Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: about:blank search question.


(!)

QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
18-Mar-2011, 03:01 PM #1
about:blank search question.
Like many others in recent years I have been invaded by "about:blank". My question relates to the following:

If I click START and write about:blank in the search area the result appears immediately.
If I then click on the result a blank page appears. Next if I right click on the blank page and select locate source a screen appears titled about:blank - original source. This screen is shown in screen shot ss3.
However, if I right click on the search result and select original source I get transferred to my regular home page.
The whole procedure is repeatable in safe mode except that (of course) I do not get transferred to my regular home page since there is no internet connection.
Now, my question: How come the original search from the START button goes straight to the target (i.e., "about:blank") when no other search device seems to be able to detect it ? I hope that an answer to this question might shed some light on this constant annoyance.
Thankyou for any insight on this.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,314 posts.
 
Join Date: Mar 2001
Location: Bradford, England
18-Mar-2011, 05:00 PM #2
Hiya

Can you post all the logs from this thread, then we'll go from there

http://forums.techguy.org/virus-othe...e-posting.html

Regards

eddie
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
18-Mar-2011, 07:31 PM #3
Thanks for your reponse. I must say I don't see the relevance to my question.
My point is that this item is clearly on my local computer - the search function on the START button can find it - however it does not tell me the location. No other search engine that I have tried even finds this thing even with hidden files exposed, etc..
What I was wondering is whether there is some way to reveal the location.
In case it helps here is my HJT log.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,314 posts.
 
Join Date: Mar 2001
Location: Bradford, England
20-Mar-2011, 01:58 PM #4
I think we're both a little confused here, let me have a re-read at what you initially said.

You type this into Run, and wonder where the Blank page comes from:

about:blank

Well, I get it as well, so its not malware related. This is used by many people to access the web, as it uses hardly any rescources, so if its a slow connection (dialup etc), it will show before it times out if there are any problems.

I use Google, but that's just me


If you go to Control Panel | Internet Options, and look in the General tab, you will see that you can click the option Use Blank for the homepage, which gives you the desired effect when running from Run.

However, in the HijackThis, you can easily see the location.

In your log, this is your homepage:

http://investing.money.msn.com/inves...arket-summary/

And the line you're looking at is this:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://investing.money.msn.com/inves...arket-summary/

When I look at mine (as in with Google) in the Registry, it is in exactly the same place.

So, the actual location doesn't exist in Windows Explorer, but it does in the Registry.

If you've never used the registry, then I wouldn't advise poking around in there. One slip of a delete button, and its goodbye Windows.

Hope that answers some of the questions you were asking

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
20-Mar-2011, 04:46 PM #5
Thanks eddie,
Looks like I don't have much of a problem. I'm still a little puzzled why the blank page is sometimes there when I close down IE. Again, sometimes it has ads on it but not usually.
At least it is encouraging that I seem not to have a major infection.
Cheers.
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,314 posts.
 
Join Date: Mar 2001
Location: Bradford, England
20-Mar-2011, 05:11 PM #6
Oh, didn't realise it was having Ads, as that is not normal

Can you do this for me, as HijackThis is just used as a quick check:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

==================


Also, after doing the above, can you run this:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


eddie
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
20-Mar-2011, 10:15 PM #7
Hi here are the first two pieces of info. the rest soon.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6113

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/20/2011 8:04:44 PM
mbam-log-2011-03-20 (20-04-44).txt

Scan type: Quick scan
Objects scanned: 178703
Time elapsed: 2 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adwa re Away 4.1.0_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/20/2011 at 09:49 PM

Application Version : 4.50.1002

Core Rules Database Version : 6636
Trace Rules Database Version: 4448

Scan type : Complete Scan
Total Scan Time : 01:26:59

Memory items scanned : 556
Memory threats detected : 0
Registry items scanned : 13375
Registry threats detected : 0
File items scanned : 178717
File threats detected : 33

Adware.Tracking Cookie
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@ad.wso d[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@ad.wso d[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@ad.wso d[3].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@ads.bl eepingcomputer[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@ads.pg atour[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@apmebf[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@at.atw ola[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@atdmt[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@atdmt[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@collec tive-media[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@double click[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@double click[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@fastcl ick[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@imrwor ldwide[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@invite media[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@konter a[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@mediap lex[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@msnbc. 112.2o7[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@msnpor tal.112.2o7[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@msnpor tal.112.2o7[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@questi onmarket[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@servin g-sys[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@servin g-sys[3].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@specif icclick[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@tacoda .at.atwola[2].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@traffi cmp[1].txt
C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@tribal fusion[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\system@ad.yieldmanager[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\system@atdmt[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\system@fastclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\system@interclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\system@microsoftwindows.112.2o7[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\system@msnportal.112.2o7[1].txt

HJT Log to follow
Cheers,
Qwester.
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
20-Mar-2011, 11:20 PM #8
Hi Eddie,

HJT Log. OLT coming.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:15:11 PM, on 3/20/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
c:\program files (x86)\real\realplayer\RealPlay.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://investing.money.msn.com/inves...arket-summary/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files (x86)\jZip\WebmailPlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0989.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files (x86)\Systweak\Advanced System Protector\ASP.exe" /autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.h tm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://money.cnn.com
O15 - Trusted Zone: http://www.golfdigest.com
O15 - Trusted Zone: http://www.thegolfchannel.com
O15 - Trusted Zone: http://*.vanguard.com
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcdservice - Phantombility, Inc - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 9175 bytes
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
20-Mar-2011, 11:32 PM #9
Hi Eddie,
Here is the OTL.Txt.

OTL logfile created on: 3/20/2011 11:22:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\drmike\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 194.40 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 2.93 Gb Free Space | 30.03% Space Free | Partition Type: NTFS

Computer Name: DRMIKE-PC | User Name: drmike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/20 23:21:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
PRC - [2010/12/16 22:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/12/04 15:11:15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/11/28 06:33:28 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2011/03/20 23:21:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/08 12:41:06 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/06/13 23:51:47 | 000,316,752 | ---- | M] (Phantombility, Inc) [Auto | Running] -- C:\Program Files\Phantombility\Phantom CD\pcdservice.exe -- (pcdservice)
SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/08/04 20:48:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/11/08 12:43:06 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/06/13 23:25:17 | 000,053,328 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\phmcd.sys -- (phmcd)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/05/05 05:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2006/10/18 14:33:34 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2006/10/18 14:31:18 | 000,403,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2006/10/18 14:30:10 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2006/08/04 20:42:48 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2006/06/19 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2010/08/18 22:30:18 | 000,051,200 | ---- | M] (AdwareAway.com) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Start1Driver.SYS -- (Start1Driver)
DRV - [2010/04/21 08:26:36 | 000,012,800 | ---- | M] (AdwareAway.com) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\DiagnosticScan.SYS -- (DiagnosticScan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://investing.money.msn.com/inves...arket-summary/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/04 15:11:43 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files (x86)\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - File not found
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Advanced System Protector] File not found
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.h tm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.h tm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnn.com ([money] http in Trusted sites)
O15 - HKCU\..Trusted Domains: golfdigest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thegolfchannel.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vanguard.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.238.112.12 68.238.96.12
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13f541f5-cc9d-11df-9c77-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{13f541f5-cc9d-11df-9c77-806e6f6e6963}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{192c00b9-f598-11df-b978-00219b0ec08e}\Shell - "" = AutoRun
O33 - MountPoints2\{192c00b9-f598-11df-b978-00219b0ec08e}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sasnative64) - File not found
O34 - HKLM BootExecute: (Execute settings...) - File not found
O34 - HKLM BootExecute: (ountPoints) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 23:21:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
[2011/03/20 23:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/03/20 23:07:59 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/20 23:06:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\drmike\Desktop\HijackThis.exe
[2011/03/20 20:12:35 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\SUPERAntiSpyware.com
[2011/03/20 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/03/20 20:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/03/20 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/20 20:10:04 | 010,700,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\drmike\Desktop\SUPERAntiSpyware.exe
[2011/03/20 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/20 20:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/20 19:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/20 19:56:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\drmike\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/20 19:14:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\drmike\Desktop\TFC.exe
[2011/03/19 13:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyZooka 2.5
[2011/03/16 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
[2011/03/15 16:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/15 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/15 16:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/03/15 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5}
[2011/03/15 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC}
[2011/03/14 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Systweak
[2011/03/14 11:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2011/03/12 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
[2011/03/12 21:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
[2011/03/12 15:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/12 00:02:05 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\ParetoLogic
[2011/03/12 00:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/03/11 22:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/03/11 22:16:48 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Yahoo!
[2011/03/11 22:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011/03/11 22:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
[2011/03/08 11:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/03/05 18:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/02 19:39:18 | 000,051,200 | ---- | C] (AdwareAway.com) -- C:\Windows\SysWow64\drivers\Start1Driver.SYS
[2011/03/02 19:39:18 | 000,012,800 | ---- | C] (AdwareAway.com) -- C:\Windows\SysWow64\drivers\DiagnosticScan.SYS
[2011/03/02 19:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAway Antimalware
[2011/03/01 20:59:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/03/01 20:59:10 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/03/01 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Local\Sunbelt Software
[2011/03/01 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/03/01 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\PC Unleashed Online
[2011/03/01 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\DriverCure
[2011/03/01 18:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Unleashed Online
[2011/03/01 00:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AA Antimalware
[2011/02/28 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/02/23 15:19:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
[2011/02/23 15:19:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
[2011/02/22 19:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
[2011/02/22 19:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2011/03/20 23:23:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job
[2011/03/20 23:21:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
[2011/03/20 23:09:37 | 000,002,561 | ---- | M] () -- C:\Users\drmike\Desktop\HiJackThis.lnk
[2011/03/20 23:06:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\drmike\Desktop\HijackThis.exe
[2011/03/20 23:06:22 | 001,402,880 | ---- | M] () -- C:\Users\drmike\Desktop\HiJackThis.msi
[2011/03/20 22:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/20 22:27:01 | 000,706,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/20 22:27:01 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/20 22:27:01 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/20 22:24:44 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/03/20 22:22:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/20 22:22:23 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 22:22:22 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/20 22:22:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/20 20:12:12 | 000,001,758 | ---- | M] () -- C:\Users\drmike\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/20 20:10:07 | 010,700,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\drmike\Desktop\SUPERAntiSpyware.exe
[2011/03/20 20:00:03 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/20 19:56:56 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\drmike\Desktop\mbam-setup-1.50.1.1100.exe
[2011/03/20 19:14:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\TFC.exe
[2011/03/19 22:39:57 | 000,000,093 | ---- | M] () -- C:\Users\drmike\Documents\testpiece
[2011/03/18 13:53:14 | 000,317,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/18 13:44:06 | 000,032,829 | ---- | M] () -- C:\ss3.jpg
[2011/03/16 17:39:37 | 000,000,872 | ---- | M] () -- C:\Users\drmike\Desktop\Search Everything.lnk
[2011/03/16 12:54:05 | 000,008,432 | ---- | M] () -- C:\Users\drmike\Documents\Portfolio of Moran Coxon.pfl
[2011/03/15 16:34:07 | 000,001,123 | ---- | M] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/15 16:34:07 | 000,001,099 | ---- | M] () -- C:\Users\drmike\Desktop\Spybot - Search & Destroy.lnk
[2011/03/15 12:20:47 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
[2011/03/12 21:07:15 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/03/12 21:07:15 | 000,001,018 | ---- | M] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/03/12 21:07:15 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/03/11 22:16:37 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/03/11 22:16:37 | 000,000,760 | ---- | M] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/03/08 21:17:17 | 000,002,565 | ---- | M] () -- C:\Users\drmike\Desktop\Microsoft Streets & Trips.lnk
[2011/03/02 19:39:19 | 000,000,920 | ---- | M] () -- C:\Users\drmike\Desktop\AdwareAway Antimalware.lnk
[2011/03/01 20:59:10 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/03/01 18:18:14 | 000,001,754 | ---- | M] () -- C:\Users\drmike\Desktop\Microsoft Security Essentials.lnk
[2011/03/01 18:15:49 | 000,001,179 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/02/26 21:17:41 | 000,000,970 | ---- | M] () -- C:\Users\drmike\Desktop\Windows Media Player.lnk
[2011/02/20 23:02:01 | 000,078,848 | ---- | M] () -- C:\Users\drmike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011/03/20 23:07:59 | 000,002,561 | ---- | C] () -- C:\Users\drmike\Desktop\HiJackThis.lnk
[2011/03/20 23:06:21 | 001,402,880 | ---- | C] () -- C:\Users\drmike\Desktop\HiJackThis.msi
[2011/03/20 20:12:12 | 000,001,758 | ---- | C] () -- C:\Users\drmike\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/20 20:00:03 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/19 22:39:56 | 000,000,093 | ---- | C] () -- C:\Users\drmike\Documents\testpiece
[2011/03/18 14:55:59 | 000,032,829 | ---- | C] () -- C:\ss3.jpg
[2011/03/16 17:39:37 | 000,000,872 | ---- | C] () -- C:\Users\drmike\Desktop\Search Everything.lnk
[2011/03/15 16:34:07 | 000,001,123 | ---- | C] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/15 16:34:07 | 000,001,099 | ---- | C] () -- C:\Users\drmike\Desktop\Spybot - Search & Destroy.lnk
[2011/03/12 21:07:15 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
[2011/03/12 21:07:15 | 000,001,018 | ---- | C] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
[2011/03/12 21:07:15 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2011/03/11 22:16:37 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
[2011/03/11 22:16:37 | 000,000,760 | ---- | C] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/03/03 14:11:59 | 000,000,981 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/03/02 19:39:19 | 000,000,920 | ---- | C] () -- C:\Users\drmike\Desktop\AdwareAway Antimalware.lnk
[2011/02/26 21:17:41 | 000,000,970 | ---- | C] () -- C:\Users\drmike\Desktop\Windows Media Player.lnk
[2011/02/23 15:16:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2011/02/23 15:16:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2011/02/23 15:16:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2011/02/23 15:16:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2011/02/23 15:16:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
[2011/02/23 15:16:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
[2011/02/16 20:11:59 | 000,000,036 | ---- | C] () -- C:\Users\drmike\AppData\Local\housecall.guid.cache
[2011/02/09 17:54:20 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/02/09 17:53:17 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/02/09 17:53:12 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/02/09 17:53:10 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/01/25 17:24:00 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/01 20:07:55 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2010/09/29 19:27:58 | 000,000,290 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/28 22:19:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/05/13 12:48:27 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/13 12:48:26 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010/05/13 12:48:26 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/12/21 16:15:32 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT09.ini
[2009/12/09 18:11:19 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\GBSink.dll
[2009/12/09 18:11:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GBProxy.exe
[2009/12/09 18:11:19 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\GBSinkps.dll
[2009/12/09 18:11:19 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\GBProxyps.dll
[2009/12/09 18:11:18 | 000,442,368 | ---- | C] () -- C:\Windows\SysWow64\GBSinkCli.exe
[2009/12/09 18:11:18 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\JPNRES.dll
[2009/12/09 18:11:18 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\JPNXRES.dll
[2009/05/27 17:22:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/05/27 17:22:03 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/05/27 17:21:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/02/05 15:29:57 | 000,000,045 | ---- | C] () -- C:\Windows\INSTALL.INI
[2008/12/31 19:52:33 | 000,000,057 | ---- | C] () -- C:\Windows\TaxACT08.ini
[2008/10/21 13:59:32 | 000,046,456 | R--- | C] () -- C:\Windows\SysWow64\exitwx.exe
[2008/10/16 21:09:19 | 000,078,848 | ---- | C] () -- C:\Users\drmike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/03 14:17:17 | 000,000,000 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\wklnhst.dat
[2008/10/02 19:03:32 | 000,008,248 | ---- | C] () -- C:\Users\drmike\AppData\Local\en.ini
[2008/10/02 17:28:37 | 000,025,443 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\UserTile.png
[2008/10/02 13:31:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/10/02 12:20:28 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/10/01 14:33:46 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008/09/10 13:57:07 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
[2008/09/10 13:57:07 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
[2008/09/10 13:57:07 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
[2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\userdic.tlx
[2008/02/11 19:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
[2008/02/11 19:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
[2008/02/11 19:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002/06/10 17:34:34 | 001,310,720 | ---- | C] () -- C:\Windows\SysWow64\Veceng52.dll
[2002/06/10 17:29:42 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\arrgrid.dll
[2002/05/21 15:29:58 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\bmw.dll

========== LOP Check ==========

[2010/10/05 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Amazon
[2010/04/14 17:00:15 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Canon
[2011/03/01 18:15:48 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\DriverCure
[2011/03/20 22:23:13 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Dropbox
[2010/12/18 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/16 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\FileZilla
[2010/08/27 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Flipopia
[2010/04/27 10:34:37 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\FreeFLVConverter
[2008/10/08 16:35:57 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\GetRightToGo
[2010/08/20 22:20:45 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Global Graphics
[2008/10/06 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\ICAClient
[2009/07/13 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\IMSIDesign
[2010/08/20 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\jaws
[2009/05/28 12:45:06 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\JGsoft
[2010/02/02 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\KompoZer
[2010/08/27 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\LimeWire
[2010/12/27 17:20:11 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\MP3Rocket
[2011/03/12 00:02:05 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\ParetoLogic
[2011/03/01 18:15:48 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\PC Unleashed Online
[2009/01/10 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\PeerNetworking
[2010/12/14 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\PrimoPDF
[2008/11/20 13:20:39 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Quicken WillMaker
[2008/10/06 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Runaware
[2008/10/02 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\ScanSoft
[2010/07/14 12:47:52 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Scilab
[2011/03/15 18:48:51 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Systweak
[2008/10/03 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Template
[2010/09/08 14:53:47 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Uniblue
[2011/03/20 22:21:33 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/20 23:23:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 760 bytes -> C:\Users\drmike\Documents\Another Snow Day !!!.eml:OECustomProperty

< End of report >
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
20-Mar-2011, 11:36 PM #10
Hi, here is the Extras.Txt.

OTL Extras logfile created on: 3/20/2011 11:22:33 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\drmike\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 194.40 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 2.93 Gb Free Space | 30.03% Space Free | Partition Type: NTFS

Computer Name: DRMIKE-PC | User Name: drmike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 75 3F BC 9A 13 DF C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4071100956-2886188598-2641863946-1000]
"EnableNotificationsRef" = 2
"EnableNotifications" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0768561F-9335-4F29-9025-99A3166ED5D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{1116796F-8952-4342-8840-5B757531BFC8}" = lport=138 | protocol=17 | dir=in | app=system |
"{1FD1E1D9-66C9-4764-A722-930185E1F5F3}" = lport=445 | protocol=6 | dir=in | app=system |
"{28F6576B-1A4F-4B65-BFFB-A356D101E2E7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D0149BD-8A79-4654-BA6F-E32788E8E55F}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DDEDF27-2341-4208-8EFB-5C675F1DEBA5}" = rport=138 | protocol=17 | dir=out | app=system |
"{4E931F15-FBAD-4B61-8DC6-95D7D102CAA9}" = rport=445 | protocol=6 | dir=out | app=system |
"{4F490971-3720-4CBA-B948-10A516020E6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9712D47C-60B3-4AEF-A0AF-9DAB73625097}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B3B627D-B133-4F9F-B5CC-A2B5E695BE69}" = rport=139 | protocol=6 | dir=out | app=system |
"{A677A848-6F31-4A94-B52D-E0985FC4417F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DCB41A8D-7398-4B33-AFCF-DB3999A47104}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{060B3502-135C-4CB1-BFC9-D2363152FD68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{098063F7-BFFC-4C99-ACA0-495413780DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0EC9A9EB-9D16-42B7-97B0-940F124121DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{126DEB6B-E1FE-480D-BD42-23FBD393014A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2A02882A-8E92-490B-B62E-1410AD94792E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3217EDBD-B741-4A2E-935D-E49DBB3E2AED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{798D27DC-BC45-42E2-AB27-12C112743A18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9FBA6551-E258-4C19-A169-22CBEA2CA28C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF0F165E-788B-433F-901B-50780DD33C93}" = protocol=6 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
"{C0C13586-78B6-47EE-9329-15A3D16D624C}" = protocol=17 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
"{CA235978-823D-4088-A181-93B2EC3FCED3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{31827B4A-DEFB-4EBF-B8DB-44B35E588D93}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{4C385E52-55A6-4C4E-B18A-AE0DB0505080}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{5A2ED0F6-FBDE-4612-AFEE-DDAD3D184ACD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{85E0493E-34A4-4401-8585-AFD488393E15}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C2BB32E5-5342-4452-8922-3EAC356074E5}C:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E49031EC-C238-4213-AC50-AB5C38391BE6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{24E652D4-0352-47E3-96FB-F967B5A91526}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{3BAB0DC3-ED13-4984-8714-7B947F6E8917}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{A9139A8A-22CB-4ED2-BC7A-AD9E363DADCE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{B7CE9C26-891A-4451-9E51-8B5EEBC50E43}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{CB1AF0B2-A868-48D8-B93D-9A82396E9796}C:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{EDB23DC6-1B70-4539-AA91-9B3C3AEDC1A9}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostic Tool
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6FD23F0-1047-4088-94BF-B137D4D17CD8}" = WD SmartWare
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F31E3C75-A273-419A-8BEB-58835F28BD47}" = Initio USB Default Controller Driver 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"CanonMyPrinter" = Canon My Printer
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"Phantom CD" = Phantom CD

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A840A61-17C8-45A3-AE8F-210C39676C20}" = IE Download Helper
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{142492FC-7686-4B29-8E23-8C738FFCCB01}" = Microsoft Streets and Trips
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EA9F5CC-BD77-48FC-A9AF-E71646F2E55B}" = TurboCAD Deluxe 14
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29391B62-5DC8-4EAC-8ED7-7DDD5CFEFCAD}" = cladDVD.NET v3.5.7
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7C7D6EC8-F8CC-4B13-AF27-0A9D51EE4E40}" = MSN Toolbar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A67539A1-0696-498F-832E-ACEA50886C80}" = GB Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{CCEC791F-A948-4330-B16E-78939F10F793}" = CADSymbols 2.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E75594A0-B088-4635-B4F6-99654B5DDF96}" = V1 Home 2.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cool FLV To MPEG Converter_is1" = Cool FLV To MPEG Converter 1.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Everything" = Everything 1.2.1.371
"Excel 2007 Power Programming with VBA" = Excel 2007 Power Programming with VBA
"Executor's Guide" = Executor's Guide
"Family Tree Maker 2009" = Family Tree Maker 2009
"FileZilla Client" = FileZilla Client 3.3.1
"Free Convert MPEG WMV to MP4 FLV AVI Converter_is1" = Free Convert MPEG WMV to MP4 FLV AVI Converter 5.8
"Free YouTube Download_is1" = Free YouTube Download version 2.10.29
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}" = V1 Home 2.0
"jZip" = jZip
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Living Trust Forms" = Living Trust Forms
"Living Trusts Simplified" = Living Trusts Simplified
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"Personal Historian_is1" = Personal Historian 1.3.0.38
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"RealPlayer 12.0" = RealPlayer
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"TaxACT 2008" = TaxACT 2008
"TaxACT 2009" = TaxACT 2009
"TaxACT 2010" = TaxACT 2010
"The Unzip Wizard" = The Unzip Wizard
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Verizon Yahoo! Internet Mail
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Dropbox" = Dropbox
"pdfsam" = pdfsam

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/16/2010 5:24:32 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/16/2010 8:20:50 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/17/2010 10:07:26 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/18/2010 11:48:31 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2010 10:23:07 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2010 7:48:25 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2010 10:38:22 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/21/2010 11:13:39 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2010 10:43:52 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2010 4:19:18 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 6/9/2009 12:51:34 PM | Computer Name = drmike-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/11/2009 6:37:43 PM | Computer Name = drmike-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/21/2009 5:26:24 PM | Computer Name = drmike-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/21/2008 12:55:52 PM | Computer Name = drmike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 633
seconds with 420 seconds of active time. This session ended with a crash.

Error - 5/11/2009 6:11:23 PM | Computer Name = drmike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 583
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/20/2011 6:55:00 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/20/2011 6:56:35 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/20/2011 7:15:15 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 3/20/2011 7:18:55 PM | Computer Name = drmike-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Start1Driver.SYS has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/20/2011 7:20:45 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/20/2011 7:41:35 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/20/2011 9:51:46 PM | Computer Name = drmike-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Start1Driver.SYS has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/20/2011 9:53:35 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/20/2011 10:22:08 PM | Computer Name = drmike-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Start1Driver.SYS has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 3/20/2011 10:23:56 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Hope this all means a good report !!
Regardless, please accept my sincere thanks for the time you are putting in to assist me - it is VERY MUCH Appreciated.
Cheers,
Qwester.
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
21-Mar-2011, 11:51 AM #11
Hi Eddie,
Browsing this morning & when I closed down there was the blank page again !!
Thought you ought to know.
Qwester
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,314 posts.
 
Join Date: Mar 2001
Location: Bradford, England
21-Mar-2011, 07:49 PM #12
Okay, there are a few things that are malware related, so lets do this next:

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
21-Mar-2011, 10:50 PM #13
Hello, Hope I got this right !

ComboFix 11-03-21.01 - drmike 03/21/2011 22:35:01.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2577 [GMT -4:00]
Running from: c:\users\drmike\Desktop\username123.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\service
c:\windows\SysWow64\Drivers\DiagnosticScan.SYS
c:\windows\SysWow64\Drivers\Start1Driver.SYS
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 02:40 . 2011-03-22 02:40 -------- d-----w- c:\users\MARY\AppData\Local\temp
2011-03-22 02:40 . 2011-03-22 02:40 -------- d-----w- c:\users\drmike\AppData\Local\temp
2011-03-22 02:40 . 2011-03-22 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-22 02:31 . 2011-03-22 02:32 -------- d-----w- C:\32788R22FWJFW
2011-03-22 01:14 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09E4930A-7A3C-4A34-A7D5-DE483C01F80C}\mpengine.dll
2011-03-21 03:08 . 2011-03-21 03:08 388096 ----a-r- c:\users\drmike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-21 03:07 . 2011-03-21 03:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-21 00:12 . 2011-03-21 00:12 -------- d-----w- c:\users\drmike\AppData\Roaming\SUPERAntiSpyware.com
2011-03-21 00:12 . 2011-03-21 00:12 -------- d-----w- c:\programdata\!SASCORE
2011-03-21 00:12 . 2011-03-21 00:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-21 00:00 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-20 23:59 . 2011-03-21 00:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-16 21:39 . 2011-03-20 22:52 -------- d-----w- c:\program files (x86)\Everything
2011-03-15 20:33 . 2011-03-20 22:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-15 20:33 . 2011-03-20 22:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5}
2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC}
2011-03-14 15:54 . 2011-03-15 22:48 -------- d-----w- c:\users\drmike\AppData\Roaming\Systweak
2011-03-14 15:54 . 2011-03-15 22:48 -------- d-----w- c:\programdata\Systweak
2011-03-13 01:07 . 2011-03-20 22:52 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner
2011-03-12 19:51 . 2011-03-12 19:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 19:28 . 2011-03-12 19:27 608448 ----a-w- c:\windows\system32\comctl32.ocx
2011-03-12 04:02 . 2011-03-12 04:02 -------- d-----w- c:\users\drmike\AppData\Roaming\ParetoLogic
2011-03-12 04:01 . 2011-03-12 04:28 -------- d-----w- c:\programdata\ParetoLogic
2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\programdata\Yahoo! Companion
2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\users\drmike\AppData\Roaming\Yahoo!
2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\program files (x86)\jZip
2011-03-09 22:34 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 22:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 22:34 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 22:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 22:34 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 22:34 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 22:34 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 22:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 22:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 22:33 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 22:33 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 22:33 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-02 00:59 . 2011-03-02 19:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-02 00:59 . 2011-03-02 00:59 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 00:58 . 2011-03-02 00:58 -------- d-----w- c:\users\drmike\AppData\Local\Sunbelt Software
2011-03-02 00:56 . 2011-03-02 19:55 -------- d-----w- c:\programdata\Lavasoft
2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\PC Unleashed Online
2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\DriverCure
2011-03-01 22:15 . 2011-03-01 22:21 -------- d-----w- c:\programdata\PC Unleashed Online
2011-02-28 19:36 . 2011-02-28 19:52 -------- d-----w- c:\program files\Perfect Uninstaller
2011-02-23 19:17 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-02-23 19:17 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 19:17 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 19:17 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2011-02-23 19:17 . 2009-10-09 21:36 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-23 19:17 . 2009-10-09 21:56 41472 ----a-w- c:\windows\SysWow64\pwrshplugin.dll
2011-02-23 19:17 . 2009-10-09 21:35 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-23 19:17 . 2009-10-09 21:35 24064 ----a-w- c:\windows\system32\winrshost.exe
2011-02-23 19:17 . 2009-10-09 21:35 51200 ----a-w- c:\windows\system32\winrs.exe
2011-02-22 23:38 . 2011-03-01 15:32 -------- d-----w- c:\program files (x86)\ConduitEngine
2011-02-22 23:30 . 2011-02-22 23:30 -------- d-----w- c:\programdata\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 19:50 . 2010-05-23 18:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-08 18:59 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-11 07:30 . 2010-09-06 20:02 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-07 08:33 . 2009-05-28 16:23 67312 ----a-w- c:\windows\UnDeployV.exe
2011-02-02 22:11 . 2009-11-11 22:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 18:19 . 2011-01-26 18:20 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0432E7CA-C223-4C52-86B4-C27A2E22E833}\gapaengine.dll
2011-01-20 16:46 . 2011-02-09 16:59 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-09 16:59 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-09 16:59 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-09 16:59 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-09 16:59 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-09 16:59 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-09 16:59 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-09 16:59 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-09 16:59 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-09 16:59 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-09 16:59 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-09 16:59 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-09 16:59 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-09 16:59 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-09 16:59 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 16:59 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 16:59 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-09 16:59 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 16:59 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-09 16:59 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-09 16:59 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-09 16:59 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-09 16:59 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:39 . 2011-02-18 00:59 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{585344A1-E443-4366-86D8-56A479C11623}\mpengine.dll
2011-01-20 15:01 . 2011-02-09 16:59 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-09 16:59 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-09 16:59 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-09 16:59 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-09 16:59 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:57 . 2011-02-09 16:59 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-09 16:59 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-09 16:59 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-09 16:59 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-09 16:59 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-09 16:59 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-09 16:59 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-09 16:59 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-09 16:59 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 16:59 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-09 16:59 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 16:59 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-09 16:59 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 16:59 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 16:59 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 16:59 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 16:59 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 16:59 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 16:59 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-09 16:59 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 14:02 . 2011-02-09 16:59 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 14:02 . 2011-02-09 16:59 1147904 ----a-w- c:\windows\system32\FntCache.dll
2011-01-20 13:47 . 2011-02-09 16:59 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-20 13:44 . 2011-02-09 16:59 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-01-13 10:20 . 2011-01-25 21:23 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-08 09:03 . 2011-02-09 16:57 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-09 16:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-09 16:57 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-09 16:57 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 14:16 . 2011-02-09 16:59 2757632 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 16:08 . 2011-01-12 21:50 466944 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-12 21:50 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-04 274608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-9-10 50688]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R0 DiagnosticScan;DiagnosticScan Driver; [x]
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
R1 Start1Driver;Adware Away Driver; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 135664]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0 400.exe [2010-03-18 1020768]
S0 phmcd;phmcd;c:\windows\system32\DRIVERS\phmcd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 pcdservice;pcdservice;c:\program files\Phantombility\Phantom CD\pcdservice.exe [2010-06-14 316752]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 485376]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-21 19:09]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
.
2011-03-22 c:\windows\Tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.h tm
Trusted Zone: cnn.com\money
Trusted Zone: golfdigest.com\www
Trusted Zone: thegolfchannel.com\www
Trusted Zone: vanguard.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Advanced System Protector - c:\program files (x86)\Systweak\Advanced System Protector\ASP.exe
ShellExecuteHooks-{D468BCE5-D18E-49A4-8EA7-34BD583659D5} - c:\progra~2\SpyZooka\spyguard.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-HijackThis - a:\trend micro\HijackThis\HijackThis.exe
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
AddRemove-Adobe Acrobat Connect Add-in - c:\users\drmike\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\connec...nnectaddin.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-21 22:42:06
ComboFix-quarantined-files.txt 2011-03-22 02:42
.
Pre-Run: 207,404,351,488 bytes free
Post-Run: 207,325,040,640 bytes free
.
- - End Of File - - CE09F9DFE0E76D91A96F1B789244F9B9
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,314 posts.
 
Join Date: Mar 2001
Location: Bradford, England
23-Mar-2011, 04:32 PM #14
Yes you did

P2P Warning!
  • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire

    Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
    Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Please read these short reports on the dangers of peer-2-peer programs and file sharing.

    I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

    If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.


--------

With that out of the way, onto the next part..

=========

Uninstall these programs because they're not needed or are outdated or are dangerous to use.
If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later

Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

Reading these links might also put you off such progs:

http://miekiemoes.blogspot.com/2008/...eaking_13.html

http://www.edbott.com/weblog/?p=643


Systweak
Wise Registry Cleaner
AdwareAway
SpyZooka
TranslatorBar 1 Toolbar
ConduitEngine


==========

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


eddie
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
QWESTER's Avatar
QWESTER QWESTER is offline
Member with 35 posts.
THREAD STARTER
 
Join Date: May 2002
23-Mar-2011, 08:09 PM #15
Hi Eddie,

I have removed files as requested. I was unaware of the P2P file (mystery to me !) but your point is well taken.
Thanks again for your work. Here is the ComboFix Log.
Cheers,
Qwester.

ComboFix 11-03-21.01 - drmike 03/23/2011 19:37:59.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2419 [GMT -4:00]
Running from: c:\users\drmike\Desktop\username123.exe
Command switches used :: c:\users\drmike\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Systweak
c:\users\drmike\AppData\Local\Temp\SAS3643.tmp
c:\users\drmike\AppData\Roaming\Systweak
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 23:43 . 2011-03-23 23:43 -------- d-----w- c:\users\MARY\AppData\Local\temp
2011-03-23 23:43 . 2011-03-23 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-23 12:32 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7586B5-E440-4817-A134-DF262D71EC6B}\mpengine.dll
2011-03-23 12:31 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-23 12:31 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-23 12:31 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-03-23 12:31 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-03-23 12:31 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-03-23 00:23 . 2011-03-23 00:23 -------- d-----w- c:\program files\Western Digital
2011-03-22 02:42 . 2011-03-23 23:43 -------- d-----w- c:\users\drmike\AppData\Local\temp
2011-03-21 03:08 . 2011-03-21 03:08 388096 ----a-r- c:\users\drmike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-21 03:07 . 2011-03-21 03:07 -------- d-----w- c:\program files (x86)\Trend Micro
2011-03-15 20:33 . 2011-03-20 22:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5}
2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC}
2011-03-12 19:51 . 2011-03-12 19:51 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-12 19:28 . 2011-03-12 19:27 608448 ----a-w- c:\windows\system32\comctl32.ocx
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-03-12 04:02 . 2011-03-12 04:02 -------- d-----w- c:\users\drmike\AppData\Roaming\ParetoLogic
2011-03-12 04:01 . 2011-03-12 04:28 -------- d-----w- c:\programdata\ParetoLogic
2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\programdata\Yahoo! Companion
2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\users\drmike\AppData\Roaming\Yahoo!
2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\program files (x86)\jZip
2011-03-09 22:34 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 22:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 22:34 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 22:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 22:34 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 22:34 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 22:34 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 22:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 22:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 22:33 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 22:33 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 22:33 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-02 00:59 . 2011-03-02 19:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-02 00:59 . 2011-03-02 00:59 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-02 00:58 . 2011-03-02 00:58 -------- d-----w- c:\users\drmike\AppData\Local\Sunbelt Software
2011-03-02 00:56 . 2011-03-02 19:55 -------- d-----w- c:\programdata\Lavasoft
2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\PC Unleashed Online
2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\DriverCure
2011-03-01 22:15 . 2011-03-01 22:21 -------- d-----w- c:\programdata\PC Unleashed Online
2011-02-28 19:36 . 2011-02-28 19:52 -------- d-----w- c:\program files\Perfect Uninstaller
2011-02-23 19:17 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
2011-02-23 19:17 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 19:17 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-23 19:17 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
2011-02-23 19:17 . 2009-10-09 21:36 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-02-23 19:17 . 2009-10-09 21:56 41472 ----a-w- c:\windows\SysWow64\pwrshplugin.dll
2011-02-23 19:17 . 2009-10-09 21:35 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-23 19:17 . 2009-10-09 21:35 24064 ----a-w- c:\windows\system32\winrshost.exe
2011-02-23 19:17 . 2009-10-09 21:35 51200 ----a-w- c:\windows\system32\winrs.exe
2011-02-22 23:30 . 2011-02-22 23:30 -------- d-----w- c:\programdata\McAfee
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 19:50 . 2010-05-23 18:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-08 18:59 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-16 20:53 . 2011-02-16 20:53 14464 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
2011-02-11 07:30 . 2010-09-06 20:02 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-07 08:33 . 2009-05-28 16:23 67312 ----a-w- c:\windows\UnDeployV.exe
2011-02-02 22:11 . 2009-11-11 22:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 18:19 . 2011-01-26 18:20 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0432E7CA-C223-4C52-86B4-C27A2E22E833}\gapaengine.dll
2011-01-20 16:46 . 2011-02-09 16:59 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-09 16:59 366592 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-09 16:59 625152 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-09 16:59 287232 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-09 16:59 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-09 16:59 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-09 16:59 1268224 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-09 16:59 748544 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-09 16:59 47104 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-09 16:59 3548672 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-09 16:59 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-09 16:59 278528 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-09 16:59 195072 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-09 16:59 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-09 16:59 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 16:59 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 16:59 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-09 16:59 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 16:59 258048 ----a-w- c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-09 16:59 586240 ----a-w- c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-09 16:59 2873344 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-09 16:59 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-09 16:59 98816 ----a-w- c:\windows\SysWow64\mfps.dll
2011-01-20 15:39 . 2011-02-18 00:59 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{585344A1-E443-4366-86D8-56A479C11623}\mpengine.dll
2011-01-20 15:01 . 2011-02-09 16:59 3068416 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-09 16:59 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-09 16:59 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-09 16:59 1461760 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-09 16:59 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-09 16:59 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-09 16:59 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-09 16:59 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-09 16:59 34304 ----a-w- c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-09 16:59 377344 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-09 16:59 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-09 16:59 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-09 16:59 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 16:59 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-09 16:59 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 16:59 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 16:59 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 16:59 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 16:59 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 16:59 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 16:59 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 16:59 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-09 16:59 834048 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-09 16:59 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-01-13 10:20 . 2011-01-25 21:23 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-08 09:03 . 2011-02-09 16:57 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-09 16:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-09 16:57 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-09 16:57 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 14:16 . 2011-02-09 16:59 2757632 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 16:08 . 2011-01-12 21:50 466944 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 15:55 . 2011-01-12 21:50 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files (x86)\Everything ----
.
.
---- Directory of c:\users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC} ----
.
.
---- Directory of c:\users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_02.40.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-03-23 12:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2008-01-21 03:20 . 2011-03-22 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2011-03-22 01:01 . 2011-03-23 12:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2011-03-22 01:01 . 2011-03-22 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-03-22 01:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-03-23 12:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-03-23 17:46 67772 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-03-23 17:47 85094 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 15:19 . 2011-03-23 17:47 24406 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4071100956-2886188598-2641863946-1000_UserData.bin
+ 2011-02-16 20:53 . 2011-02-16 20:53 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_9ed7f3a4\wdcsam64 .sys
+ 2008-10-01 14:08 . 2011-03-23 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2008-10-01 14:08 . 2011-03-21 22:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2008-10-01 14:08 . 2011-03-23 23:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2008-10-01 14:08 . 2011-03-21 22:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2008-10-01 14:08 . 2011-03-21 22:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2008-10-01 14:08 . 2011-03-23 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-05-05 16:44 . 2011-03-22 22:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
- 2009-05-05 16:44 . 2011-03-06 03:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2009-05-05 16:44 . 2011-03-22 22:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2009-05-05 16:44 . 2011-03-06 03:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
- 2009-05-05 16:44 . 2011-03-06 03:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
+ 2009-05-05 16:44 . 2011-03-22 22:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2008-10-01 15:34 . 2011-03-12 02:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2008-10-01 15:34 . 2011-03-22 22:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2008-10-01 15:34 . 2011-03-22 22:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
- 2008-10-01 15:34 . 2011-03-12 02:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2006-11-02 12:40 . 2011-03-23 00:24 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2010-12-27 20:59 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2010-12-27 20:59 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 12:40 . 2011-03-23 00:24 51200 c:\windows\inf\infpub.dat
+ 2011-03-23 17:45 . 2011-03-23 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-22 02:08 . 2011-03-22 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-22 02:08 . 2011-03-22 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-23 17:45 . 2011-03-23 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-09 21:53 . 2010-03-15 10:31 165376 c:\windows\SysWOW64\unrar.dll
+ 2008-10-01 20:01 . 2011-03-23 22:28 353354 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-03-22 02:14 606364 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-03-23 17:51 606364 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-03-22 02:14 104964 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-03-23 17:51 104964 c:\windows\system32\perfc009.dat
+ 2009-04-29 17:58 . 2011-03-22 21:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
- 2009-04-29 17:58 . 2011-03-20 01:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2011-02-09 02:46 . 2011-03-23 16:01 296272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-09 02:46 . 2011-03-22 02:08 296272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-23 00:24 . 2011-03-23 00:24 410598 c:\windows\Installer\{07179D37-D5FE-4373-90D9-A25B992EFB3E}\WDSmartWare.exe
+ 2006-11-02 12:40 . 2011-03-23 00:24 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2010-12-27 20:59 143360 c:\windows\inf\infstrng.dat
- 2010-01-20 02:54 . 2011-03-22 02:08 2248696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-01-20 02:54 . 2011-03-23 00:54 2248696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-23 00:24 . 2011-03-23 00:24 1795584 c:\windows\Installer\3d371d.msi
+ 2006-11-02 12:33 . 2011-03-23 15:47 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2006-11-02 12:33 . 2011-03-10 00:21 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-03-13 01:02 . 2011-03-13 01:02 15139328 c:\windows\Installer\5b4011.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\ex plorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-04 274608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-9-10 50688]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\ex plorer\ShellExecuteHooks]
"{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~2\SpyZooka\spyguard.dll" [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R0 DiagnosticScan;DiagnosticScan Driver; [x]
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 135664]
R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S0 phmcd;phmcd;c:\windows\system32\DRIVERS\phmcd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 pcdservice;pcdservice;c:\program files\Phantombility\Phantom CD\pcdservice.exe [2010-06-14 316752]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-21 19:09]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
.
2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.h tm
Trusted Zone: cnn.com\money
Trusted Zone: golfdigest.com\www
Trusted Zone: thegolfchannel.com\www
Trusted Zone: vanguard.com
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_Ac tiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00, 59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, \
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-23 19:45:48
ComboFix-quarantined-files.txt 2011-03-23 23:45
.
Pre-Run: 202,590,101,504 bytes free
Post-Run: 202,589,851,648 bytes free
.
- - End Of File - - 987F8DDBA3EDB4C3C3094273940580B2
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑