1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

about:blank search question.

Discussion in 'Virus & Other Malware Removal' started by QWESTER, Mar 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Like many others in recent years I have been invaded by "about:blank". My question relates to the following:

    If I click START and write about:blank in the search area the result appears immediately.
    If I then click on the result a blank page appears. Next if I right click on the blank page and select locate source a screen appears titled about:blank - original source. This screen is shown in screen shot ss3.
    However, if I right click on the search result and select original source I get transferred to my regular home page.
    The whole procedure is repeatable in safe mode except that (of course) I do not get transferred to my regular home page since there is no internet connection.
    Now, my question: How come the original search from the START button goes straight to the target (i.e., "about:blank") when no other search device seems to be able to detect it ? I hope that an answer to this question might shed some light on this constant annoyance.
    Thankyou for any insight on this.
     

    Attached Files:

    • ss3.jpg
      ss3.jpg
      File size:
      32.1 KB
      Views:
      26
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
  3. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Thanks for your reponse. I must say I don't see the relevance to my question.
    My point is that this item is clearly on my local computer - the search function on the START button can find it - however it does not tell me the location. No other search engine that I have tried even finds this thing even with hidden files exposed, etc..
    What I was wondering is whether there is some way to reveal the location.
    In case it helps here is my HJT log.
     

    Attached Files:

  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    I think we're both a little confused here, let me have a re-read at what you initially said.

    You type this into Run, and wonder where the Blank page comes from:

    about:blank

    Well, I get it as well, so its not malware related. This is used by many people to access the web, as it uses hardly any rescources, so if its a slow connection (dialup etc), it will show before it times out if there are any problems.

    I use Google, but that's just me ;)


    If you go to Control Panel | Internet Options, and look in the General tab, you will see that you can click the option Use Blank for the homepage, which gives you the desired effect when running from Run.

    However, in the HijackThis, you can easily see the location.

    In your log, this is your homepage:

    http://investing.money.msn.com/investments/market-summary/

    And the line you're looking at is this:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://investing.money.msn.com/investments/market-summary/

    When I look at mine (as in with Google) in the Registry, it is in exactly the same place.

    So, the actual location doesn't exist in Windows Explorer, but it does in the Registry.

    If you've never used the registry, then I wouldn't advise poking around in there. One slip of a delete button, and its goodbye Windows.

    Hope that answers some of the questions you were asking :)

    eddie
     
  5. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Thanks eddie,
    Looks like I don't have much of a problem. I'm still a little puzzled why the blank page is sometimes there when I close down IE. Again, sometimes it has ads on it but not usually.
    At least it is encouraging that I seem not to have a major infection.
    Cheers.
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Oh, didn't realise it was having Ads, as that is not normal :(

    Can you do this for me, as HijackThis is just used as a quick check:

    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Please include the MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log in your next reply

    ==================


    Also, after doing the above, can you run this:

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


    eddie
     
  7. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hi here are the first two pieces of info. the rest soon.

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6113

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    3/20/2011 8:04:44 PM
    mbam-log-2011-03-20 (20-04-44).txt

    Scan type: Quick scan
    Objects scanned: 178703
    Time elapsed: 2 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adware Away 4.1.0_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/20/2011 at 09:49 PM

    Application Version : 4.50.1002

    Core Rules Database Version : 6636
    Trace Rules Database Version: 4448

    Scan type : Complete Scan
    Total Scan Time : 01:26:59

    Memory items scanned : 556
    Memory threats detected : 0
    Registry items scanned : 13375
    Registry threats detected : 0
    File items scanned : 178717
    File threats detected : 33

    Adware.Tracking Cookie
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@apmebf[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@atdmt[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@atdmt[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@collective-media[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@doubleclick[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@doubleclick[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@fastclick[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@imrworldwide[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@invitemedia[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@kontera[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@mediaplex[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@questionmarket[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@serving-sys[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@serving-sys[3].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@specificclick[2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@trafficmp[1].txt
    C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Cookies\Low\drmike@tribalfusion[1].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

    HJT Log to follow
    Cheers,
    Qwester.
     
  8. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hi Eddie,

    HJT Log. OLT coming.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:15:11 PM, on 3/20/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19019)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Digital Line Detect\DLG.exe
    C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    c:\program files (x86)\real\realplayer\RealPlay.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://investing.money.msn.com/investments/market-summary/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files (x86)\jZip\WebmailPlugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0989.0\msneshellx.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Advanced System Protector] "C:\Program Files (x86)\Systweak\Advanced System Protector\ASP.exe" /autorun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Dropbox.lnk = C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
    O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube Download - C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted Zone: http://money.cnn.com
    O15 - Trusted Zone: http://www.golfdigest.com
    O15 - Trusted Zone: http://www.thegolfchannel.com
    O15 - Trusted Zone: http://*.vanguard.com
    O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (file missing)
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: pcdservice - Phantombility, Inc - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 9175 bytes
     
  9. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hi Eddie,
    Here is the OTL.Txt.

    OTL logfile created on: 3/20/2011 11:22:33 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\drmike\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.29 Gb Total Space | 194.40 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 2.93 Gb Free Space | 30.03% Space Free | Partition Type: NTFS

    Computer Name: DRMIKE-PC | User Name: drmike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/20 23:21:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
    PRC - [2010/12/16 22:24:30 | 023,343,848 | ---- | M] (Dropbox, Inc.) -- C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2010/12/04 15:11:15 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
    PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2007/11/28 06:33:28 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
    PRC - [2007/02/04 12:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/20 23:21:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
    MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/11/11 15:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2010/11/11 15:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/11/08 12:41:06 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/06/13 23:51:47 | 000,316,752 | ---- | M] (Phantombility, Inc) [Auto | Running] -- C:\Program Files\Phantombility\Phantom CD\pcdservice.exe -- (pcdservice)
    SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/08/04 20:48:30 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
    SRV - [2010/11/08 12:43:34 | 001,060,352 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
    SRV - [2010/11/08 12:43:06 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/10/24 22:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2010/06/13 23:25:17 | 000,053,328 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\phmcd.sys -- (phmcd)
    DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/02/13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2008/05/05 05:31:38 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
    DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2006/10/18 14:33:34 | 001,513,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
    DRV:64bit: - [2006/10/18 14:31:18 | 000,403,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
    DRV:64bit: - [2006/10/18 14:30:10 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
    DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2006/08/04 20:42:48 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
    DRV:64bit: - [2006/06/19 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
    DRV - [2010/08/18 22:30:18 | 000,051,200 | ---- | M] (AdwareAway.com) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\Start1Driver.SYS -- (Start1Driver)
    DRV - [2010/04/21 08:26:36 | 000,012,800 | ---- | M] (AdwareAway.com) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\DiagnosticScan.SYS -- (DiagnosticScan)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://investing.money.msn.com/investments/market-summary/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/04 15:11:43 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files (x86)\jZip\WebmailPlugin.dll (Discordia Limited)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0989.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (TranslatorBar 1 Toolbar) - {00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - File not found
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Advanced System Protector] File not found
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O8 - Extra context menu item: Free YouTube Download - C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: cnn.com ([money] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: golfdigest.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: thegolfchannel.com ([www] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: vanguard.com ([]http in Trusted sites)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.238.112.12 68.238.96.12
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {D468BCE5-D18E-49A4-8EA7-34BD583659D5} - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{13f541f5-cc9d-11df-9c77-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{13f541f5-cc9d-11df-9c77-806e6f6e6963}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
    O33 - MountPoints2\{192c00b9-f598-11df-b978-00219b0ec08e}\Shell - "" = AutoRun
    O33 - MountPoints2\{192c00b9-f598-11df-b978-00219b0ec08e}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (sasnative64) - File not found
    O34 - HKLM BootExecute: (Execute settings...) - File not found
    O34 - HKLM BootExecute: (ountPoints) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/20 23:21:16 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
    [2011/03/20 23:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2011/03/20 23:07:59 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2011/03/20 23:06:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\drmike\Desktop\HijackThis.exe
    [2011/03/20 20:12:35 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\SUPERAntiSpyware.com
    [2011/03/20 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/03/20 20:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/03/20 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/03/20 20:10:04 | 010,700,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\drmike\Desktop\SUPERAntiSpyware.exe
    [2011/03/20 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/20 20:00:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/03/20 19:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/03/20 19:56:55 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\drmike\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/20 19:14:23 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\drmike\Desktop\TFC.exe
    [2011/03/19 13:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyZooka 2.5
    [2011/03/16 17:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everything
    [2011/03/15 16:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/03/15 16:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/03/15 16:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2011/03/15 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5}
    [2011/03/15 14:08:25 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC}
    [2011/03/14 11:54:56 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Systweak
    [2011/03/14 11:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2011/03/12 21:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner Free
    [2011/03/12 21:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise Registry Cleaner
    [2011/03/12 15:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/03/12 00:02:05 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\ParetoLogic
    [2011/03/12 00:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2011/03/11 22:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2011/03/11 22:16:48 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\Yahoo!
    [2011/03/11 22:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
    [2011/03/11 22:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jZip
    [2011/03/08 11:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
    [2011/03/05 18:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/03/02 19:39:18 | 000,051,200 | ---- | C] (AdwareAway.com) -- C:\Windows\SysWow64\drivers\Start1Driver.SYS
    [2011/03/02 19:39:18 | 000,012,800 | ---- | C] (AdwareAway.com) -- C:\Windows\SysWow64\drivers\DiagnosticScan.SYS
    [2011/03/02 19:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdwareAway Antimalware
    [2011/03/01 20:59:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2011/03/01 20:59:10 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/03/01 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Local\Sunbelt Software
    [2011/03/01 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
    [2011/03/01 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\PC Unleashed Online
    [2011/03/01 18:15:48 | 000,000,000 | ---D | C] -- C:\Users\drmike\AppData\Roaming\DriverCure
    [2011/03/01 18:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Unleashed Online
    [2011/03/01 00:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AA Antimalware
    [2011/02/28 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
    [2011/02/23 15:19:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell
    [2011/02/23 15:19:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell
    [2011/02/22 19:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
    [2011/02/22 19:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

    ========== Files - Modified Within 30 Days ==========

    [2011/03/20 23:23:07 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job
    [2011/03/20 23:21:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\OTL.exe
    [2011/03/20 23:09:37 | 000,002,561 | ---- | M] () -- C:\Users\drmike\Desktop\HiJackThis.lnk
    [2011/03/20 23:06:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\drmike\Desktop\HijackThis.exe
    [2011/03/20 23:06:22 | 001,402,880 | ---- | M] () -- C:\Users\drmike\Desktop\HiJackThis.msi
    [2011/03/20 22:40:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/20 22:27:01 | 000,706,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/03/20 22:27:01 | 000,606,364 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/03/20 22:27:01 | 000,104,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/03/20 22:24:44 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2011/03/20 22:22:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/20 22:22:23 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/20 22:22:22 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/20 22:22:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/20 20:12:12 | 000,001,758 | ---- | M] () -- C:\Users\drmike\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/03/20 20:10:07 | 010,700,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\drmike\Desktop\SUPERAntiSpyware.exe
    [2011/03/20 20:00:03 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/20 19:56:56 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\drmike\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/03/20 19:14:26 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\drmike\Desktop\TFC.exe
    [2011/03/19 22:39:57 | 000,000,093 | ---- | M] () -- C:\Users\drmike\Documents\testpiece
    [2011/03/18 13:53:14 | 000,317,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/03/18 13:44:06 | 000,032,829 | ---- | M] () -- C:\ss3.jpg
    [2011/03/16 17:39:37 | 000,000,872 | ---- | M] () -- C:\Users\drmike\Desktop\Search Everything.lnk
    [2011/03/16 12:54:05 | 000,008,432 | ---- | M] () -- C:\Users\drmike\Documents\Portfolio of Moran Coxon.pfl
    [2011/03/15 16:34:07 | 000,001,123 | ---- | M] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/03/15 16:34:07 | 000,001,099 | ---- | M] () -- C:\Users\drmike\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/15 12:20:47 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.new
    [2011/03/12 21:07:15 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
    [2011/03/12 21:07:15 | 000,001,018 | ---- | M] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
    [2011/03/12 21:07:15 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
    [2011/03/11 22:16:37 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\jZip.lnk
    [2011/03/11 22:16:37 | 000,000,760 | ---- | M] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2011/03/08 21:17:17 | 000,002,565 | ---- | M] () -- C:\Users\drmike\Desktop\Microsoft Streets & Trips.lnk
    [2011/03/02 19:39:19 | 000,000,920 | ---- | M] () -- C:\Users\drmike\Desktop\AdwareAway Antimalware.lnk
    [2011/03/01 20:59:10 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [2011/03/01 18:18:14 | 000,001,754 | ---- | M] () -- C:\Users\drmike\Desktop\Microsoft Security Essentials.lnk
    [2011/03/01 18:15:49 | 000,001,179 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
    [2011/02/26 21:17:41 | 000,000,970 | ---- | M] () -- C:\Users\drmike\Desktop\Windows Media Player.lnk
    [2011/02/20 23:02:01 | 000,078,848 | ---- | M] () -- C:\Users\drmike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2011/03/20 23:07:59 | 000,002,561 | ---- | C] () -- C:\Users\drmike\Desktop\HiJackThis.lnk
    [2011/03/20 23:06:21 | 001,402,880 | ---- | C] () -- C:\Users\drmike\Desktop\HiJackThis.msi
    [2011/03/20 20:12:12 | 000,001,758 | ---- | C] () -- C:\Users\drmike\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/03/20 20:00:03 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/19 22:39:56 | 000,000,093 | ---- | C] () -- C:\Users\drmike\Documents\testpiece
    [2011/03/18 14:55:59 | 000,032,829 | ---- | C] () -- C:\ss3.jpg
    [2011/03/16 17:39:37 | 000,000,872 | ---- | C] () -- C:\Users\drmike\Desktop\Search Everything.lnk
    [2011/03/15 16:34:07 | 000,001,123 | ---- | C] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/03/15 16:34:07 | 000,001,099 | ---- | C] () -- C:\Users\drmike\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/12 21:07:15 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Clear with 1 click.lnk
    [2011/03/12 21:07:15 | 000,001,018 | ---- | C] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\Wise Registry Cleaner.lnk
    [2011/03/12 21:07:15 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
    [2011/03/11 22:16:37 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\jZip.lnk
    [2011/03/11 22:16:37 | 000,000,760 | ---- | C] () -- C:\Users\drmike\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
    [2011/03/03 14:11:59 | 000,000,981 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/03/02 19:39:19 | 000,000,920 | ---- | C] () -- C:\Users\drmike\Desktop\AdwareAway Antimalware.lnk
    [2011/02/26 21:17:41 | 000,000,970 | ---- | C] () -- C:\Users\drmike\Desktop\Windows Media Player.lnk
    [2011/02/23 15:16:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
    [2011/02/23 15:16:26 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
    [2011/02/23 15:16:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
    [2011/02/23 15:16:26 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
    [2011/02/23 15:16:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl
    [2011/02/23 15:16:26 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl
    [2011/02/16 20:11:59 | 000,000,036 | ---- | C] () -- C:\Users\drmike\AppData\Local\housecall.guid.cache
    [2011/02/09 17:54:20 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
    [2011/02/09 17:53:17 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/02/09 17:53:12 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2011/02/09 17:53:10 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/01/25 17:24:00 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/11/01 20:07:55 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT10.ini
    [2010/09/29 19:27:58 | 000,000,290 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2010/09/28 22:19:33 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/05/13 12:48:27 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2010/05/13 12:48:26 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
    [2010/05/13 12:48:26 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/12/21 16:15:32 | 000,000,048 | ---- | C] () -- C:\Windows\TaxACT09.ini
    [2009/12/09 18:11:19 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\GBSink.dll
    [2009/12/09 18:11:19 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GBProxy.exe
    [2009/12/09 18:11:19 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\GBSinkps.dll
    [2009/12/09 18:11:19 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\GBProxyps.dll
    [2009/12/09 18:11:18 | 000,442,368 | ---- | C] () -- C:\Windows\SysWow64\GBSinkCli.exe
    [2009/12/09 18:11:18 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\JPNRES.dll
    [2009/12/09 18:11:18 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\JPNXRES.dll
    [2009/05/27 17:22:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/05/27 17:22:03 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/05/27 17:21:37 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/02/05 15:29:57 | 000,000,045 | ---- | C] () -- C:\Windows\INSTALL.INI
    [2008/12/31 19:52:33 | 000,000,057 | ---- | C] () -- C:\Windows\TaxACT08.ini
    [2008/10/21 13:59:32 | 000,046,456 | R--- | C] () -- C:\Windows\SysWow64\exitwx.exe
    [2008/10/16 21:09:19 | 000,078,848 | ---- | C] () -- C:\Users\drmike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/10/03 14:17:17 | 000,000,000 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\wklnhst.dat
    [2008/10/02 19:03:32 | 000,008,248 | ---- | C] () -- C:\Users\drmike\AppData\Local\en.ini
    [2008/10/02 17:28:37 | 000,025,443 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\UserTile.png
    [2008/10/02 13:31:02 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/10/02 12:20:28 | 000,000,424 | ---- | C] () -- C:\Windows\MAXLINK.INI
    [2008/10/01 14:33:46 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2008/09/10 13:57:07 | 001,953,696 | ---- | C] () -- C:\Windows\SysWow64\igklg400.dll
    [2008/09/10 13:57:07 | 001,533,360 | ---- | C] () -- C:\Windows\SysWow64\igklg450.dll
    [2008/09/10 13:57:07 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.dll
    [2008/03/24 10:47:02 | 000,000,012 | ---- | C] () -- C:\Users\drmike\AppData\Roaming\userdic.tlx
    [2008/02/11 19:46:56 | 002,215,364 | ---- | C] () -- C:\Windows\SysWow64\igklg400.bin
    [2008/02/11 19:46:56 | 001,971,732 | ---- | C] () -- C:\Windows\SysWow64\igklg450.bin
    [2008/02/11 19:46:56 | 000,029,932 | ---- | C] () -- C:\Windows\SysWow64\igmedcompkrn.bin
    [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2002/06/10 17:34:34 | 001,310,720 | ---- | C] () -- C:\Windows\SysWow64\Veceng52.dll
    [2002/06/10 17:29:42 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\arrgrid.dll
    [2002/05/21 15:29:58 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\bmw.dll

    ========== LOP Check ==========

    [2010/10/05 18:02:01 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Amazon
    [2010/04/14 17:00:15 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Canon
    [2011/03/01 18:15:48 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\DriverCure
    [2011/03/20 22:23:13 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Dropbox
    [2010/12/18 20:10:24 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/02/16 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\FileZilla
    [2010/08/27 23:05:01 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Flipopia
    [2010/04/27 10:34:37 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\FreeFLVConverter
    [2008/10/08 16:35:57 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\GetRightToGo
    [2010/08/20 22:20:45 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Global Graphics
    [2008/10/06 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\ICAClient
    [2009/07/13 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\IMSIDesign
    [2010/08/20 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\jaws
    [2009/05/28 12:45:06 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\JGsoft
    [2010/02/02 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\KompoZer
    [2010/08/27 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\LimeWire
    [2010/12/27 17:20:11 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\MP3Rocket
    [2011/03/12 00:02:05 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\ParetoLogic
    [2011/03/01 18:15:48 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\PC Unleashed Online
    [2009/01/10 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\PeerNetworking
    [2010/12/14 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\PrimoPDF
    [2008/11/20 13:20:39 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Quicken WillMaker
    [2008/10/06 13:26:15 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Runaware
    [2008/10/02 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\ScanSoft
    [2010/07/14 12:47:52 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Scilab
    [2011/03/15 18:48:51 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Systweak
    [2008/10/03 14:26:07 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Template
    [2010/09/08 14:53:47 | 000,000,000 | ---D | M] -- C:\Users\drmike\AppData\Roaming\Uniblue
    [2011/03/20 22:21:33 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/03/20 23:23:07 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 760 bytes -> C:\Users\drmike\Documents\Another Snow Day !!!.eml:OECustomProperty

    < End of report >
     
  10. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hi, here is the Extras.Txt.

    OTL Extras logfile created on: 3/20/2011 11:22:33 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\drmike\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.29 Gb Total Space | 194.40 Gb Free Space | 67.43% Space Free | Partition Type: NTFS
    Drive D: | 9.77 Gb Total Space | 2.93 Gb Free Space | 30.03% Space Free | Partition Type: NTFS

    Computer Name: DRMIKE-PC | User Name: drmike | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AutoUpdateDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 75 3F BC 9A 13 DF C9 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4071100956-2886188598-2641863946-1000]
    "EnableNotificationsRef" = 2
    "EnableNotifications" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0768561F-9335-4F29-9025-99A3166ED5D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1116796F-8952-4342-8840-5B757531BFC8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1FD1E1D9-66C9-4764-A722-930185E1F5F3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{28F6576B-1A4F-4B65-BFFB-A356D101E2E7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{2D0149BD-8A79-4654-BA6F-E32788E8E55F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{4DDEDF27-2341-4208-8EFB-5C675F1DEBA5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4E931F15-FBAD-4B61-8DC6-95D7D102CAA9}" = rport=445 | protocol=6 | dir=out | app=system |
    "{4F490971-3720-4CBA-B948-10A516020E6D}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9712D47C-60B3-4AEF-A0AF-9DAB73625097}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9B3B627D-B133-4F9F-B5CC-A2B5E695BE69}" = rport=139 | protocol=6 | dir=out | app=system |
    "{A677A848-6F31-4A94-B52D-E0985FC4417F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{DCB41A8D-7398-4B33-AFCF-DB3999A47104}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{060B3502-135C-4CB1-BFC9-D2363152FD68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{098063F7-BFFC-4C99-ACA0-495413780DDE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{0EC9A9EB-9D16-42B7-97B0-940F124121DC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{126DEB6B-E1FE-480D-BD42-23FBD393014A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{2A02882A-8E92-490B-B62E-1410AD94792E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{3217EDBD-B741-4A2E-935D-E49DBB3E2AED}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{798D27DC-BC45-42E2-AB27-12C112743A18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{9FBA6551-E258-4C19-A169-22CBEA2CA28C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{BF0F165E-788B-433F-901B-50780DD33C93}" = protocol=6 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C0C13586-78B6-47EE-9329-15A3D16D624C}" = protocol=17 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
    "{CA235978-823D-4088-A181-93B2EC3FCED3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "TCP Query User{31827B4A-DEFB-4EBF-B8DB-44B35E588D93}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "TCP Query User{4C385E52-55A6-4C4E-B18A-AE0DB0505080}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
    "TCP Query User{5A2ED0F6-FBDE-4612-AFEE-DDAD3D184ACD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{85E0493E-34A4-4401-8585-AFD488393E15}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
    "TCP Query User{C2BB32E5-5342-4452-8922-3EAC356074E5}C:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{E49031EC-C238-4213-AC50-AB5C38391BE6}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{24E652D4-0352-47E3-96FB-F967B5A91526}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{3BAB0DC3-ED13-4984-8714-7B947F6E8917}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
    "UDP Query User{A9139A8A-22CB-4ED2-BC7A-AD9E363DADCE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
    "UDP Query User{B7CE9C26-891A-4451-9E51-8B5EEBC50E43}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{CB1AF0B2-A868-48D8-B93D-9A82396E9796}C:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\drmike\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{EDB23DC6-1B70-4539-AA91-9B3C3AEDC1A9}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1C89932F-1D9D-4776-AD7A-9156FF792539}" = Modem Diagnostic Tool
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6FD23F0-1047-4088-94BF-B137D4D17CD8}" = WD SmartWare
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F31E3C75-A273-419A-8BEB-58835F28BD47}" = Initio USB Default Controller Driver 64-bit
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    "CanonMyPrinter" = Canon My Printer
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    "Phantom CD" = Phantom CD

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A840A61-17C8-45A3-AE8F-210C39676C20}" = IE Download Helper
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{142492FC-7686-4B29-8E23-8C738FFCCB01}" = Microsoft Streets and Trips
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EA9F5CC-BD77-48FC-A9AF-E71646F2E55B}" = TurboCAD Deluxe 14
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29391B62-5DC8-4EAC-8ED7-7DDD5CFEFCAD}" = cladDVD.NET v3.5.7
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
    "{6FE4AA77-DF4C-48E9-A3E8-494926D163A4}" = SpyZooka
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7C7D6EC8-F8CC-4B13-AF27-0A9D51EE4E40}" = MSN Toolbar
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{A67539A1-0696-498F-832E-ACEA50886C80}" = GB Manager
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{CCEC791F-A948-4330-B16E-78939F10F793}" = CADSymbols 2.0
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E75594A0-B088-4635-B4F6-99654B5DDF96}" = V1 Home 2.0
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "Canon MP210 series User Registration" = Canon MP210 series User Registration
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "Cool FLV To MPEG Converter_is1" = Cool FLV To MPEG Converter 1.0
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Everything" = Everything 1.2.1.371
    "Excel 2007 Power Programming with VBA" = Excel 2007 Power Programming with VBA
    "Executor's Guide" = Executor's Guide
    "Family Tree Maker 2009" = Family Tree Maker 2009
    "FileZilla Client" = FileZilla Client 3.3.1
    "Free Convert MPEG WMV to MP4 FLV AVI Converter_is1" = Free Convert MPEG WMV to MP4 FLV AVI Converter 5.8
    "Free YouTube Download_is1" = Free YouTube Download version 2.10.29
    "Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
    "Google Updater" = Google Updater
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
    "InstallShield_{E75594A0-B088-4635-B4F6-99654B5DDF96}" = V1 Home 2.0
    "jZip" = jZip
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
    "Living Trust Forms" = Living Trust Forms
    "Living Trusts Simplified" = Living Trusts Simplified
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
    "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
    "MyCamera" = Canon Utilities MyCamera
    "Personal Historian_is1" = Personal Historian 1.3.0.38
    "Personal Printing Guide" = Canon Personal Printing Guide
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
    "RealPlayer 12.0" = RealPlayer
    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
    "TaxACT 2008" = TaxACT 2008
    "TaxACT 2009" = TaxACT 2009
    "TaxACT 2010" = TaxACT 2010
    "The Unzip Wizard" = The Unzip Wizard
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VLC media player" = VLC media player 1.1.4
    "Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.2
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Mail" = Verizon Yahoo! Internet Mail
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
    "Amazon Kindle For PC" = Amazon Kindle For PC v1.1
    "Dropbox" = Dropbox
    "pdfsam" = pdfsam

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 4/16/2010 5:24:32 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/16/2010 8:20:50 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/17/2010 10:07:26 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/18/2010 11:48:31 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/19/2010 10:23:07 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/19/2010 7:48:25 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/20/2010 10:38:22 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/21/2010 11:13:39 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/22/2010 10:43:52 AM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4/22/2010 4:19:18 PM | Computer Name = drmike-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 6/9/2009 12:51:34 PM | Computer Name = drmike-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/11/2009 6:37:43 PM | Computer Name = drmike-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/21/2009 5:26:24 PM | Computer Name = drmike-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 11/21/2008 12:55:52 PM | Computer Name = drmike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 633
    seconds with 420 seconds of active time. This session ended with a crash.

    Error - 5/11/2009 6:11:23 PM | Computer Name = drmike-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 583
    seconds with 360 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 3/20/2011 6:55:00 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/20/2011 6:56:35 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 3/20/2011 7:15:15 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 3/20/2011 7:18:55 PM | Computer Name = drmike-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Start1Driver.SYS has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 3/20/2011 7:20:45 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/20/2011 7:41:35 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 3/20/2011 9:51:46 PM | Computer Name = drmike-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Start1Driver.SYS has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 3/20/2011 9:53:35 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/20/2011 10:22:08 PM | Computer Name = drmike-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\Start1Driver.SYS has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 3/20/2011 10:23:56 PM | Computer Name = drmike-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >

    Hope this all means a good report !!
    Regardless, please accept my sincere thanks for the time you are putting in to assist me - it is VERY MUCH Appreciated.
    Cheers,
    Qwester.
     
  11. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hi Eddie,
    Browsing this morning & when I closed down there was the blank page again !!
    Thought you ought to know.
    Qwester
     
  12. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Okay, there are a few things that are malware related, so lets do this next:

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  13. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hello, Hope I got this right !

    ComboFix 11-03-21.01 - drmike 03/21/2011 22:35:01.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2577 [GMT -4:00]
    Running from: c:\users\drmike\Desktop\username123.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\service
    c:\windows\SysWow64\Drivers\DiagnosticScan.SYS
    c:\windows\SysWow64\Drivers\Start1Driver.SYS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-22 02:40 . 2011-03-22 02:40 -------- d-----w- c:\users\MARY\AppData\Local\temp
    2011-03-22 02:40 . 2011-03-22 02:40 -------- d-----w- c:\users\drmike\AppData\Local\temp
    2011-03-22 02:40 . 2011-03-22 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-22 02:31 . 2011-03-22 02:32 -------- d-----w- C:\32788R22FWJFW
    2011-03-22 01:14 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{09E4930A-7A3C-4A34-A7D5-DE483C01F80C}\mpengine.dll
    2011-03-21 03:08 . 2011-03-21 03:08 388096 ----a-r- c:\users\drmike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-21 03:07 . 2011-03-21 03:07 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-03-21 00:12 . 2011-03-21 00:12 -------- d-----w- c:\users\drmike\AppData\Roaming\SUPERAntiSpyware.com
    2011-03-21 00:12 . 2011-03-21 00:12 -------- d-----w- c:\programdata\!SASCORE
    2011-03-21 00:12 . 2011-03-21 00:12 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-03-21 00:00 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-03-20 23:59 . 2011-03-21 00:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-03-16 21:39 . 2011-03-20 22:52 -------- d-----w- c:\program files (x86)\Everything
    2011-03-15 20:33 . 2011-03-20 22:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-03-15 20:33 . 2011-03-20 22:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5}
    2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC}
    2011-03-14 15:54 . 2011-03-15 22:48 -------- d-----w- c:\users\drmike\AppData\Roaming\Systweak
    2011-03-14 15:54 . 2011-03-15 22:48 -------- d-----w- c:\programdata\Systweak
    2011-03-13 01:07 . 2011-03-20 22:52 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner
    2011-03-12 19:51 . 2011-03-12 19:51 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-12 19:28 . 2011-03-12 19:27 608448 ----a-w- c:\windows\system32\comctl32.ocx
    2011-03-12 04:02 . 2011-03-12 04:02 -------- d-----w- c:\users\drmike\AppData\Roaming\ParetoLogic
    2011-03-12 04:01 . 2011-03-12 04:28 -------- d-----w- c:\programdata\ParetoLogic
    2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\programdata\Yahoo! Companion
    2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\users\drmike\AppData\Roaming\Yahoo!
    2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\program files (x86)\jZip
    2011-03-09 22:34 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 22:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 22:34 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 22:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-09 22:34 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 22:34 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 22:34 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 22:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-09 22:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-09 22:33 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 22:33 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-09 22:33 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-02 00:59 . 2011-03-02 19:55 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-03-02 00:59 . 2011-03-02 00:59 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-02 00:58 . 2011-03-02 00:58 -------- d-----w- c:\users\drmike\AppData\Local\Sunbelt Software
    2011-03-02 00:56 . 2011-03-02 19:55 -------- d-----w- c:\programdata\Lavasoft
    2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\PC Unleashed Online
    2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\DriverCure
    2011-03-01 22:15 . 2011-03-01 22:21 -------- d-----w- c:\programdata\PC Unleashed Online
    2011-02-28 19:36 . 2011-02-28 19:52 -------- d-----w- c:\program files\Perfect Uninstaller
    2011-02-23 19:17 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
    2011-02-23 19:17 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-02-23 19:17 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-02-23 19:17 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
    2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
    2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
    2011-02-23 19:17 . 2009-10-09 21:36 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
    2011-02-23 19:17 . 2009-10-09 21:56 41472 ----a-w- c:\windows\SysWow64\pwrshplugin.dll
    2011-02-23 19:17 . 2009-10-09 21:35 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-02-23 19:17 . 2009-10-09 21:35 24064 ----a-w- c:\windows\system32\winrshost.exe
    2011-02-23 19:17 . 2009-10-09 21:35 51200 ----a-w- c:\windows\system32\winrs.exe
    2011-02-22 23:38 . 2011-03-01 15:32 -------- d-----w- c:\program files (x86)\ConduitEngine
    2011-02-22 23:30 . 2011-02-22 23:30 -------- d-----w- c:\programdata\McAfee
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-12 19:50 . 2010-05-23 18:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-08 18:59 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-11 07:30 . 2010-09-06 20:02 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-02-07 08:33 . 2009-05-28 16:23 67312 ----a-w- c:\windows\UnDeployV.exe
    2011-02-02 22:11 . 2009-11-11 22:29 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 18:19 . 2011-01-26 18:20 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0432E7CA-C223-4C52-86B4-C27A2E22E833}\gapaengine.dll
    2011-01-20 16:46 . 2011-02-09 16:59 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:17 . 2011-02-09 16:59 366592 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:17 . 2011-02-09 16:59 625152 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:16 . 2011-02-09 16:59 287232 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:16 . 2011-02-09 16:59 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:16 . 2011-02-09 16:59 196096 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:16 . 2011-02-09 16:59 1268224 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:16 . 2011-02-09 16:59 748544 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:16 . 2011-02-09 16:59 47104 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:16 . 2011-02-09 16:59 3548672 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:16 . 2011-02-09 16:59 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:14 . 2011-02-09 16:59 278528 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:14 . 2011-02-09 16:59 195072 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:08 . 2011-02-09 16:59 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
    2011-01-20 16:08 . 2011-02-09 16:59 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-09 16:59 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-09 16:59 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
    2011-01-20 16:08 . 2011-02-09 16:59 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2011-01-20 16:07 . 2011-02-09 16:59 258048 ----a-w- c:\windows\SysWow64\winspool.drv
    2011-01-20 16:07 . 2011-02-09 16:59 586240 ----a-w- c:\windows\SysWow64\stobject.dll
    2011-01-20 16:06 . 2011-02-09 16:59 2873344 ----a-w- c:\windows\SysWow64\mf.dll
    2011-01-20 16:04 . 2011-02-09 16:59 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
    2011-01-20 16:04 . 2011-02-09 16:59 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2011-01-20 15:39 . 2011-02-18 00:59 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{585344A1-E443-4366-86D8-56A479C11623}\mpengine.dll
    2011-01-20 15:01 . 2011-02-09 16:59 3068416 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 15:01 . 2011-02-09 16:59 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:59 . 2011-02-09 16:59 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:58 . 2011-02-09 16:59 1461760 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:57 . 2011-02-09 16:59 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:57 . 2011-02-09 16:59 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:42 . 2011-02-09 16:59 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:41 . 2011-02-09 16:59 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:40 . 2011-02-09 16:59 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:40 . 2011-02-09 16:59 34304 ----a-w- c:\windows\system32\mfpmp.exe
    2011-01-20 14:40 . 2011-02-09 16:59 377344 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:37 . 2011-02-09 16:59 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:35 . 2011-02-09 16:59 566272 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 14:28 . 2011-02-09 16:59 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
    2011-01-20 14:27 . 2011-02-09 16:59 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25 . 2011-02-09 16:59 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
    2011-01-20 14:24 . 2011-02-09 16:59 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-01-20 14:24 . 2011-02-09 16:59 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-09 16:59 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-09 16:59 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-09 16:59 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-09 16:59 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-09 16:59 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-09 16:59 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06 . 2011-02-09 16:59 834048 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 14:02 . 2011-02-09 16:59 1555968 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 14:02 . 2011-02-09 16:59 1147904 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-20 13:47 . 2011-02-09 16:59 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-01-20 13:44 . 2011-02-09 16:59 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-01-13 10:20 . 2011-01-25 21:23 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-01-08 09:03 . 2011-02-09 16:57 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 08:47 . 2011-02-09 16:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:45 . 2011-02-09 16:57 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 06:28 . 2011-02-09 16:57 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-12-31 14:16 . 2011-02-09 16:59 2757632 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 16:08 . 2011-01-12 21:50 466944 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-28 15:55 . 2011-01-12 21:50 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-04 274608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-9-10 50688]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 DiagnosticScan;DiagnosticScan Driver; [x]
    R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
    R0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [x]
    R1 Start1Driver;Adware Away Driver; [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 135664]
    R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    S0 phmcd;phmcd;c:\windows\system32\DRIVERS\phmcd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 pcdservice;pcdservice;c:\program files\Phantombility\Phantom CD\pcdservice.exe [2010-06-14 316752]
    S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-11-08 288256]
    S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-11-08 1060352]
    S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-11-08 485376]
    S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-22 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-21 19:09]
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
    .
    2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
    .
    2011-03-22 c:\windows\Tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    "RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    Trusted Zone: cnn.com\money
    Trusted Zone: golfdigest.com\www
    Trusted Zone: thegolfchannel.com\www
    Trusted Zone: vanguard.com
    DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-Advanced System Protector - c:\program files (x86)\Systweak\Advanced System Protector\ASP.exe
    ShellExecuteHooks-{D468BCE5-D18E-49A4-8EA7-34BD583659D5} - c:\progra~2\SpyZooka\spyguard.dll
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-HijackThis - a:\trend micro\HijackThis\HijackThis.exe
    AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
    AddRemove-Adobe Acrobat Connect Add-in - c:\users\drmike\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin\connectaddin.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-03-21 22:42:06
    ComboFix-quarantined-files.txt 2011-03-22 02:42
    .
    Pre-Run: 207,404,351,488 bytes free
    Post-Run: 207,325,040,640 bytes free
    .
    - - End Of File - - CE09F9DFE0E76D91A96F1B789244F9B9
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,793
    Yes you did :)

    P2P Warning!

    • IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

      LimeWire

      Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
      Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

      I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

      Please read these short reports on the dangers of peer-2-peer programs and file sharing.

      I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

      If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.


    --------

    With that out of the way, onto the next part..

    =========

    Uninstall these programs because they're not needed or are outdated or are dangerous to use.
    If any can't be installed, let me know, but carry on with the rest of the uninstall and the programs below. We can look at any that couldn't be uninstalled later :)

    Optimizers, boosters, cleaners, etc. are basically useless and a waste of money and can do more harm than good

    Reading these links might also put you off such progs:

    http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

    http://www.edbott.com/weblog/?p=643


    Systweak
    Wise Registry Cleaner
    AdwareAway
    SpyZooka
    TranslatorBar 1 Toolbar
    ConduitEngine


    ==========

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    eddie
     

    Attached Files:

  15. QWESTER

    QWESTER Thread Starter

    Joined:
    May 21, 2002
    Messages:
    35
    Hi Eddie,

    I have removed files as requested. I was unaware of the P2P file (mystery to me !) but your point is well taken.
    Thanks again for your work. Here is the ComboFix Log.
    Cheers,
    Qwester.

    ComboFix 11-03-21.01 - drmike 03/23/2011 19:37:59.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2419 [GMT -4:00]
    Running from: c:\users\drmike\Desktop\username123.exe
    Command switches used :: c:\users\drmike\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Systweak
    c:\users\drmike\AppData\Local\Temp\SAS3643.tmp
    c:\users\drmike\AppData\Roaming\Systweak
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-23 23:43 . 2011-03-23 23:43 -------- d-----w- c:\users\MARY\AppData\Local\temp
    2011-03-23 23:43 . 2011-03-23 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-23 12:32 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7586B5-E440-4817-A134-DF262D71EC6B}\mpengine.dll
    2011-03-23 12:31 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-03-23 12:31 . 2011-02-22 14:13 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-03-23 12:31 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll
    2011-03-23 12:31 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll
    2011-03-23 12:31 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-03-23 00:23 . 2011-03-23 00:23 -------- d-----w- c:\program files\Western Digital
    2011-03-22 02:42 . 2011-03-23 23:43 -------- d-----w- c:\users\drmike\AppData\Local\temp
    2011-03-21 03:08 . 2011-03-21 03:08 388096 ----a-r- c:\users\drmike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-21 03:07 . 2011-03-21 03:07 -------- d-----w- c:\program files (x86)\Trend Micro
    2011-03-15 20:33 . 2011-03-20 22:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5}
    2011-03-15 18:08 . 2011-03-15 18:08 -------- d-----w- c:\users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC}
    2011-03-12 19:51 . 2011-03-12 19:51 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-12 19:28 . 2011-03-12 19:27 608448 ----a-w- c:\windows\system32\comctl32.ocx
    2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-03-12 04:02 . 2011-03-12 04:02 -------- d-----w- c:\users\drmike\AppData\Roaming\ParetoLogic
    2011-03-12 04:01 . 2011-03-12 04:28 -------- d-----w- c:\programdata\ParetoLogic
    2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\programdata\Yahoo! Companion
    2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\users\drmike\AppData\Roaming\Yahoo!
    2011-03-12 02:16 . 2011-03-12 02:16 -------- d-----w- c:\program files (x86)\jZip
    2011-03-09 22:34 . 2010-12-17 17:34 2425344 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 22:34 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-09 22:34 . 2010-12-17 15:41 731136 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 22:34 . 2010-12-17 13:54 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-09 22:34 . 2010-12-29 19:01 416768 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 22:34 . 2010-12-29 19:01 559616 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 22:34 . 2010-12-29 18:59 226816 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 22:34 . 2010-12-29 18:28 322560 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-09 22:34 . 2010-12-29 18:28 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-09 22:33 . 2010-12-29 19:01 210944 ----a-w- c:\windows\system32\sbeio.dll
    2011-03-09 22:33 . 2010-12-29 18:28 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
    2011-03-09 22:33 . 2010-12-29 18:26 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-02 00:59 . 2011-03-02 19:55 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-03-02 00:59 . 2011-03-02 00:59 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-03-02 00:58 . 2011-03-02 00:58 -------- d-----w- c:\users\drmike\AppData\Local\Sunbelt Software
    2011-03-02 00:56 . 2011-03-02 19:55 -------- d-----w- c:\programdata\Lavasoft
    2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\PC Unleashed Online
    2011-03-01 22:15 . 2011-03-01 22:15 -------- d-----w- c:\users\drmike\AppData\Roaming\DriverCure
    2011-03-01 22:15 . 2011-03-01 22:21 -------- d-----w- c:\programdata\PC Unleashed Online
    2011-02-28 19:36 . 2011-02-28 19:52 -------- d-----w- c:\program files\Perfect Uninstaller
    2011-02-23 19:17 . 2009-10-09 21:56 2048 ----a-w- c:\windows\SysWow64\winrsmgr.dll
    2011-02-23 19:17 . 2009-10-09 21:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2011-02-23 19:17 . 2009-10-09 21:35 13312 ----a-w- c:\windows\system32\wsmplpxy.dll
    2011-02-23 19:17 . 2009-10-09 21:34 13312 ----a-w- c:\windows\system32\winrssrv.dll
    2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\wsmplpxy.dll
    2011-02-23 19:17 . 2009-10-09 21:56 10240 ----a-w- c:\windows\SysWow64\winrssrv.dll
    2011-02-23 19:17 . 2009-10-09 21:36 53760 ----a-w- c:\windows\system32\pwrshplugin.dll
    2011-02-23 19:17 . 2009-10-09 21:56 41472 ----a-w- c:\windows\SysWow64\pwrshplugin.dll
    2011-02-23 19:17 . 2009-10-09 21:35 13824 ----a-w- c:\windows\system32\wsmprovhost.exe
    2011-02-23 19:17 . 2009-10-09 21:35 24064 ----a-w- c:\windows\system32\winrshost.exe
    2011-02-23 19:17 . 2009-10-09 21:35 51200 ----a-w- c:\windows\system32\winrs.exe
    2011-02-22 23:30 . 2011-02-22 23:30 -------- d-----w- c:\programdata\McAfee
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-12 19:50 . 2010-05-23 18:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-08 18:59 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-02-16 20:53 . 2011-02-16 20:53 14464 ----a-w- c:\windows\system32\drivers\wdcsam64.sys
    2011-02-11 07:30 . 2010-09-06 20:02 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-02-07 08:33 . 2009-05-28 16:23 67312 ----a-w- c:\windows\UnDeployV.exe
    2011-02-02 22:11 . 2009-11-11 22:29 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-26 18:19 . 2011-01-26 18:20 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0432E7CA-C223-4C52-86B4-C27A2E22E833}\gapaengine.dll
    2011-01-20 16:46 . 2011-02-09 16:59 900480 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:17 . 2011-02-09 16:59 366592 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:17 . 2011-02-09 16:59 625152 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:16 . 2011-02-09 16:59 287232 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:16 . 2011-02-09 16:59 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:16 . 2011-02-09 16:59 196096 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:16 . 2011-02-09 16:59 1268224 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:16 . 2011-02-09 16:59 748544 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:16 . 2011-02-09 16:59 47104 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:16 . 2011-02-09 16:59 3548672 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:16 . 2011-02-09 16:59 35840 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:14 . 2011-02-09 16:59 278528 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:14 . 2011-02-09 16:59 195072 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:08 . 2011-02-09 16:59 478720 ----a-w- c:\windows\SysWow64\dxgi.dll
    2011-01-20 16:08 . 2011-02-09 16:59 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-09 16:59 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-09 16:59 1029120 ----a-w- c:\windows\SysWow64\d3d10.dll
    2011-01-20 16:08 . 2011-02-09 16:59 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
    2011-01-20 16:07 . 2011-02-09 16:59 258048 ----a-w- c:\windows\SysWow64\winspool.drv
    2011-01-20 16:07 . 2011-02-09 16:59 586240 ----a-w- c:\windows\SysWow64\stobject.dll
    2011-01-20 16:06 . 2011-02-09 16:59 2873344 ----a-w- c:\windows\SysWow64\mf.dll
    2011-01-20 16:04 . 2011-02-09 16:59 209920 ----a-w- c:\windows\SysWow64\mfplat.dll
    2011-01-20 16:04 . 2011-02-09 16:59 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2011-01-20 15:39 . 2011-02-18 00:59 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{585344A1-E443-4366-86D8-56A479C11623}\mpengine.dll
    2011-01-20 15:01 . 2011-02-09 16:59 3068416 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 15:01 . 2011-02-09 16:59 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:59 . 2011-02-09 16:59 1032192 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:58 . 2011-02-09 16:59 1461760 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:57 . 2011-02-09 16:59 231936 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:42 . 2011-02-09 16:59 1257984 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:41 . 2011-02-09 16:59 428544 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:40 . 2011-02-09 16:59 345088 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:40 . 2011-02-09 16:59 34304 ----a-w- c:\windows\system32\mfpmp.exe
    2011-01-20 14:40 . 2011-02-09 16:59 377344 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:37 . 2011-02-09 16:59 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:35 . 2011-02-09 16:59 566272 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 14:28 . 2011-02-09 16:59 1554432 ----a-w- c:\windows\SysWow64\xpsservices.dll
    2011-01-20 14:27 . 2011-02-09 16:59 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-01-20 14:25 . 2011-02-09 16:59 847360 ----a-w- c:\windows\SysWow64\OpcServices.dll
    2011-01-20 14:24 . 2011-02-09 16:59 135680 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-09 16:59 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-09 16:59 357376 ----a-w- c:\windows\SysWow64\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-09 16:59 302592 ----a-w- c:\windows\SysWow64\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-09 16:59 261632 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-09 16:59 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-09 16:59 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2011-01-20 14:06 . 2011-02-09 16:59 834048 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:47 . 2011-02-09 16:59 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-01-13 10:20 . 2011-01-25 21:23 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
    2011-01-08 09:03 . 2011-02-09 16:57 48128 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 08:47 . 2011-02-09 16:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-08 06:45 . 2011-02-09 16:57 367104 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-08 06:28 . 2011-02-09 16:57 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
    2010-12-31 14:16 . 2011-02-09 16:59 2757632 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 16:08 . 2011-01-12 21:50 466944 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-28 15:55 . 2011-01-12 21:50 413696 ----a-w- c:\windows\SysWow64\odbc32.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of c:\program files (x86)\Everything ----
    .
    .
    ---- Directory of c:\users\drmike\AppData\Local\{4CAC6667-659A-4D1A-BEE9-9B7C6610E3FC} ----
    .
    .
    ---- Directory of c:\users\drmike\AppData\Local\{D8F8DDEB-2E6F-40DF-AA3B-D57954589ED5} ----
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-22_02.40.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 03:20 . 2011-03-23 12:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2011-03-22 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-03-22 01:01 . 2011-03-23 12:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-22 01:01 . 2011-03-22 01:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-21 03:20 . 2011-03-22 01:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 03:20 . 2011-03-23 12:20 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2011-03-23 17:46 67772 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2011-03-23 17:47 85094 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-10-01 15:19 . 2011-03-23 17:47 24406 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4071100956-2886188598-2641863946-1000_UserData.bin
    + 2011-02-16 20:53 . 2011-02-16 20:53 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_9ed7f3a4\wdcsam64.sys
    + 2008-10-01 14:08 . 2011-03-23 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-10-01 14:08 . 2011-03-21 22:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-10-01 14:08 . 2011-03-23 23:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-01 14:08 . 2011-03-21 22:30 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-10-01 14:08 . 2011-03-21 22:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-10-01 14:08 . 2011-03-23 23:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-05-05 16:44 . 2011-03-22 22:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-05-05 16:44 . 2011-03-06 03:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-05-05 16:44 . 2011-03-22 22:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-05-05 16:44 . 2011-03-06 03:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-05-05 16:44 . 2011-03-06 03:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-05-05 16:44 . 2011-03-22 22:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-10-01 15:34 . 2011-03-12 02:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-10-01 15:34 . 2011-03-22 22:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-10-01 15:34 . 2011-03-22 22:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-10-01 15:34 . 2011-03-12 02:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2006-11-02 12:40 . 2011-03-23 00:24 86016 c:\windows\inf\infstor.dat
    - 2006-11-02 12:40 . 2010-12-27 20:59 86016 c:\windows\inf\infstor.dat
    - 2006-11-02 12:40 . 2010-12-27 20:59 51200 c:\windows\inf\infpub.dat
    + 2006-11-02 12:40 . 2011-03-23 00:24 51200 c:\windows\inf\infpub.dat
    + 2011-03-23 17:45 . 2011-03-23 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-22 02:08 . 2011-03-22 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-22 02:08 . 2011-03-22 02:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-03-23 17:45 . 2011-03-23 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-09 21:53 . 2010-03-15 10:31 165376 c:\windows\SysWOW64\unrar.dll
    + 2008-10-01 20:01 . 2011-03-23 22:28 353354 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2006-11-02 12:46 . 2011-03-22 02:14 606364 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-03-23 17:51 606364 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2011-03-22 02:14 104964 c:\windows\system32\perfc009.dat
    + 2006-11-02 12:46 . 2011-03-23 17:51 104964 c:\windows\system32\perfc009.dat
    + 2009-04-29 17:58 . 2011-03-22 21:36 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-04-29 17:58 . 2011-03-20 01:21 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-02-09 02:46 . 2011-03-23 16:01 296272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2011-02-09 02:46 . 2011-03-22 02:08 296272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-03-23 00:24 . 2011-03-23 00:24 410598 c:\windows\Installer\{07179D37-D5FE-4373-90D9-A25B992EFB3E}\WDSmartWare.exe
    + 2006-11-02 12:40 . 2011-03-23 00:24 143360 c:\windows\inf\infstrng.dat
    - 2006-11-02 12:40 . 2010-12-27 20:59 143360 c:\windows\inf\infstrng.dat
    - 2010-01-20 02:54 . 2011-03-22 02:08 2248696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2010-01-20 02:54 . 2011-03-23 00:54 2248696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
    + 2011-03-23 00:24 . 2011-03-23 00:24 1795584 c:\windows\Installer\3d371d.msi
    + 2006-11-02 12:33 . 2011-03-23 15:47 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2006-11-02 12:33 . 2011-03-10 00:21 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2011-03-13 01:02 . 2011-03-13 01:02 15139328 c:\windows\Installer\5b4011.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-12-04 274608]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    c:\users\drmike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\drmike\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    wkcalrem.LNK - c:\program files (x86)\Microsoft Works\WkCalRem.exe [2007-11-28 46432]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-9-10 50688]
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{D468BCE5-D18E-49A4-8EA7-34BD583659D5}"= "c:\progra~2\SpyZooka\spyguard.dll" [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R0 DiagnosticScan;DiagnosticScan Driver; [x]
    R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 135664]
    R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    S0 phmcd;phmcd;c:\windows\system32\DRIVERS\phmcd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S2 pcdservice;pcdservice;c:\program files\Phantombility\Phantom CD\pcdservice.exe [2010-06-14 316752]
    S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-21 19:09]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-14 03:28]
    .
    2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{ACB673B5-404B-4967-AF9D-9E1FB8E7728E}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 97792 ----a-w- c:\users\drmike\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
    "Skytel"="Skytel.exe" [2007-11-21 1826816]
    "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\drmike\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    Trusted Zone: cnn.com\money
    Trusted Zone: golfdigest.com\www
    Trusted Zone: thegolfchannel.com\www
    Trusted Zone: vanguard.com
    DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    WebBrowser-{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,10,57,7a,36,1d,d8,44,a6,a2,4a,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-03-23 19:45:48
    ComboFix-quarantined-files.txt 2011-03-23 23:45
    .
    Pre-Run: 202,590,101,504 bytes free
    Post-Run: 202,589,851,648 bytes free
    .
    - - End Of File - - 987F8DDBA3EDB4C3C3094273940580B2
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/986675