47:14.0585 5888 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 08:47:14.0617 5888 megasas - ok 08:47:15.0147 5888 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 08:47:15.0163 5888 MegaSR - ok 08:47:16.0192 5888 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys 08:47:16.0270 5888 mfeapfk - ok 08:47:16.0863 5888 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys 08:47:16.0957 5888 mfeavfk - ok 08:47:17.0549 5888 mfeavfk01 - ok 08:47:18.0080 5888 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys 08:47:18.0189 5888 mfefirek - ok 08:47:18.0766 5888 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys 08:47:18.0907 5888 mfehidk - ok 08:47:19.0702 5888 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys 08:47:19.0780 5888 mfenlfk - ok 08:47:20.0357 5888 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys 08:47:20.0451 5888 mferkdet - ok 08:47:21.0637 5888 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys 08:47:21.0730 5888 mfewfpk - ok 08:47:22.0791 5888 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:47:22.0853 5888 Modem - ok 08:47:23.0680 5888 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:47:23.0727 5888 monitor - ok 08:47:24.0538 5888 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:47:24.0554 5888 mouclass - ok 08:47:25.0209 5888 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys 08:47:25.0240 5888 mouhid - ok 08:47:25.0755 5888 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:47:25.0833 5888 mountmgr - ok 08:47:26.0644 5888 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:47:26.0816 5888 mpio - ok 08:47:27.0627 5888 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:47:27.0736 5888 mpsdrv - ok 08:47:28.0204 5888 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:47:28.0329 5888 MRxDAV - ok 08:47:28.0891 5888 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:47:29.0031 5888 mrxsmb - ok 08:47:29.0624 5888 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:47:29.0749 5888 mrxsmb10 - ok 08:47:30.0404 5888 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:47:30.0497 5888 mrxsmb20 - ok 08:47:31.0309 5888 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:47:31.0433 5888 msahci - ok 08:47:32.0447 5888 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:47:32.0588 5888 msdsm - ok 08:47:33.0508 5888 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:47:33.0586 5888 Msfs - ok 08:47:34.0273 5888 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:47:34.0335 5888 mshidkmdf - ok 08:47:35.0115 5888 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:47:35.0146 5888 msisadrv - ok 08:47:36.0035 5888 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:47:36.0191 5888 MSKSSRV - ok 08:47:37.0003 5888 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:47:37.0096 5888 MSPCLOCK - ok 08:47:37.0845 5888 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:47:37.0970 5888 MSPQM - ok 08:47:39.0093 5888 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:47:39.0187 5888 MsRPC - ok 08:47:40.0076 5888 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:47:40.0107 5888 mssmbios - ok 08:47:40.0871 5888 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:47:40.0996 5888 MSTEE - ok 08:47:41.0823 5888 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 08:47:41.0932 5888 MTConfig - ok 08:47:43.0024 5888 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:47:43.0040 5888 Mup - ok 08:47:43.0945 5888 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:47:44.0038 5888 NativeWifiP - ok 08:47:45.0083 5888 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:47:45.0130 5888 NDIS - ok 08:47:46.0425 5888 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:47:46.0519 5888 NdisCap - ok 08:47:47.0689 5888 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:47:47.0782 5888 NdisTapi - ok 08:47:48.0469 5888 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:47:48.0593 5888 Ndisuio - ok 08:47:49.0139 5888 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:47:49.0295 5888 NdisWan - ok 08:47:49.0810 5888 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:47:49.0935 5888 NDProxy - ok 08:47:50.0746 5888 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:47:50.0809 5888 NetBIOS - ok 08:47:51.0448 5888 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:47:51.0573 5888 NetBT - ok 08:47:52.0275 5888 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys 08:47:52.0415 5888 netr28x - ok 08:47:53.0071 5888 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 08:47:53.0086 5888 nfrd960 - ok 08:47:53.0726 5888 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:47:53.0788 5888 Npfs - ok 08:47:54.0334 5888 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:47:54.0397 5888 nsiproxy - ok 08:47:55.0223 5888 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:47:55.0317 5888 Ntfs - ok 08:47:56.0191 5888 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:47:56.0269 5888 Null - ok 08:47:56.0861 5888 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 08:47:56.0939 5888 NVENETFD - ok 08:47:57.0501 5888 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:47:57.0626 5888 nvraid - ok 08:47:58.0281 5888 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:47:58.0390 5888 nvstor - ok 08:47:59.0108 5888 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:47:59.0123 5888 nv_agp - ok 08:47:59.0779 5888 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:47:59.0825 5888 ohci1394 - ok 08:48:00.0574 5888 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 08:48:00.0621 5888 Parport - ok 08:48:01.0292 5888 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 08:48:01.0401 5888 partmgr - ok 08:48:02.0165 5888 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:48:02.0259 5888 pci - ok 08:48:03.0117 5888 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:48:03.0148 5888 pciide - ok 08:48:04.0037 5888 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 08:48:04.0100 5888 pcmcia - ok 08:48:04.0786 5888 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:48:04.0833 5888 pcw - ok 08:48:05.0707 5888 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:48:05.0847 5888 PEAUTH - ok 08:48:06.0721 5888 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:48:06.0892 5888 PptpMiniport - ok 08:48:07.0594 5888 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 08:48:07.0625 5888 Processor - ok 08:48:08.0281 5888 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:48:08.0421 5888 Psched - ok 08:48:08.0967 5888 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 08:48:09.0076 5888 PxHlpa64 - ok 08:48:09.0778 5888 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 08:48:09.0919 5888 ql2300 - ok 08:48:10.0511 5888 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 08:48:10.0527 5888 ql40xx - ok 08:48:11.0229 5888 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:48:11.0338 5888 QWAVEdrv - ok 08:48:11.0931 5888 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:48:12.0025 5888 RasAcd - ok 08:48:12.0774 5888 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:48:12.0852 5888 RasAgileVpn - ok 08:48:13.0741 5888 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:48:13.0912 5888 Rasl2tp - ok 08:48:14.0536 5888 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:48:14.0614 5888 RasPppoe - ok 08:48:15.0316 5888 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:48:15.0441 5888 RasSstp - ok 08:48:16.0237 5888 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:48:16.0377 5888 rdbss - ok 08:48:16.0923 5888 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 08:48:16.0986 5888 rdpbus - ok 08:48:17.0922 5888 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:48:18.0000 5888 RDPCDD - ok 08:48:18.0655 5888 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:48:18.0717 5888 RDPENCDD - ok 08:48:19.0388 5888 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:48:19.0466 5888 RDPREFMP - ok 08:48:20.0137 5888 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 08:48:20.0293 5888 RDPWD - ok 08:48:20.0901 5888 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:48:20.0995 5888 rdyboost - ok 08:48:21.0744 5888 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys 08:48:21.0775 5888 RSPCIESTOR - ok 08:48:22.0321 5888 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:48:22.0414 5888 rspndr - ok 08:48:22.0820 5888 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:48:22.0945 5888 RTL8167 - ok 08:48:23.0335 5888 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:48:23.0444 5888 sbp2port - ok 08:48:23.0834 5888 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:48:23.0974 5888 scfilter - ok 08:48:24.0505 5888 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 08:48:24.0645 5888 sdbus - ok 08:48:25.0269 5888 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:48:25.0378 5888 secdrv - ok 08:48:26.0158 5888 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 08:48:26.0205 5888 Serenum - ok 08:48:26.0736 5888 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 08:48:26.0829 5888 Serial - ok 08:48:27.0609 5888 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 08:48:27.0656 5888 sermouse - ok 08:48:28.0405 5888 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:48:28.0452 5888 sffdisk - ok 08:48:29.0029 5888 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:48:29.0091 5888 sffp_mmc - ok 08:48:29.0762 5888 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:48:29.0887 5888 sffp_sd - ok 08:48:30.0495 5888 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 08:48:30.0542 5888 sfloppy - ok 08:48:31.0088 5888 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 08:48:31.0104 5888 SiSRaid2 - ok 08:48:31.0806 5888 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 08:48:31.0821 5888 SiSRaid4 - ok 08:48:32.0492 5888 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:48:32.0554 5888 Smb - ok 08:48:33.0210 5888 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:48:33.0225 5888 spldr - ok 08:48:33.0912 5888 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:48:34.0068 5888 srv - ok 08:48:34.0629 5888 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:48:34.0785 5888 srv2 - ok 08:48:35.0487 5888 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 08:48:35.0534 5888 SrvHsfHDA - ok 08:48:36.0330 5888 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 08:48:36.0470 5888 SrvHsfV92 - ok 08:48:37.0172 5888 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 08:48:37.0250 5888 SrvHsfWinac - ok 08:48:37.0796 5888 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:48:37.0890 5888 srvnet - ok 08:48:38.0467 5888 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 08:48:38.0498 5888 stexstor - ok 08:48:39.0184 5888 STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys 08:48:39.0621 5888 STHDA - ok 08:48:40.0276 5888 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:48:40.0292 5888 swenum - ok 08:48:41.0025 5888 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys 08:48:41.0166 5888 SynTP - ok 08:48:42.0164 5888 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 08:48:42.0304 5888 Tcpip - ok 08:48:43.0100 5888 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 08:48:43.0147 5888 TCPIP6 - ok 08:48:43.0927 5888 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:48:44.0161 5888 tcpipreg - ok 08:48:44.0925 5888 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:48:45.0019 5888 TDPIPE - ok 08:48:46.0158 5888 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 08:48:46.0251 5888 TDTCP - ok 08:48:47.0094 5888 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:48:47.0203 5888 tdx - ok 08:48:47.0811 5888 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:48:47.0889 5888 TermDD - ok 08:48:48.0560 5888 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:48:48.0732 5888 tssecsrv - ok 08:48:49.0371 5888 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:48:49.0512 5888 TsUsbFlt - ok 08:48:50.0214 5888 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 08:48:50.0323 5888 TsUsbGD - ok 08:48:51.0274 5888 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:48:51.0415 5888 tunnel - ok 08:48:52.0117 5888 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 08:48:52.0148 5888 uagp35 - ok 08:48:52.0772 5888 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:48:52.0912 5888 udfs - ok 08:48:53.0552 5888 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:48:53.0583 5888 uliagpkx - ok 08:48:54.0160 5888 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 08:48:54.0301 5888 umbus - ok 08:48:55.0018 5888 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 08:48:55.0096 5888 UmPass - ok 08:48:55.0736 5888 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 08:48:55.0908 5888 USBAAPL64 - ok 08:48:56.0438 5888 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:48:56.0578 5888 usbccgp - ok 08:48:57.0374 5888 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:48:57.0436 5888 usbcir - ok 08:48:58.0076 5888 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:48:58.0185 5888 usbehci - ok 08:48:58.0887 5888 usbfilter (76e2ffad301490ba27b947c6507752fb) C:\Windows\system32\DRIVERS\usbfilter.sys 08:48:58.0981 5888 usbfilter - ok 08:48:59.0620 5888 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:48:59.0745 5888 usbhub - ok 08:49:00.0525 5888 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 08:49:00.0650 5888 usbohci - ok 08:49:01.0227 5888 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 08:49:01.0290 5888 usbprint - ok 08:49:01.0804 5888 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:49:01.0976 5888 USBSTOR - ok 08:49:02.0694 5888 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:49:02.0865 5888 usbuhci - ok 08:49:03.0583 5888 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 08:49:03.0692 5888 usbvideo - ok 08:49:04.0472 5888 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:49:04.0519 5888 vdrvroot - ok 08:49:05.0299 5888 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:49:05.0346 5888 vga - ok 08:49:06.0094 5888 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:49:06.0172 5888 VgaSave - ok 08:49:06.0640 5888 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:49:06.0750 5888 vhdmp - ok 08:49:07.0452 5888 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:49:07.0498 5888 viaide - ok 08:49:08.0138 5888 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:49:08.0232 5888 volmgr - ok 08:49:08.0824 5888 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:49:08.0918 5888 volmgrx - ok 08:49:09.0604 5888 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:49:09.0760 5888 volsnap - ok 08:49:10.0416 5888 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 08:49:10.0462 5888 vsmraid - ok 08:49:11.0242 5888 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:49:11.0289 5888 vwifibus - ok 08:49:11.0788 5888 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:49:11.0851 5888 vwififlt - ok 08:49:12.0334 5888 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 08:49:12.0428 5888 WacomPen - ok 08:49:13.0224 5888 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:49:13.0364 5888 WANARP - ok 08:49:13.0380 5888 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:49:13.0426 5888 Wanarpv6 - ok 08:49:14.0082 5888 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 08:49:14.0113 5888 Wd - ok 08:49:14.0721 5888 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:49:14.0799 5888 Wdf01000 - ok 08:49:15.0501 5888 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:49:15.0595 5888 WfpLwf - ok 08:49:16.0141 5888 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:49:16.0172 5888 WIMMount - ok 08:49:16.0827 5888 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 08:49:16.0968 5888 WinUsb - ok 08:49:17.0592 5888 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:49:17.0638 5888 WmiAcpi - ok 08:49:18.0216 5888 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:49:18.0309 5888 ws2ifsl - ok 08:49:18.0996 5888 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:49:19.0152 5888 WudfPf - ok 08:49:20.0088 5888 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:49:21.0679 5888 WUDFRd - ok 08:49:21.0757 5888 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 08:49:22.0006 5888 \Device\Harddisk0\DR0 - ok 08:49:22.0022 5888 Boot (0x1200) (63591d1b811d22ca8e035f323e9e8ee0) \Device\Harddisk0\DR0\Partition0 08:49:22.0022 5888 \Device\Harddisk0\DR0\Partition0 - ok 08:49:22.0038 5888 Boot (0x1200) (93790f67c18445b878aebd9535ae686e) \Device\Harddisk0\DR0\Partition1 08:49:22.0038 5888 \Device\Harddisk0\DR0\Partition1 - ok 08:49:22.0069 5888 Boot (0x1200) (bd8ab1b2d77b22ae4e9397682d4288c4) \Device\Harddisk0\DR0\Partition2 08:49:22.0069 5888 \Device\Harddisk0\DR0\Partition2 - ok 08:49:22.0162 5888 Boot (0x1200) (e8c6dad1e7e385e74d8e6770b1dbe802) \Device\Harddisk0\DR0\Partition3 08:49:22.0162 5888 \Device\Harddisk0\DR0\Partition3 - ok 08:49:22.0162 5888 ============================================================ 08:49:22.0162 5888 Scan finished 08:49:22.0162 5888 ============================================================ 08:49:22.0194 5816 Detected object count: 0 08:49:22.0194 5816 Actual detected object count: 0

Yeah, there's a bit of a difference that I noticed. My McAfee firewall still wont turn on though.. I don't mind if we run those other programs, I wanna get rid of as much as I can. Thanks for the help so far!

Alright sorry about that. This should be the last one: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Marty ->Temp folder emptied: 295138840 bytes ->Temporary Internet Files folder emptied: 609321175 bytes ->Java cache emptied: 152640 bytes ->Flash cache emptied: 102607 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 92625639 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes RecycleBin emptied: 3785907928 bytes Total Files Cleaned = 4,562.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 01312012_203406 Files\Folders moved on Reboot... C:\Users\Marty\AppData\Local\Temp\Low\~DFEDEB0B50F7392885.TMP moved successfully. C:\Users\Marty\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File\Folder C:\Users\Marty\AppData\Local\Temp\~DF19F69F405C28F807.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DF2A10D9FEBF2E809D.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DF6662A94DE5DC6FF7.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DF6A9806B5C7DFFAB0.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DF729D9FB6588A53B4.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DF7843D5C67107A3F0.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DFA50E04C1D4B1553C.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DFB7A8B25EA3024489.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DFBC12CA1F185B2ABC.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DFC31BF70312FC730E.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DFDA63BD1452821B8A.TMP not found! File\Folder C:\Users\Marty\AppData\Local\Temp\~DFE0364E6DC3C5D972.TMP not found! C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N655PQ67\index[2].htm moved successfully. C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F2XP0HF\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F2XP0HF\fastbutton[2].htm moved successfully. C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2F2XP0HF\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Marty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. File\Folder C:\Windows\temp\fb_2304.lck not found! Registry entries deleted on Reboot...

Ok, I think I got it this time: All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh moved successfully. C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh moved successfully. File ptytemp] not found. OTL by OldTimer - Version 3.2.31.0 log created on 01312012_103953 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Lemme know what's next.

I got rid of the toolbar and got the log: All processes killed Error: Unable to interpret <:OTLO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebC> in the current context! Error: Unable to interpret <heck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh[2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh:Commands[emptytemp]> in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 01312012_080148 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Hope I did that right..

Thanks for helping. Here are the logs: Farbar Service Scanner Version: 18-01-2012 01 Ran by Marty (administrator) on 30-01-2012 at 22:36:12 Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Yahoo IP is accessible. Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist. mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is OK. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist. Windows Update: =========== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Here's the RogueKiller: RogueKiller V7.0.2 [01/30/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Marty [Admin rights] Mode: Scan -- Date : 01/30/2012 22:39:54 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6476GSX ATA Device +++++ --- User --- [MBR] b4d9070620242845e6ab61e5b2b4170c [bSP] 8cf892ae4bead2ef24e2536e5326c410 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 595628 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1220255744 | Size: 14548 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Next ones: OTL logfile created on: 1/30/2012 10:41:51 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marty\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 79.65% Memory free 15.49 Gb Paging File | 13.28 Gb Available in Paging File | 85.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.67 Gb Total Space | 501.78 Gb Free Space | 86.27% Space Free | Partition Type: NTFS Drive D: | 14.21 Gb Total Space | 1.58 Gb Free Space | 11.14% Space Free | Partition Type: NTFS Drive E: | 933.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ROBNBOBBLASTER | User Name: Marty | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/30 22:41:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marty\Desktop\OTL.exe PRC - [2011/07/24 19:59:46 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe PRC - [2011/07/19 14:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe PRC - [2011/07/05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/04/28 17:19:18 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe PRC - [2011/03/22 11:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/02/17 22:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/02/17 22:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011/01/25 13:56:34 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 12:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe ========== Modules (No Company Name) ========== MOD - [2011/07/24 19:59:46 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011/10/18 12:46:49 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2011/10/18 12:46:45 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2011/03/25 23:02:02 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2011/02/28 12:52:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [unknown | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2011/01/26 16:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/30 13:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk) SRV - [2011/07/19 14:40:10 | 000,722,616 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService) SRV - [2011/07/05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/03/07 17:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/10/18 12:46:52 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2011/07/19 09:19:16 | 001,492,992 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/24 17:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/28 13:23:06 | 009,079,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/02/28 12:17:20 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/01/26 16:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/01/26 16:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2010/12/16 19:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/11/29 04:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/06/17 06:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2010/05/06 05:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/12/09 09:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/10 07:32:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/21 16:45:05 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll (McAfee, Inc.) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll (McAfee, Inc.) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [iolo Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Nuance PDF Converter 7-reminder] C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001..\Run: [iSUSPM] -scheduler File not found O4 - HKU\S-1-5-21-2731733586-1763407279-4155527976-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll (Nuance Communications, Inc.) O8 - Extra context menu item: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll (Nuance Communications, Inc.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/08/05 08:27:51 | 000,000,041 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{599abc52-b57c-11e0-87be-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{599abc52-b57c-11e0-87be-806e6f6e6963}\Shell\AutoRun\command - "" = E:\GEOM_43.exe -- [2009/08/05 08:24:51 | 006,691,384 | R--- | M] (Adobe Systems, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/30 22:41:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marty\Desktop\OTL.exe [2012/01/30 22:39:00 | 000,000,000 | ---D | C] -- C:\Users\Marty\Desktop\RK_Quarantine [2012/01/30 22:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012/01/15 22:21:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/01/15 22:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/01/08 15:47:38 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/01/08 15:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/01/08 15:41:33 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marty\Desktop\tdsskiller.exe [2012/01/07 00:18:12 | 000,000,000 | ---D | C] -- C:\Users\Marty\AppData\Roaming\Malwarebytes [2012/01/07 00:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/07 00:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/07 00:17:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/07 00:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/02 15:50:36 | 001,222,671 | ---- | C] (Solgryn.org ) -- C:\Users\Marty\Desktop\IWBTUpdater.exe [2012/01/02 15:50:32 | 132,138,450 | ---- | C] (Solgryn.org ) -- C:\Users\Marty\Desktop\I Wanna Be The Boshy 1.5.1.exe [2012/01/02 14:47:00 | 011,233,541 | ---- | C] ( ) -- C:\Users\Marty\Desktop\IWBTVB.exe ========== Files - Modified Within 30 Days ========== [2012/01/30 22:41:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marty\Desktop\OTL.exe [2012/01/30 22:41:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/30 22:41:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/30 22:38:43 | 001,201,664 | ---- | M] () -- C:\Users\Marty\Desktop\RogueKiller.exe [2012/01/30 22:37:49 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012/01/30 22:35:28 | 000,334,429 | ---- | M] () -- C:\Users\Marty\Desktop\FSS.exe [2012/01/30 22:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/30 22:32:58 | 1942,147,071 | -HS- | M] () -- C:\hiberfil.sys [2012/01/30 16:57:45 | 000,005,186 | ---- | M] () -- C:\Users\Marty\Documents\Article 1.abw [2012/01/27 19:47:56 | 000,001,100 | ---- | M] () -- C:\Users\Marty\Desktop\SaveFile2.ini [2012/01/27 19:47:48 | 000,000,260 | ---- | M] () -- C:\Users\Marty\Desktop\options.ini [2012/01/27 19:47:48 | 000,000,151 | ---- | M] () -- C:\Users\Marty\Desktop\onlineLicense.ini [2012/01/27 19:47:48 | 000,000,000 | ---- | M] () -- C:\Users\Marty\Desktop\saveFile.ini [2012/01/27 19:47:35 | 000,000,728 | ---- | M] () -- C:\Users\Marty\Desktop\SaveFile1.ini [2012/01/27 19:45:45 | 000,007,605 | ---- | M] () -- C:\Users\Marty\AppData\Local\Resmon.ResmonCfg [2012/01/24 20:11:58 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMarty.job [2012/01/13 14:42:33 | 000,169,141 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.33.png [2012/01/13 14:42:25 | 000,089,422 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.25.png [2012/01/13 14:42:15 | 000,079,422 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.15.png [2012/01/13 14:42:10 | 000,065,926 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.10.png [2012/01/13 14:41:59 | 000,143,999 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.58.png [2012/01/13 14:41:38 | 000,127,218 | ---- | M] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.37.png [2012/01/11 12:16:55 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/11 12:16:55 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/11 12:16:55 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/08 15:47:39 | 000,002,975 | ---- | M] () -- C:\Users\Marty\Desktop\HiJackThis.lnk [2012/01/08 15:41:40 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marty\Desktop\tdsskiller.exe [2012/01/07 00:26:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh [2012/01/07 00:05:12 | 000,010,934 | -HS- | M] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh [2012/01/02 15:43:18 | 000,000,094 | ---- | M] () -- C:\Users\Marty\Desktop\IWBTsave.ini ========== Files Created - No Company Name ========== [2012/01/30 22:38:30 | 001,201,664 | ---- | C] () -- C:\Users\Marty\Desktop\RogueKiller.exe [2012/01/30 22:35:19 | 000,334,429 | ---- | C] () -- C:\Users\Marty\Desktop\FSS.exe [2012/01/30 16:57:45 | 000,005,186 | ---- | C] () -- C:\Users\Marty\Documents\Article 1.abw [2012/01/27 19:45:45 | 000,007,605 | ---- | C] () -- C:\Users\Marty\AppData\Local\Resmon.ResmonCfg [2012/01/21 09:58:45 | 000,169,141 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.33.png [2012/01/21 09:58:45 | 000,143,999 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.58.png [2012/01/21 09:58:45 | 000,127,218 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.41.37.png [2012/01/21 09:58:45 | 000,089,422 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.25.png [2012/01/21 09:58:45 | 000,079,422 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.15.png [2012/01/21 09:58:45 | 000,065,926 | ---- | C] () -- C:\Users\Marty\Desktop\2012-01-13_14.42.10.png [2012/01/08 15:47:38 | 000,002,975 | ---- | C] () -- C:\Users\Marty\Desktop\HiJackThis.lnk [2012/01/07 00:26:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/06 23:54:53 | 000,010,934 | -HS- | C] () -- C:\Users\Marty\AppData\Local\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh [2012/01/06 23:54:53 | 000,010,934 | -HS- | C] () -- C:\ProgramData\75sqx84ofv3366yloot65axnsh0hx06tae0n76i6y55vjh [2012/01/03 21:19:03 | 000,001,100 | ---- | C] () -- C:\Users\Marty\Desktop\SaveFile2.ini [2012/01/02 15:58:45 | 000,000,000 | ---- | C] () -- C:\Users\Marty\Desktop\saveFile.ini [2012/01/02 15:51:17 | 000,000,728 | ---- | C] () -- C:\Users\Marty\Desktop\SaveFile1.ini [2012/01/02 15:51:17 | 000,000,151 | ---- | C] () -- C:\Users\Marty\Desktop\onlineLicense.ini [2012/01/02 15:50:52 | 000,000,260 | ---- | C] () -- C:\Users\Marty\Desktop\options.ini [2012/01/02 14:48:29 | 000,000,094 | ---- | C] () -- C:\Users\Marty\Desktop\IWBTsave.ini [2011/10/18 12:44:53 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2011/07/24 20:34:36 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2011/06/30 15:28:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/06/30 15:17:46 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011/04/28 17:37:23 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2011/02/16 17:57:18 | 000,003,883 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/16 19:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/12/19 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\.minecraft [2011/08/30 17:49:06 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/10/08 19:21:01 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\enchant [2011/07/24 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\iolo [2011/08/17 13:03:11 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Namco [2011/07/24 20:33:48 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Nuance [2011/10/14 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\StepMania 5 [2011/07/23 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Marty\AppData\Roaming\Synaptics [2012/01/18 21:22:26 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 1/30/2012 10:41:51 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marty\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.75 Gb Total Physical Memory | 6.17 Gb Available Physical Memory | 79.65% Memory free 15.49 Gb Paging File | 13.28 Gb Available in Paging File | 85.76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.67 Gb Total Space | 501.78 Gb Free Space | 86.27% Space Free | Partition Type: NTFS Drive D: | 14.21 Gb Total Space | 1.58 Gb Free Space | 11.14% Space Free | Partition Type: NTFS Drive E: | 933.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: ROBNBOBBLASTER | User Name: Marty | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard "{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26588EB8-85EF-09E9-F1D9-52E3EFA94A81}" = AMD Fuel "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit) "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{7B060824-0C1E-90E4-2906-B1F547669EFF}" = ccc-utility64 "{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK "{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}" = ATI Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9 "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Converter "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player "{108953E4-1670-011C-093E-698B6DC3168D}" = CCC Help French "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{132EAFB3-2B2A-A694-0D67-099066554F60}" = CCC Help Polish "{18FC153D-D962-E9E5-47A4-330E829D49B5}" = CCC Help Japanese "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20F13E5A-6E78-9807-4628-57974A1AB862}" = Catalyst Control Center Localization All "{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 30 "{28B8CCF7-7CE3-0F37-6BED-8E9446000141}" = CCC Help Thai "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{30E411BE-C174-405F-9361-27F4CEDE0C19}" = PCmover Professional "{31EEA563-3544-4EA1-8773-BCBF83F9627A}" = HP Software Framework "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{378C743F-06B8-430F-91A0-0EDD06EDD253}" = Nuance PDF Converter 7 "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer "{442A4B2B-1A30-5C0F-753D-13529EBCB22C}" = CCC Help Dutch "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F08C533-EB80-88C5-DA91-CC5EEC7435BA}" = Catalyst Control Center Graphics Previews Common "{546984D4-170B-2C56-1AB8-10F9552935ED}" = CCC Help Czech "{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic "{571D119C-CF96-46C2-BD68-B6FE1439F181}" = Catalyst Control Center - Branding "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5F136FB9-B653-185A-F203-288C43811D58}" = CCC Help Norwegian "{63EE0664-A05E-5F64-0411-FB2011C3E348}" = CCC Help Portuguese "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{70AFA3C0-558B-9099-A573-9703AB3FD67D}" = Catalyst Control Center InstallProxy "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager "{7E76ABF7-A6AD-115D-3B59-59AE0467987B}" = CCC Help Spanish "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80C03F1B-0E02-16E7-59C5-84FC57602C55}" = CCC Help Finnish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84F41469-E24B-7B5A-F949-AD8AD770B438}" = CCC Help Danish "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{879AF6B3-7253-B9A9-1538-BDC9C6B2421B}" = CCC Help Swedish "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AF58048-CE5D-01C7-0134-5F991FDC17EE}" = CCC Help Russian "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio "{93B41F22-14EC-A8D8-B55D-B569E6D415AA}" = CCC Help Chinese Traditional "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A4338C8A-6E6F-5908-69C7-9C768E440EDF}" = CCC Help German "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4D5167D-D18E-F3F8-26AC-13BC439A849E}" = CCC Help Greek "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A755E802-F7F0-F079-69B6-6CA814F66DAE}" = Catalyst Control Center "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B6946BAC-2169-42CC-8E6D-F6FE2EEDB20F}" = HP Documentation "{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager "{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011 "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C1F77753-F64B-BD33-3BC5-4C2A22DCBA67}" = CCC Help Italian "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D867522F-4E43-A5AA-0D24-ADC0C7969555}" = CCC Help Hungarian "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E0612C03-2885-66DC-495C-2D944B448F98}" = CCC Help English "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007 "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch "{EC343B2E-C4CE-0298-B3AD-7C22BAE966A0}" = CCC Help Korean "{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help "{F68DFE6C-43D8-EAD2-D90C-0105A72FA37B}" = CCC Help Chinese Standard "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2 "{FC2FCC30-642D-93BF-B3E9-A82BA300DEF4}" = CCC Help Turkish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "AbiWord2" = AbiWord 2.8.6 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "EasyBits Magic Desktop" = Magic Desktop "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MAME32k" = MAME32k (remove only) "MapleStory" = MapleStory "MSC" = McAfee AntiVirus Plus "PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-bit) "WT087328" = Blackhawk Striker 2 "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087343" = Dora's World Adventure "WT087393" = Mah Jong Medley "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087415" = Wheel of Fortune 2 "WT087536" = Diner Dash 2 Restaurant Rescue "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "WT089453" = Bejeweled 2 Deluxe "WT089454" = Chuzzle Deluxe "WT089455" = Zuma Deluxe "WT089457" = Slingo Supreme "WT089458" = Plants vs. Zombies - Game of the Year "WT089470" = FATE - The Traitor Soul "WT089484" = Namco All-Stars PAC-MAN "WT089496" = Mystery P.I. - Stolen in San Francisco "WT089498" = Bejeweled 3 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/10/2012 8:24:50 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 1/10/2012 10:39:35 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 1/11/2012 3:10:30 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10 Description = Error - 1/11/2012 4:48:46 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 1/11/2012 7:49:41 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10 Description = Error - 1/11/2012 11:02:30 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10 Description = Error - 1/12/2012 12:02:49 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10 Description = Error - 1/12/2012 12:28:52 PM | Computer Name = RobnBobBlaster | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 1/12/2012 4:16:19 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10 Description = Error - 1/12/2012 11:11:06 PM | Computer Name = RobnBobBlaster | Source = WinMgmt | ID = 10 Description = [ HP Connection Manager Events ] Error - 1/9/2012 1:51:47 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:51:47.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:05 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:05.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:07 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:07.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:15 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:15.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:19 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:19.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:25 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:25.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:27 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:27.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:29 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:29.962|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:31 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:31.962|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 1/9/2012 1:52:33 PM | Computer Name = RobnBobBlaster | Source = hpCMSrv | ID = 5 Description = 2012/01/09 10:52:33.963|00001314|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] [ System Events ] Error - 1/30/2012 11:43:46 PM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. Error - 1/30/2012 11:43:46 PM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. Error - 1/31/2012 12:21:21 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. Error - 1/31/2012 12:21:21 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. Error - 1/31/2012 1:33:11 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 1/31/2012 1:33:12 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 1/31/2012 1:33:12 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. Error - 1/31/2012 1:33:12 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 1/31/2012 1:36:05 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. Error - 1/31/2012 1:36:05 AM | Computer Name = RobnBobBlaster | Source = Service Control Manager | ID = 7003 Description = The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. < End of report > That's it for now.

I recently was infected with a nasty windows 7 anti-virus thingy and it was bad. I followed steps to clean it up and it worked for the most part, but my computer is running a bit more slow now so I'm pretty sure I did not get all of it. I have the logs from DDS here: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Marty at 19:49:54 on 2012-01-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7931.6576 [GMT -7:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\atibtmon.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\CyberLink\Shared files\brs.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe uRun: [iSUSPM] -scheduler mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [<NO NAME>] mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe mRun: [Nuance PDF Converter 7-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 7\Ereg\Ereg.ini" mRun: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Open with Nuance PDF Converter 7.0 - C:\Program Files (x86)\Nuance\PDF Converter 7\cnvres_eng.dll /100 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C}\2456C6B696E6E253645473 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{B3A6F8DB-C254-447C-AF58-73515BEF0A3C}\96E6475627E65647A5F4D4249454 : DhcpNameServer = 192.168.0.1 205.171.3.25 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221143854.dll BHO-X64: scriptproxy - No File BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [(Default)] mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Converter 7\RegistryController.exe mRun-x64: [Nuance PDF Converter 7-reminder] "C:\Program Files (x86)\Nuance\PDF Converter 7\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Converter 7\Ereg\Ereg.ini" mRun-x64: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-18 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-25 365568] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-7-5 227384] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-30 2375168] R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2011-7-24 722616] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-25 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-25 208536] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/30 15:38:42;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-7-25 220528] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-30 249936] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-01-16 05:20:26 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-11 05:49:32 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 05:49:31 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 05:49:30 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 05:49:30 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 05:49:26 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 05:49:26 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 05:49:24 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 05:49:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-08 22:47:37 388096 ----a-r- C:\Users\Marty\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-01-08 22:47:35 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-01-07 07:18:12 -------- d-----w- C:\Users\Marty\AppData\Roaming\Malwarebytes 2012-01-07 07:18:03 -------- d-----w- C:\ProgramData\Malwarebytes 2012-01-07 07:17:58 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-01-07 07:17:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware . ==================== Find3M ==================== . 2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 19:51:09.70 =============== and also this: . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/23/2011 9:36:25 PM System Uptime: 1/27/2012 6:15:36 PM (1 hours ago) . Motherboard: Hewlett-Packard | | 164C Processor: AMD Phenom II P960 Quad-Core Processor | Socket S1G4 | 1800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 582 GiB total, 501.807 GiB free. D: is FIXED (NTFS) - 14 GiB total, 1.582 GiB free. E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP40: 12/13/2011 6:58:11 PM - Scheduled Checkpoint RP41: 12/15/2011 7:42:32 AM - Windows Update RP43: 12/27/2011 2:03:27 PM - HPSF Applying updates RP44: 1/5/2012 1:25:04 PM - Scheduled Checkpoint RP45: 1/8/2012 3:46:30 PM - Installed HiJackThis RP46: 1/11/2012 12:13:46 PM - Windows Update RP47: 1/15/2012 10:19:01 PM - Installed Java 6 Update 30 RP48: 1/19/2012 10:00:31 PM - Windows Update . ==== Installed Programs ====================== . AbiWord 2.8.6 Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Photoshop Elements 9 Adobe Photoshop.com Inspiration Browser Adobe Reader X MUI Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Apple Application Support Apple Software Update Ask Toolbar Bejeweled 2 Deluxe Bejeweled 3 Bing Bar Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe CyberLink PowerDVD 10 CyberLink YouCam D3DX10 Diner Dash 2 Restaurant Rescue Dora's World Adventure Elements 9 Organizer Elements STI Installer Energy Star Digital Logo ESU for Microsoft Windows 7 Evernote v. 4.2.2 Farm Frenzy FATE - The Traitor Soul Hewlett-Packard ACLM.NET v1.1.1.0 HiJackThis HP Connection Manager HP Customer Experience Enhancements HP Documentation HP DVB-T TV Tuner 8.0.64.43 HP Games HP MovieStore HP On Screen Display HP Power Manager HP Quick Launch HP Setup HP Setup Manager HP SimplePass 2011 HP Software Framework HP Support Assistant IDT Audio iolo technologies' System Mechanic Java Auto Updater Java 6 Update 30 Junk Mail filter update Magic Desktop Mah Jong Medley Malwarebytes Anti-Malware version 1.60.0.1800 MAME32k (remove only) MapleStory McAfee AntiVirus Plus Mesh Runtime Microsoft Office 2010 Microsoft Office Communicator 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft WSE 3.0 Runtime Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN Nexon Game Manager Nuance PDF Converter 7 Pando Media Booster PCmover Professional Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer QuickTime Ralink RT5390 802.11b/g/n WiFi Adapter Realtek Ethernet Controller Driver Realtek PCIE Card Reader Recovery Manager RoxioNow Player Scansoft PDF Converter Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Slingo Supreme Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life Wheel of Fortune 2 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.01 (32-bit) Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 1/27/2012 7:46:52 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed. 1/27/2012 6:15:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 1/27/2012 6:15:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 1/27/2012 6:15:56 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 1/21/2012 9:15:35 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. . ==== End Of File =========================== I think that's it for now... If I didn't do something right just let me know... Hope you can help.

Hello. Recently while I was around on the internet like always, nothing unusual. After a little while though, a message popped up about some anti-virus program scanning and finding bunches of infected files with trojans. At first I figured it was another trick and I could close it, but alas, it persisted even when closing. I tried looking up the problem and eventually found a site that walked through how to remove it. It worked for a bit and I gained access to files again. I used TDSSkiller and it stated there were no problems. My McAfee firewall won't turn on and windows 7 firewall I assume is turned off. I need help to clean up the mess of this, and it would be very much appreciated. Tell me all the programs I have to download and the logs I must send so we can get rid of this malware once and for all! Thanks.

Hello. Recently while I was around on the internet like always, nothing unusual. After a little while though, a message popped up about some anti-virus program scanning and finding bunches of infected files with trojans. At first I figured it was another trick and I could close it, but alas, it persisted even when closing. I tried looking up the problem and eventually found a site that walked through how to remove it. It worked for a bit and I gained access to files again. I used TDSSkiller and it stated there were no problems. My McAfee firewall won't turn on and windows 7 firewall I assume is turned off. I need help to clean up the mess of this, and it would be very much appreciated. Tell me all the programs I have to download and the logs I must send so we can get rid of this malware once and for all! Thanks.