Jump to content

Recommended Posts

My CA.Security keeps giving 6 xp internet security 2010 alerts on the quick scan, it will quarantine one but not the other 5. All six will be back on the next scan. When I run MWB it does not find anything. I have reinstalled CA, MWB, run both in safe mode. I also ran SpyDoctor, SpyBot, StopZilla and online Eset only CA comes up with this malware. MWB is registered copy, I also run CA.security and Stopzilla as registered copies. I have never received the popup that xp internet security 2010 is suppose to do. I tried following the instructions for removal on Bleepingcomputer site but they state do not close the popup that I do not get. I followed the instruction anyway and it did not fix the problem. Can anyone look at my Hijackthis log and tell me what I am missing. Thank you.

Link to post
Share on other sites

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hello dragon8161! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Please follow out instructions:

http://forums.malwarebytes.org/index.php?showtopic=43987

Link to post
Share on other sites

Hello dragon8161! Welcome to MalwareBytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

Please follow out instructions:

http://forums.malwarebytes.org/index.php?showtopic=43987

Followed instructions log below

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4071

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

5/6/2010 8:18:54 AM

mbam-log-2010-05-06 (08-18-54).txt

Scan type: Quick scan

Objects scanned: 130563

Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Thanks!

Step 1:

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Step 2:

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.

  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

In your next reply, please include these log(s) in this sequence:

  1. DDS log with Attach.txt
  2. GMER log

Link to post
Share on other sites

I ran the DSS logs below. Tried to run GMER but it fail with error: "c:windows\system32\config\system:the system cannot find the file specified.". I am running Windows 7 64bit.

DDS (Ver_10-03-17.01) - NTFSX64

Run by Charboneau at 0:32:38.67 on Fri 05/07/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1243 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

c:\program files\windows defender\MpCmdRun.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Charboneau\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~4\office12\GR469A~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files (x86)\stopzilla!\SZIEBHO.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~4\office12\GRA32A~1.DLL

Notify: PFW - UmxWnp.Dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~4\office12\GR469A~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun-x64: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\charbo~1\appdata\roaming\mozilla\firefox\profiles\wr0nkpe6.default\

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 141304]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 106488]

R1 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 334712]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-26 89600]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 203264]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-5-5 304128]

R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-5-5 285008]

R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-6 304464]

R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 1479160]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]

R2 UmxPol;HIPS Policy Manager;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-9 24664]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-26 215040]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-26 36408]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-10 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-05-07 04:30:13 152 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-05-07 04:09:51 480 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-06 12:11:26 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-05-05 15:18:30 0 d-----w- c:\program files (x86)\Trend Micro

2010-05-05 13:05:30 0 d-----w- c:\program files (x86)\CA

2010-05-05 13:05:00 0 d-----w- c:\program files\CA

2010-05-05 13:03:41 0 d-----w- c:\programdata\CA

2010-05-04 15:25:39 0 d-----w- c:\program files (x86)\ESET

2010-05-04 14:04:29 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-05-04 14:04:05 12867072 ----a-w- c:\windows\syswow64\shell32.dll

2010-05-04 14:04:04 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-05-04 14:04:04 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-05-04 14:04:04 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-05-04 14:04:04 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-15 18:29:37 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-15 18:29:37 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-04-15 18:29:32 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-15 18:29:31 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-15 18:29:31 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-15 18:29:25 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-15 18:29:24 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-04-15 18:29:24 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-04-15 18:27:04 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-04-15 18:27:04 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-04-15 18:27:03 139264 ----a-w- c:\windows\system32\cabview.dll

2010-04-15 18:27:03 132608 ----a-w- c:\windows\syswow64\cabview.dll

2010-04-13 12:48:10 0 d-----w- c:\users\charbo~1\appdata\roaming\AVS4YOU

2010-04-12 18:04:54 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-04-12 18:04:54 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-04-12 17:17:37 63460 ----a-w- c:\windows\system32\drivers\KmxAgent.asc

2010-04-12 16:06:45 18594 ----a-w- c:\windows\system32\entitlement.xml

2010-04-12 15:19:07 0 d-----w- c:\programdata\PC Tools

2010-04-12 15:15:34 0 d-----w- c:\users\charbo~1\appdata\roaming\GetRightToGo

2010-04-12 14:44:47 0 d-----w- c:\users\charbo~1\appdata\roaming\Malwarebytes

2010-04-10 18:27:37 0 d-----w- c:\users\charboneau\rapid

2010-04-10 18:14:55 0 d-----w- c:\windows\syswow64\Wat

2010-04-10 18:14:55 0 d-----w- c:\windows\system32\Wat

2010-04-10 18:11:35 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-04-10 18:11:35 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-04-10 17:38:28 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-04-10 17:37:59 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-04-10 17:37:59 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-04-10 17:37:59 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-04-10 17:37:59 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-04-10 17:37:59 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-04-10 17:37:59 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-04-10 17:37:30 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-10 17:37:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-10 17:35:54 960512 ----a-w- c:\windows\system32\CPFilters.dll

2010-04-10 17:35:54 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-04-10 17:35:54 613888 ----a-w- c:\windows\system32\psisdecd.dll

2010-04-10 17:35:54 552960 ----a-w- c:\windows\system32\msdri.dll

2010-04-10 17:35:54 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-04-10 17:35:54 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-04-10 17:35:53 465408 ----a-w- c:\windows\syswow64\psisdecd.dll

2010-04-10 17:33:28 716800 ----a-w- c:\windows\syswow64\jscript.dll

2010-04-10 17:21:45 46592 ----a-w- c:\windows\system32\msasn1.dll

2010-04-10 17:21:45 34816 ----a-w- c:\windows\syswow64\msasn1.dll

2010-04-10 17:21:21 464896 ----a-w- c:\windows\system32\drivers\srv.sys

2010-04-10 17:21:21 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-04-10 17:06:57 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

2010-04-10 17:06:56 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf

2010-04-10 17:06:56 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

2010-04-10 17:00:58 0 d-----w- c:\programdata\Recovery

2010-04-10 16:55:23 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf

2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

2010-04-10 16:55:22 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf

2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

2010-04-10 16:55:22 262144 --sha-w- c:\users\charboneau\ntuser.dat.LOG1

2010-04-10 16:55:22 0 --sha-w- c:\users\charboneau\ntuser.dat.LOG2

2010-04-10 15:28:56 0 d-----w- c:\program files (x86)\MSXML 4.0

2010-04-10 15:22:28 0 d-----w- c:\program files (x86)\Pelican Performance

2010-04-10 13:47:38 0 d-----w- c:\program files (x86)\STOPzilla!

2010-04-10 00:50:46 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2010-04-10 00:45:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-10 00:45:22 0 d-----w- c:\programdata\Malwarebytes

2010-04-10 00:44:39 0 d-----w- c:\users\charboneau\saved aps

2010-04-10 00:39:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-04-09 18:52:57 0 d-----w- c:\programdata\SITEguard

2010-04-09 18:52:16 0 d-----w- c:\program files (x86)\common files\iS3

2010-04-09 18:52:15 0 d-----w- c:\programdata\STOPzilla!

2010-04-09 18:48:41 1003008 ----a-w- c:\windows\syswow64\libeay32.dll

2010-04-09 18:46:49 156910 ----a-w- c:\windows\WMSysPr8.prx

2010-04-09 18:45:39 0 d-----w- c:\program files (x86)\common files\AVSMedia

2010-04-09 18:45:15 974848 ----a-w- c:\windows\syswow64\mfc70.dll

2010-04-09 18:45:15 487424 ----a-w- c:\windows\syswow64\msvcp70.dll

2010-04-09 18:45:15 344064 ----a-w- c:\windows\syswow64\msvcr70.dll

2010-04-09 18:45:14 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll

2010-04-09 18:45:14 0 d-----w- c:\programdata\AVS4YOU

2010-04-09 18:45:14 0 d-----w- c:\program files (x86)\AVS4YOU

2010-04-09 18:41:20 0 d-----w- c:\program files (x86)\CCleaner

2010-04-09 18:12:49 0 d-----w- c:\programdata\Sun

2010-04-09 18:12:16 153376 ----a-w- c:\windows\syswow64\javaws.exe

2010-04-09 18:12:16 145184 ----a-w- c:\windows\syswow64\javaw.exe

2010-04-09 18:12:16 145184 ----a-w- c:\windows\syswow64\java.exe

2010-04-09 14:48:12 0 d-----w- c:\windows\PCHEALTH

2010-04-09 14:45:50 0 d-----w- c:\program files\Microsoft Office

2010-04-09 14:45:04 0 d-----w- c:\windows\SHELLNEW

2010-04-09 14:35:32 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-04-09 14:07:03 95472 ----a-w- c:\windows\syswow64\Vetredir.dll

2010-04-09 14:07:03 250608 ----a-w- c:\windows\system32\isafprod64.dll

2010-04-09 14:07:03 201968 ----a-w- c:\windows\syswow64\Isafprod.dll

2010-04-09 14:07:03 140016 ----a-w- c:\windows\system32\isafeif64.dll

2010-04-09 14:07:03 128240 ----a-w- c:\windows\syswow64\Isafeif.dll

2010-04-09 14:07:03 103152 ----a-w- c:\windows\system32\vetredir64.dll

2010-04-09 02:27:27 20 --sh--w- c:\users\charboneau\ntuser.ini

==================== Find3M ====================

2010-03-09 08:28:20 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-03-05 22:16:42 17408 ----a-r- c:\windows\syswow64\SZIO5.dll

2010-03-05 22:14:16 442368 ----a-r- c:\windows\syswow64\SZBase5.dll

2010-03-05 22:13:44 540672 ----a-r- c:\windows\syswow64\SZComp5.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:33:46.84 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 4/8/2010 10:27:23 PM

System Uptime: 5/7/2010 12:08:54 AM (0 hours ago)

Motherboard: Hewlett-Packard | | 363F

Processor: AMD Athlon II Dual-Core M320 | Socket S1G3 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 219 GiB total, 183.122 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 2.245 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0.09 GiB free.

F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP42: 4/13/2010 9:04:50 AM - Windows Backup

RP43: 4/13/2010 11:10:50 AM - Windows Backup

RP44: 4/15/2010 2:27:09 PM - Windows Update

RP45: 4/15/2010 4:42:43 PM - Windows Update

RP46: 4/19/2010 2:20:26 PM - StopZILLA! Restore Point.

RP47: 4/27/2010 9:09:46 AM - Windows Update

RP48: 5/4/2010 10:04:33 AM - Windows Update

RP49: 5/4/2010 11:54:58 AM - Installed HiJackThis

RP50: 5/4/2010 12:16:09 PM - Windows Update

RP54: 5/5/2010 9:00:38 AM - CA Internet Security Suite

RP56: 5/5/2010 9:04:44 AM - CA Internet Security Suite

RP57: 5/5/2010 11:05:07 AM - Removed HiJackThis

RP58: 5/5/2010 11:07:13 AM - Installed HiJackThis

RP59: 5/5/2010 11:08:56 AM - Removed HiJackThis

RP60: 5/5/2010 11:17:56 AM - Installed HiJackThis

RP61: 5/6/2010 8:39:05 AM - StopZILLA! Restore Point.

RP62: 5/7/2010 12:10:49 AM - StopZILLA! Restore Point.

==== Installed Programs ======================

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1 MUI

Adobe Shockwave Player

AMD USB Filter Driver

Atheros Driver Installation Program

AVS Audio Converter version 6.2

AVS Cover Editor 2.0.0.75

AVS Disc Creator version 4.1

AVS DVD Authoring

AVS Media Player 3.1

AVS Update Manager 1.0

AVS Video Converter 6

AVS Video Recorder 2.4

AVS4YOU Software Navigator 1.4

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CyberLink DVD Suite

CyberLink MediaShow

CyberLink PowerDVD 8

ESET Online Scanner v3

HiJackThis

HP Advisor

HP Customer Experience Enhancements

HP Games

HP Setup

HP Smart Web Printing

HP Support Assistant

HP Update

HP User Guides 0148

HP Wireless Assistant

HPAsset component for HP Active Support Library

IDT Audio

Java Auto Updater

Java 6 Update 19

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes' Anti-Malware

Microsoft Choice Guard

Microsoft Live Search Toolbar

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.0.12)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal

Power2Go

PowerDirector

Pro Media Director Version 2.0.0.1

Realtek 8136 8168 8169 Ethernet Driver

Realtek USB 2.0 Card Reader

Recovery Manager

Slingbox - Watch Your TV Anywhere

SlingPlayer

STOPzilla

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

==== Event Viewer Messages From Past Week ========

5/7/2010 12:09:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv TfFsMon TfSysMon

5/7/2010 12:09:38 AM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The parameter is incorrect.

5/7/2010 12:09:08 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

5/5/2010 9:05:41 AM, Error: Service Control Manager [7030] - The CAISafe service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/5/2010 9:05:15 AM, Error: Service Control Manager [7030] - The CA Common Scheduler Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/5/2010 11:11:51 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {B8417502-7095-4D02-AF41-92134CEA5ED0}

5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {8449273F-059F-4B7C-BF37-2E3C028E93D2}

5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service UmxCfg with arguments "" in order to run the server: {5EBFD120-E4FE-46C5-8E21-05D903BAAEEC}

5/5/2010 1:46:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CaCCProvSP with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

5/5/2010 1:45:39 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/5/2010 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/5/2010 1:45:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/5/2010 1:45:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/5/2010 1:45:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache is3srv KmxAgent KmxCfg NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TfFsMon TfSysMon vwififlt Wanarpv6 WfpLwf

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/5/2010 1:45:19 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/4/2010 10:18:37 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

==== End Of File ===========================

Link to post
Share on other sites

Step 1:

Please, uninstall the following applications:

  1. Adobe Reader 9.1 MUI

You can read, how to this in:

Step 2:

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply
    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java

Step 3:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. ESET Online Scanner log
  3. a new fresh DDS log only

Link to post
Share on other sites

Java log

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri May 07 14:44:06 2010

------------------------------------

Finished reporting.

ESET On Line Scanner log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=82e9ec87b1b2074896287b77117f8600

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-05-07 09:31:36

# local_time=2010-05-07 05:31:36 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=4864 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 24802430 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=153487

# found=0

# cleaned=0

# scan_time=8916

DDS Log Only

DDS (Ver_10-03-17.01) - NTFSX64

Run by Charboneau at 17:41:27.67 on Fri 05/07/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1284 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Charboneau\Desktop\dds.scr

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~4\office12\GR469A~1.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll

BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files (x86)\stopzilla!\SZIEBHO.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0566.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [WirelessAssistant] c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~4\office12\GRA32A~1.DLL

Notify: PFW - UmxWnp.Dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~4\office12\GR469A~1.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun-x64: [sysTrayApp] c:\program files\idt\wdm\sttray64.exe

mRun-x64: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\charbo~1\appdata\roaming\mozilla\firefox\profiles\wr0nkpe6.default\

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\program files (x86)\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\syswow64\adobe\director\np32dsw.dll

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 141304]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 106488]

R1 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 334712]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-12-26 89600]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-5 203264]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2010-5-5 304128]

R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2010-5-5 285008]

R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-5-6 304464]

R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2009-8-4 1479160]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxCfg.exe [2009-7-13 760664]

R2 UmxPol;HIPS Policy Manager;c:\program files (x86)\ca\sharedcomponents\hipsengine\UmxPol.exe [2009-7-27 227832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-9 24664]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-26 215040]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-26 36408]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-10 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-05-07 18:12:56 1232 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-05-06 12:11:26 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-05-05 15:18:30 0 d-----w- c:\program files (x86)\Trend Micro

2010-05-05 13:05:30 0 d-----w- c:\program files (x86)\CA

2010-05-05 13:05:00 0 d-----w- c:\program files\CA

2010-05-05 13:03:41 0 d-----w- c:\programdata\CA

2010-05-04 15:25:39 0 d-----w- c:\program files (x86)\ESET

2010-05-04 14:04:29 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-05-04 14:04:05 12867072 ----a-w- c:\windows\syswow64\shell32.dll

2010-05-04 14:04:04 96768 ----a-w- c:\windows\syswow64\sspicli.dll

2010-05-04 14:04:04 22016 ----a-w- c:\windows\syswow64\secur32.dll

2010-05-04 14:04:04 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2010-05-04 14:04:04 1446912 ----a-w- c:\windows\system32\lsasrv.dll

2010-04-15 18:29:37 612352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-15 18:29:37 427520 ----a-w- c:\windows\syswow64\vbscript.dll

2010-04-15 18:29:32 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-15 18:29:31 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-15 18:29:31 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-15 18:29:25 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-15 18:29:24 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe

2010-04-15 18:29:24 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe

2010-04-15 18:27:04 220672 ----a-w- c:\windows\system32\wintrust.dll

2010-04-15 18:27:04 172032 ----a-w- c:\windows\syswow64\wintrust.dll

2010-04-15 18:27:03 139264 ----a-w- c:\windows\system32\cabview.dll

2010-04-15 18:27:03 132608 ----a-w- c:\windows\syswow64\cabview.dll

2010-04-13 12:48:10 0 d-----w- c:\users\charbo~1\appdata\roaming\AVS4YOU

2010-04-12 18:04:54 0 d-----w- c:\programdata\Spybot - Search & Destroy

2010-04-12 18:04:54 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy

2010-04-12 17:17:37 63460 ----a-w- c:\windows\system32\drivers\KmxAgent.asc

2010-04-12 16:06:45 18594 ----a-w- c:\windows\system32\entitlement.xml

2010-04-12 15:19:07 0 d-----w- c:\programdata\PC Tools

2010-04-12 15:15:34 0 d-----w- c:\users\charbo~1\appdata\roaming\GetRightToGo

2010-04-12 14:44:47 0 d-----w- c:\users\charbo~1\appdata\roaming\Malwarebytes

2010-04-10 18:27:37 0 d-----w- c:\users\charboneau\rapid

2010-04-10 18:14:55 0 d-----w- c:\windows\syswow64\Wat

2010-04-10 18:14:55 0 d-----w- c:\windows\system32\Wat

2010-04-10 18:11:35 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-04-10 18:11:35 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-04-10 17:38:28 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-04-10 17:37:59 977920 ----a-w- c:\windows\syswow64\wininet.dll

2010-04-10 17:37:59 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll

2010-04-10 17:37:59 606208 ----a-w- c:\windows\syswow64\mstime.dll

2010-04-10 17:37:59 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2010-04-10 17:37:59 1225216 ----a-w- c:\windows\syswow64\urlmon.dll

2010-04-10 17:37:59 1192960 ----a-w- c:\windows\system32\wininet.dll

2010-04-10 17:37:30 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-04-10 17:37:30 2048 ----a-w- c:\windows\system32\tzres.dll

2010-04-10 17:35:54 960512 ----a-w- c:\windows\system32\CPFilters.dll

2010-04-10 17:35:54 641536 ----a-w- c:\windows\syswow64\CPFilters.dll

2010-04-10 17:35:54 613888 ----a-w- c:\windows\system32\psisdecd.dll

2010-04-10 17:35:54 552960 ----a-w- c:\windows\system32\msdri.dll

2010-04-10 17:35:54 288256 ----a-w- c:\windows\system32\MSNP.ax

2010-04-10 17:35:54 204288 ----a-w- c:\windows\syswow64\MSNP.ax

2010-04-10 17:35:53 465408 ----a-w- c:\windows\syswow64\psisdecd.dll

2010-04-10 17:33:28 716800 ----a-w- c:\windows\syswow64\jscript.dll

2010-04-10 17:21:45 46592 ----a-w- c:\windows\system32\msasn1.dll

2010-04-10 17:21:45 34816 ----a-w- c:\windows\syswow64\msasn1.dll

2010-04-10 17:21:21 464896 ----a-w- c:\windows\system32\drivers\srv.sys

2010-04-10 17:21:21 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-04-10 17:06:57 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

2010-04-10 17:06:56 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf

2010-04-10 17:06:56 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

2010-04-10 17:00:58 0 d-----w- c:\programdata\Recovery

2010-04-10 16:55:23 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf

2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

2010-04-10 16:55:23 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

2010-04-10 16:55:22 65536 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf

2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

2010-04-10 16:55:22 524288 --sha-w- c:\users\charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

2010-04-10 16:55:22 262144 --sha-w- c:\users\charboneau\ntuser.dat.LOG1

2010-04-10 16:55:22 0 --sha-w- c:\users\charboneau\ntuser.dat.LOG2

2010-04-10 15:28:56 0 d-----w- c:\program files (x86)\MSXML 4.0

2010-04-10 15:22:28 0 d-----w- c:\program files (x86)\Pelican Performance

2010-04-10 13:47:38 0 d-----w- c:\program files (x86)\STOPzilla!

2010-04-10 00:50:46 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8

2010-04-10 00:45:22 24664 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-10 00:45:22 0 d-----w- c:\programdata\Malwarebytes

2010-04-10 00:44:39 0 d-----w- c:\users\charboneau\saved aps

2010-04-10 00:39:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-04-09 18:52:57 0 d-----w- c:\programdata\SITEguard

2010-04-09 18:52:16 0 d-----w- c:\program files (x86)\common files\iS3

2010-04-09 18:52:15 0 d-----w- c:\programdata\STOPzilla!

2010-04-09 18:48:41 1003008 ----a-w- c:\windows\syswow64\libeay32.dll

2010-04-09 18:46:49 156910 ----a-w- c:\windows\WMSysPr8.prx

2010-04-09 18:45:39 0 d-----w- c:\program files (x86)\common files\AVSMedia

2010-04-09 18:45:15 974848 ----a-w- c:\windows\syswow64\mfc70.dll

2010-04-09 18:45:15 487424 ----a-w- c:\windows\syswow64\msvcp70.dll

2010-04-09 18:45:15 344064 ----a-w- c:\windows\syswow64\msvcr70.dll

2010-04-09 18:45:14 1700352 ----a-w- c:\windows\syswow64\GdiPlus.dll

2010-04-09 18:45:14 0 d-----w- c:\programdata\AVS4YOU

2010-04-09 18:45:14 0 d-----w- c:\program files (x86)\AVS4YOU

2010-04-09 18:41:20 0 d-----w- c:\program files (x86)\CCleaner

2010-04-09 18:12:49 0 d-----w- c:\programdata\Sun

2010-04-09 14:48:12 0 d-----w- c:\windows\PCHEALTH

2010-04-09 14:45:50 0 d-----w- c:\program files\Microsoft Office

2010-04-09 14:45:04 0 d-----w- c:\windows\SHELLNEW

2010-04-09 14:35:32 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-04-09 14:07:03 95472 ----a-w- c:\windows\syswow64\Vetredir.dll

2010-04-09 14:07:03 250608 ----a-w- c:\windows\system32\isafprod64.dll

2010-04-09 14:07:03 201968 ----a-w- c:\windows\syswow64\Isafprod.dll

2010-04-09 14:07:03 140016 ----a-w- c:\windows\system32\isafeif64.dll

2010-04-09 14:07:03 128240 ----a-w- c:\windows\syswow64\Isafeif.dll

2010-04-09 14:07:03 103152 ----a-w- c:\windows\system32\vetredir64.dll

2010-04-09 02:27:27 20 --sh--w- c:\users\charboneau\ntuser.ini

==================== Find3M ====================

2010-03-09 08:28:20 411368 ----a-w- c:\windows\syswow64\deploytk.dll

2010-03-05 22:16:42 17408 ----a-r- c:\windows\syswow64\SZIO5.dll

2010-03-05 22:14:16 442368 ----a-r- c:\windows\syswow64\SZBase5.dll

2010-03-05 22:13:44 540672 ----a-r- c:\windows\syswow64\SZComp5.dll

2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll

2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:42:17.20 ===============

Link to post
Share on other sites

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

Ran Dr.Web Cureit, tried to save report list would not open any other window to save file. Tried several times no luck. When I closed Dr.Web it stated that a text log was saved in Users dir. To big to post I attached as a zip, also attached screen shot of what Dr. Web Cureit found. Should I run this again and see if it will give me the Cureit.csv file? Took over 5 hours to run complete scan. Hijackthis log is below.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:10:17 AM, on 5/8/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office12\GR469A~1.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~4\Office12\GRA32A~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe

O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9579 bytes

CureIt.zip

post-39291-1273296678_thumb.png

Link to post
Share on other sites

Important!

All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.

I need you to follow the instructions provided here
first.

I also need for you to download this program
to your desktop.


  • Close all applications and windows so that you have nothing open and are at your Desktop

  • Double-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.

  • Place a checkmark in the
    Scan All Users
    checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)

  • Click the Run Scan button

  • NOTE:
    Please be patient and let the scan run without using the computer

  • When the scan is complete, a text file (
    OTListIt.Txt
    ) will open in Notepad (if not, it can be found on your Desktop)

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.

  • Submit your reply and close the Notepad window with
    OTList.txt

  • Also OTListIt's
    Extras.txt
    log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the window

  • In Notepad, click
    Edit
    ,
    Select all
    then
    Edit
    ,
    Copy

  • Reply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.

  • NOTE:
    If the files (
    OTListIt.txt, Extras.txt
    ) do not appear in your taskbar, just open the files in notepad from your desktop.


Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me.

Link to post
Share on other sites

I finally found the CA internet security log, boy do they bury it.. see below. Does this help?

5/8/2010 9:27:31 AM

6

XP Internet Security 2010

software\classes\.exe

3

993

0

XP Internet Security 2010

3

993

3

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe

3

993

0

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command

3

993

0

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command

3

993

0

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command

3

993

0

Link to post
Share on other sites

OTL logfile created on: 5/8/2010 2:20:22 PM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charboneau\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 219.07 Gb Total Space | 184.05 Gb Free Space | 84.02% Space Free | Partition Type: NTFS

Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATTHEW-PC

Current User Name: Charboneau

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/09 21:04:02 | 000,177,600 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

PRC - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe

PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe

PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe

========== Modules (SafeList) ==========

MOD - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/05 09:17:03 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)

SRV:64bit: - [2010/05/05 09:17:03 | 000,285,008 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)

SRV:64bit: - [2010/04/10 14:07:10 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV:64bit: - [2009/11/21 00:29:38 | 000,304,128 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)

SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/08/04 11:42:24 | 001,479,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)

SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)

SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)

SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)

SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)

SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)

SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)

SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)

SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)

SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)

SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)

SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)

SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)

SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)

SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)

SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)

SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)

SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)

SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2009/12/23 11:29:38 | 000,141,304 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)

DRV:64bit: - [2009/12/23 11:29:38 | 000,106,488 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)

DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)

DRV:64bit: - [2009/09/30 17:51:02 | 000,334,712 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)

DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)

DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)

DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)

DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)

DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)

DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)

DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)

DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)

DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)

DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)

DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)

DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)

DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)

DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)

DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)

DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)

DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)

DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)

DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)

DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)

DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)

DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)

DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)

DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)

DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV - [2010/05/08 09:55:39 | 000,004,857 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 -- (KmxCfg)

DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)

DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)

DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 00:08:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 14:00:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/10 14:00:46 | 000,000,000 | ---D | M]

[2010/04/10 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Extensions

[2010/05/07 14:23:09 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions

[2010/05/04 10:13:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/04/10 14:11:10 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

[2010/05/04 10:13:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/04/10 14:11:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/04/10 14:11:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/05/07 14:33:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/09 14:53:22 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O3 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present

O7 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell - "" = AutoRun

O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell\AutoRun\command - "" = G:\HPLauncher.exe -- File not found

O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell - "" = AutoRun

O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/08 14:16:59 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

[2010/05/08 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\hpqlog

[2010/05/07 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\Documents\Pro Media Director

[2010/05/07 14:42:02 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Charboneau\Desktop\JavaRa.exe

[2010/05/07 14:31:13 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Adobe

[2010/05/06 08:11:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/05/06 08:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/05/05 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/05/05 09:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA

[2010/05/05 09:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\CA

[2010/05/05 09:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CA

[2010/05/04 11:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/05/04 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Macromedia

[2010/05/04 10:04:29 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys

[2010/05/04 10:04:04 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2010/05/04 10:04:04 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys

[2010/04/27 09:09:22 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Hewlett-Packard

[2010/04/19 15:06:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/04/15 14:29:37 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2010/04/15 14:29:37 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll

[2010/04/15 14:29:25 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2010/04/15 14:29:24 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2010/04/15 14:29:24 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2010/04/15 14:27:04 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2010/04/15 14:27:04 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll

[2010/04/15 14:27:03 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2010/04/15 14:27:03 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2010/04/13 08:48:10 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\AVS4YOU

[2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/04/12 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Diagnostics

[2010/04/12 11:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/04/12 11:15:38 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Adobe

[2010/04/12 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\GetRightToGo

[2010/04/12 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Malwarebytes

[2010/04/10 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Matthew\rapid

[2010/04/10 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\WinRAR

[2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/04/10 14:05:40 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010/04/10 14:05:38 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010/04/10 14:05:38 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll

[2010/04/10 14:05:38 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll

[2010/04/10 14:05:37 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010/04/10 14:05:37 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010/04/10 14:05:16 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2010/04/10 14:05:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2010/04/10 14:05:16 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2010/04/10 14:05:16 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2010/04/10 14:05:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll

[2010/04/10 14:05:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll

[2010/04/10 14:05:16 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll

[2010/04/10 14:05:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll

[2010/04/10 14:05:16 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll

[2010/04/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Mozilla

[2010/04/10 13:38:28 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll

[2010/04/10 13:38:27 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll

[2010/04/10 13:38:27 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2010/04/10 13:38:27 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2010/04/10 13:38:27 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe

[2010/04/10 13:38:27 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe

[2010/04/10 13:38:27 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2010/04/10 13:38:27 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2010/04/10 13:38:27 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe

[2010/04/10 13:38:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2010/04/10 13:38:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2010/04/10 13:38:27 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll

[2010/04/10 13:38:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2010/04/10 13:38:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2010/04/10 13:38:26 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2010/04/10 13:38:26 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2010/04/10 13:38:17 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010/04/10 13:38:17 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010/04/10 13:38:17 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2010/04/10 13:38:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2010/04/10 13:38:12 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2010/04/10 13:38:12 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2010/04/10 13:38:12 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2010/04/10 13:38:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2010/04/10 13:38:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2010/04/10 13:38:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2010/04/10 13:38:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2010/04/10 13:38:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2010/04/10 13:38:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2010/04/10 13:38:00 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll

[2010/04/10 13:37:59 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll

[2010/04/10 13:37:59 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll

[2010/04/10 13:37:59 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll

[2010/04/10 13:37:59 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll

[2010/04/10 13:37:59 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll

[2010/04/10 13:37:59 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll

[2010/04/10 13:37:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll

[2010/04/10 13:35:54 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/04/10 13:35:54 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/04/10 13:35:54 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2010/04/10 13:35:54 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/04/10 13:35:54 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/04/10 13:35:54 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/04/10 13:35:53 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2010/04/10 13:33:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2010/04/10 13:33:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2010/04/10 13:21:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll

[2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\ATI

[2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\ATI

[2010/04/10 13:07:26 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\VirtualStore

[2010/04/10 13:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

[2010/04/10 11:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/04/10 11:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pelican Performance

[2010/04/10 09:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!

[2010/04/09 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8

[2010/04/09 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

[2010/04/09 20:45:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/09 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/04/09 20:44:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew\saved aps

[2010/04/09 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Mozilla

[2010/04/09 20:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010/04/09 20:39:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Cyberlink

[2010/04/09 14:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard

[2010/04/09 14:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3

[2010/04/09 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2010/04/09 14:48:41 | 001,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll

[2010/04/09 14:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2010/04/09 14:45:15 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc70.dll

[2010/04/09 14:45:15 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll

[2010/04/09 14:45:15 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll

[2010/04/09 14:45:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll

[2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2010/04/09 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/04/09 14:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/04/09 10:48:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/04/09 10:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/04/09 10:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/04/09 10:45:04 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW

[2010/04/09 10:07:03 | 000,250,608 | ---- | C] (CA, Inc.) -- C:\Windows\SysNative\isafprod64.dll

[2010/04/09 10:07:03 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\SysWow64\Isafprod.dll

[2010/04/09 10:07:03 | 000,140,016 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\isafeif64.dll

[2010/04/09 10:07:03 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Isafeif.dll

[2010/04/09 10:07:03 | 000,103,152 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\vetredir64.dll

[2010/04/09 10:07:03 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Vetredir.dll

[2010/04/09 10:07:02 | 000,000,000 | -H-D | C] -- C:\Config.msi

[2010/04/09 02:41:14 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Microsoft Games

[2010/04/08 22:30:59 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Searches

[2010/04/08 22:30:49 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Contacts

[2010/04/08 22:30:28 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Hewlett-Packard

[2010/04/08 22:27:26 | 000,000,000 | --SD | C] -- C:\Users\Matthew\AppData\Roaming\Microsoft

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Videos

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Saved Games

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Pictures

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Music

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Links

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Favorites

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Downloads

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\My Documents

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Desktop

[2010/04/08 22:27:26 | 000,000,000 | -H-D | C] -- C:\Users\Matthew\AppData

[2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Temp

[2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/05/08 14:21:52 | 001,048,576 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat

[2010/05/08 14:18:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/08 14:18:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/08 14:15:44 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/05/08 14:15:44 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/05/08 14:15:44 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/05/08 14:11:53 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2010/05/08 14:11:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/08 14:11:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/08 14:11:13 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/08 09:55:39 | 000,004,857 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0

[2010/05/08 09:55:39 | 000,000,209 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1

[2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7

[2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6

[2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5

[2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4

[2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3

[2010/05/08 09:55:39 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1

[2010/05/08 09:55:39 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0

[2010/05/08 09:55:26 | 001,332,889 | -H-- | M] () -- C:\Users\Charboneau\AppData\Local\IconCache.db

[2010/05/08 09:21:56 | 318,360,088 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/05/08 08:46:08 | 000,000,160 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg

[2010/05/08 07:47:04 | 000,127,039 | ---- | M] () -- C:\Users\Charboneau\Desktop\CA internet security.png

[2010/05/08 01:29:04 | 000,163,545 | ---- | M] () -- C:\Users\Charboneau\Desktop\CureIt.zip

[2010/05/08 01:18:39 | 000,001,236 | ---- | M] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk

[2010/05/08 00:42:26 | 000,127,462 | ---- | M] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png

[2010/05/06 08:11:30 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/05 11:18:30 | 000,002,999 | ---- | M] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk

[2010/05/04 10:12:02 | 000,001,885 | ---- | M] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk

[2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/19 14:22:01 | 000,000,101 | ---- | M] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u

[2010/04/12 13:17:40 | 000,063,460 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc

[2010/04/12 12:06:45 | 000,018,594 | ---- | M] () -- C:\Windows\SysNative\entitlement.xml

[2010/04/10 14:28:16 | 000,000,969 | ---- | M] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk

[2010/04/10 14:16:25 | 000,442,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/04/10 14:00:49 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 13:11:27 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 13:08:13 | 000,118,664 | ---- | M] () -- C:\Users\Charboneau\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:24 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 11:22:52 | 000,001,254 | ---- | M] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk

[2010/04/09 20:50:00 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini

[2010/04/09 20:39:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/04/09 14:49:11 | 000,001,201 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk

[2010/04/09 14:47:52 | 000,001,213 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk

[2010/04/09 14:47:05 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\AVS Media Player.lnk

[2010/04/09 14:45:50 | 000,001,244 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk

[2010/04/09 10:52:51 | 000,002,693 | ---- | M] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk

[2010/04/08 22:27:27 | 000,000,020 | -HS- | M] () -- C:\Users\Charboneau\ntuser.ini

[2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2010/05/08 14:11:51 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2010/05/08 09:21:56 | 318,360,088 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/05/08 08:46:08 | 000,000,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg

[2010/05/08 07:43:21 | 000,127,039 | ---- | C] () -- C:\Users\Charboneau\Desktop\CA internet security.png

[2010/05/08 01:29:04 | 000,163,545 | ---- | C] () -- C:\Users\Charboneau\Desktop\CureIt.zip

[2010/05/08 00:42:26 | 000,127,462 | ---- | C] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png

[2010/05/07 14:55:19 | 002,672,312 | ---- | C] () -- C:\Users\Charboneau\Desktop\esetsmartinstaller_enu.exe

[2010/05/07 14:42:02 | 000,245,103 | ---- | C] () -- C:\Users\Charboneau\Desktop\JavaRa.def

[2010/05/07 00:49:15 | 000,293,376 | ---- | C] () -- C:\Users\Charboneau\Desktop\gmer.exe

[2010/05/07 00:27:19 | 000,525,824 | ---- | C] () -- C:\Users\Charboneau\Desktop\dds.scr

[2010/05/06 08:11:30 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/05 11:18:30 | 000,002,999 | ---- | C] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk

[2010/05/05 09:18:44 | 000,004,857 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0

[2010/05/05 09:18:44 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2

[2010/04/15 16:40:31 | 000,000,101 | ---- | C] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u

[2010/04/12 14:02:40 | 000,001,236 | ---- | C] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk

[2010/04/12 13:17:37 | 000,063,460 | ---- | C] () -- C:\Windows\SysNative\drivers\KmxAgent.asc

[2010/04/12 12:06:45 | 000,018,594 | ---- | C] () -- C:\Windows\SysNative\entitlement.xml

[2010/04/10 14:28:16 | 000,000,969 | ---- | C] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk

[2010/04/10 14:00:49 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/04/10 13:06:57 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 13:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 13:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:23 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:22 | 001,048,576 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat

[2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:22 | 000,262,144 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG1

[2010/04/10 12:55:22 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:22 | 000,000,000 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG2

[2010/04/10 11:22:52 | 000,001,254 | ---- | C] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk

[2010/04/09 20:39:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/04/09 14:49:11 | 000,001,201 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk

[2010/04/09 14:47:52 | 000,001,213 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk

[2010/04/09 14:47:05 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\AVS Media Player.lnk

[2010/04/09 14:46:49 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx

[2010/04/09 14:45:50 | 000,001,244 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk

[2010/04/09 14:41:21 | 000,001,885 | ---- | C] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk

[2010/04/09 10:52:51 | 000,002,693 | ---- | C] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0

[2010/04/08 22:31:25 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2010/04/08 22:27:27 | 000,000,020 | -HS- | C] () -- C:\Users\Charboneau\ntuser.ini

[2009/12/26 04:24:39 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2009/12/26 04:24:39 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 5/8/2010 2:20:22 PM - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charboneau\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 219.07 Gb Total Space | 184.05 Gb Free Space | 84.02% Space Free | Partition Type: NTFS

Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATTHEW-PC

Current User Name: Charboneau

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-702038232-3936553361-3625785534-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{244FBE3B-3814-4999-A24D-672149DC822B}" = AMRT

"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"eTrust Suite Personal" = CA Internet Security Suite

"LSI Soft Modem" = LSI HDA Modem

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation

"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista

"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light

"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai

"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common

"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian

"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar

"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant

"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish

"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian

"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish

"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant

"{7B798B31-2F33-4DC8-BDA4-D36488E86636}" = Slingbox - Watch Your TV Anywhere

"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CEA4C7D0-ABBE-4074-A488-173BB382CDFF}" =

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English

"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A9EB5FC-1155-497B-9AF9-D1AB20382B10}" = STOPzilla

"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148

"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech

"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek

"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian

"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All

"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar

"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard

"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2

"AVS Disc Creator_is1" = AVS Disc Creator version 4.1

"AVS DVD Authoring_is1" = AVS DVD Authoring

"AVS Media Player_is1" = AVS Media Player 3.1

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS Video Recorder_is1" = AVS Video Recorder 2.4

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.0.75

"CCleaner" = CCleaner

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)

"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/12/2010 1:31:17 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/12/2010 1:39:02 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/13/2010 8:48:17 AM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/15/2010 2:25:02 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/15/2010 3:27:13 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 67

Description =

Error - 4/15/2010 3:28:13 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/19/2010 2:21:26 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/19/2010 2:26:47 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 67

Description =

Error - 4/19/2010 2:27:47 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

Error - 4/19/2010 3:09:25 PM | Computer Name = Matthew-PC | Source = UmxAgent | ID = 99

Description =

[ System Events ]

Error - 5/5/2010 11:11:38 AM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 5/5/2010 11:11:51 AM | Computer Name = Matthew-PC | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

Error - 5/5/2010 11:12:03 AM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

is3srv TfFsMon TfSysMon

Error - 5/5/2010 11:19:58 AM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 5/5/2010 11:20:13 AM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

is3srv TfFsMon TfSysMon

Error - 5/5/2010 11:56:41 AM | Computer Name = Matthew-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 11:30:49 AM on ?5/?5/?2010 was unexpected.

Error - 5/5/2010 11:56:41 AM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 5/5/2010 11:57:00 AM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

is3srv TfFsMon TfSysMon

Error - 5/5/2010 12:09:58 PM | Computer Name = Matthew-PC | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 5/5/2010 12:10:13 PM | Computer Name = Matthew-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

is3srv TfFsMon TfSysMon

< End of report >

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-702038232-3936553361-3625785534-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

:Commands
[emptytemp]
[Reboot]

  • Click on Run Fix
  • Wait patiently until the program finished its work. Then, having completed its work, the computer will reboot.

After computer reboot, run OTL.exe and the click on Quick Scan. Will eventually be generated log file, which is necessary to copy and post in your next post in this topic.

Link to post
Share on other sites

OTL logfile created on: 5/8/2010 4:49:05 PM - Run 2

OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Charboneau\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 219.07 Gb Total Space | 184.08 Gb Free Space | 84.03% Space Free | Partition Type: NTFS

Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.60% Space Free | Partition Type: NTFS

Drive E: | 99.18 Mb Total Space | 92.59 Mb Free Space | 93.36% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MATTHEW-PC

Current User Name: Charboneau

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/09 21:04:02 | 000,177,600 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe

PRC - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe

PRC - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe

PRC - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe

========== Modules (SafeList) ==========

MOD - [2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

MOD - [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/05/05 09:17:03 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)

SRV:64bit: - [2010/05/05 09:17:03 | 000,285,008 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)

SRV:64bit: - [2010/04/10 14:07:10 | 001,255,736 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV:64bit: - [2009/11/21 00:29:38 | 000,304,128 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)

SRV:64bit: - [2009/08/05 00:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/08/04 11:42:24 | 001,479,160 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)

SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)

SRV:64bit: - [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)

SRV:64bit: - [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)

SRV:64bit: - [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)

SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)

SRV:64bit: - [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)

SRV:64bit: - [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)

SRV:64bit: - [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)

SRV:64bit: - [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)

SRV:64bit: - [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)

SRV:64bit: - [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)

SRV:64bit: - [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)

SRV:64bit: - [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)

SRV:64bit: - [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)

SRV:64bit: - [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)

SRV:64bit: - [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)

SRV:64bit: - [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)

SRV:64bit: - [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)

SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)

SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 15:59:36 | 000,057,344 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)

SRV - [2009/07/27 16:40:44 | 000,227,832 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)

SRV - [2009/07/13 23:20:14 | 000,000,000 | ---D | M] [unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)

SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 16:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)

SRV - [2009/07/13 11:39:14 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)

SRV - [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2009/06/05 20:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2005/11/14 05:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2009/12/23 11:29:38 | 000,141,304 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)

DRV:64bit: - [2009/12/23 11:29:38 | 000,106,488 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)

DRV:64bit: - [2009/12/11 06:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)

DRV:64bit: - [2009/09/30 17:51:02 | 000,334,712 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)

DRV:64bit: - [2009/09/26 02:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)

DRV:64bit: - [2009/09/21 23:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/08/05 01:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)

DRV:64bit: - [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)

DRV:64bit: - [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)

DRV:64bit: - [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)

DRV:64bit: - [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)

DRV:64bit: - [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)

DRV:64bit: - [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)

DRV:64bit: - [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV:64bit: - [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV:64bit: - [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)

DRV:64bit: - [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)

DRV:64bit: - [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)

DRV:64bit: - [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)

DRV:64bit: - [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)

DRV:64bit: - [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)

DRV:64bit: - [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)

DRV:64bit: - [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV:64bit: - [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)

DRV:64bit: - [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)

DRV:64bit: - [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)

DRV:64bit: - [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)

DRV:64bit: - [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)

DRV:64bit: - [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)

DRV:64bit: - [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)

DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)

DRV:64bit: - [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)

DRV:64bit: - [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

DRV:64bit: - [2009/03/09 10:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV - [2010/05/08 16:45:45 | 000,004,857 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 -- (KmxCfg)

DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)

DRV - [2010/01/15 16:22:22 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)

DRV - [2009/06/10 17:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

DRV - [2009/06/10 17:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51

FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/10/31 00:08:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/10 14:00:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/10 14:00:46 | 000,000,000 | ---D | M]

[2010/04/10 14:00:55 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Extensions

[2010/05/08 14:36:00 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions

[2010/05/04 10:13:12 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/04/10 14:11:10 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}

[2010/05/04 10:13:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/04/10 14:11:11 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/04/10 14:11:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Charboneau\AppData\Roaming\mozilla\Firefox\Profiles\wr0nkpe6.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/05/07 14:33:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/09 14:53:22 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files (x86)\STOPzilla!\SZIEBHO.dll (iS3, Inc.)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)

O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\PFW: DllName - Reg Error: Key error. - Reg Error: Value error. File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell - "" = AutoRun

O33 - MountPoints2\{6d5d3f2f-46fa-11df-bba3-00269ec53d15}\Shell\AutoRun\command - "" = G:\HPLauncher.exe -- File not found

O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell - "" = AutoRun

O33 - MountPoints2\{c5651e6f-4438-11df-8a13-00269ec53d15}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/05/08 16:45:10 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/05/08 14:16:59 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

[2010/05/08 08:05:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\hpqlog

[2010/05/07 17:40:59 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\Documents\Pro Media Director

[2010/05/07 14:42:02 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Charboneau\Desktop\JavaRa.exe

[2010/05/07 14:31:13 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Adobe

[2010/05/06 08:11:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/05/06 08:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/05/05 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2010/05/05 09:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CA

[2010/05/05 09:05:00 | 000,000,000 | ---D | C] -- C:\Program Files\CA

[2010/05/05 09:03:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CA

[2010/05/04 11:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2010/05/04 11:23:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Macromedia

[2010/04/27 09:09:22 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Hewlett-Packard

[2010/04/19 15:06:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2010/04/13 08:48:10 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\AVS4YOU

[2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/04/12 14:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/04/12 11:55:49 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Diagnostics

[2010/04/12 11:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2010/04/12 11:15:38 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Adobe

[2010/04/12 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\GetRightToGo

[2010/04/12 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Malwarebytes

[2010/04/10 14:27:37 | 000,000,000 | ---D | C] -- C:\Users\Matthew\rapid

[2010/04/10 14:23:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\WinRAR

[2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2010/04/10 14:14:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2010/04/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\Mozilla

[2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Roaming\ATI

[2010/04/10 13:08:51 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\ATI

[2010/04/10 13:07:26 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\VirtualStore

[2010/04/10 13:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

[2010/04/10 11:28:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2010/04/10 11:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pelican Performance

[2010/04/10 09:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!

[2010/04/09 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8

[2010/04/09 20:46:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR

[2010/04/09 20:45:22 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/09 20:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/04/09 20:44:39 | 000,000,000 | ---D | C] -- C:\Users\Matthew\saved aps

[2010/04/09 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Mozilla

[2010/04/09 20:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010/04/09 20:39:30 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Cyberlink

[2010/04/09 14:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\SITEguard

[2010/04/09 14:52:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3

[2010/04/09 14:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2010/04/09 14:48:41 | 001,003,008 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll

[2010/04/09 14:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia

[2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU

[2010/04/09 14:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU

[2010/04/09 14:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/04/09 14:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio

[2010/04/09 10:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER

[2010/04/09 10:48:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2010/04/09 10:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2010/04/09 10:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2010/04/09 10:45:04 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW

[2010/04/09 10:07:03 | 000,250,608 | ---- | C] (CA, Inc.) -- C:\Windows\SysNative\isafprod64.dll

[2010/04/09 10:07:03 | 000,201,968 | ---- | C] (CA, Inc.) -- C:\Windows\SysWow64\Isafprod.dll

[2010/04/09 10:07:03 | 000,140,016 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\isafeif64.dll

[2010/04/09 10:07:03 | 000,128,240 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Isafeif.dll

[2010/04/09 10:07:03 | 000,103,152 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysNative\vetredir64.dll

[2010/04/09 10:07:03 | 000,095,472 | ---- | C] (Computer Associates International, Inc.) -- C:\Windows\SysWow64\Vetredir.dll

[2010/04/09 10:07:02 | 000,000,000 | -H-D | C] -- C:\Config.msi

[2010/04/09 02:41:14 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Microsoft Games

[2010/04/08 22:30:59 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Searches

[2010/04/08 22:30:49 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Contacts

[2010/04/08 22:30:28 | 000,000,000 | ---D | C] -- C:\Users\Charboneau\AppData\Local\Hewlett-Packard

[2010/04/08 22:27:26 | 000,000,000 | --SD | C] -- C:\Users\Matthew\AppData\Roaming\Microsoft

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Videos

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Saved Games

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Pictures

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Charboneau\Music

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Links

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Favorites

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Downloads

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\My Documents

[2010/04/08 22:27:26 | 000,000,000 | R--D | C] -- C:\Users\Matthew\Desktop

[2010/04/08 22:27:26 | 000,000,000 | -H-D | C] -- C:\Users\Matthew\AppData

[2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Temp

[2010/04/08 22:27:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Microsoft

[2010/03/05 18:16:42 | 000,017,408 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll

[2010/03/05 18:14:16 | 000,442,368 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll

[2010/03/05 18:13:44 | 000,540,672 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll

========== Files - Modified Within 90 Days ==========

[2010/05/08 16:46:55 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2010/05/08 16:46:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/05/08 16:46:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/05/08 16:46:10 | 2211,602,432 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/08 16:45:45 | 000,004,857 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0

[2010/05/08 16:45:45 | 000,000,209 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1

[2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7

[2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6

[2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5

[2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4

[2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3

[2010/05/08 16:45:45 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1

[2010/05/08 16:45:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0

[2010/05/08 16:45:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/05/08 16:45:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/05/08 16:45:33 | 001,048,576 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat

[2010/05/08 16:45:30 | 001,333,081 | -H-- | M] () -- C:\Users\Charboneau\AppData\Local\IconCache.db

[2010/05/08 16:45:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/05/08 16:45:20 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/05/08 16:45:20 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/05/08 09:21:56 | 318,360,088 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/05/08 08:46:08 | 000,000,160 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg

[2010/05/08 07:47:04 | 000,127,039 | ---- | M] () -- C:\Users\Charboneau\Desktop\CA internet security.png

[2010/05/08 01:29:04 | 000,163,545 | ---- | M] () -- C:\Users\Charboneau\Desktop\CureIt.zip

[2010/05/08 01:18:39 | 000,001,236 | ---- | M] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk

[2010/05/08 00:42:26 | 000,127,462 | ---- | M] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png

[2010/05/06 08:11:30 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/05 11:18:30 | 000,002,999 | ---- | M] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk

[2010/05/04 10:12:02 | 000,001,885 | ---- | M] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk

[2010/05/03 09:11:29 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Charboneau\Desktop\OTL.exe

[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/04/19 14:22:01 | 000,000,101 | ---- | M] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u

[2010/04/12 13:17:40 | 000,063,460 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc

[2010/04/12 12:06:45 | 000,018,594 | ---- | M] () -- C:\Windows\SysNative\entitlement.xml

[2010/04/10 14:28:16 | 000,000,969 | ---- | M] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk

[2010/04/10 14:16:25 | 000,442,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/04/10 14:00:49 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 13:11:27 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 13:11:27 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 13:08:13 | 000,118,664 | ---- | M] () -- C:\Users\Charboneau\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:24 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:24 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:22 | 000,524,288 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:22 | 000,065,536 | -HS- | M] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 11:22:52 | 000,001,254 | ---- | M] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk

[2010/04/09 20:50:00 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini

[2010/04/09 20:39:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/04/09 14:49:11 | 000,001,201 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk

[2010/04/09 14:47:52 | 000,001,213 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk

[2010/04/09 14:47:05 | 000,001,295 | ---- | M] () -- C:\Users\Public\Desktop\AVS Media Player.lnk

[2010/04/09 14:45:50 | 000,001,244 | ---- | M] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk

[2010/04/09 10:52:51 | 000,002,693 | ---- | M] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk

[2010/04/08 22:27:27 | 000,000,020 | -HS- | M] () -- C:\Users\Charboneau\ntuser.ini

[2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2010/04/08 18:26:55 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2010/03/17 07:52:36 | 000,525,824 | ---- | M] () -- C:\Users\Charboneau\Desktop\dds.scr

[2010/03/05 18:16:42 | 000,017,408 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll

[2010/03/05 18:14:16 | 000,442,368 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll

[2010/03/05 18:13:44 | 000,540,672 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll

========== Files Created - No Company Name ==========

[2010/05/08 16:46:53 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2010/05/08 09:21:56 | 318,360,088 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2010/05/08 08:46:08 | 000,000,160 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg

[2010/05/08 07:43:21 | 000,127,039 | ---- | C] () -- C:\Users\Charboneau\Desktop\CA internet security.png

[2010/05/08 01:29:04 | 000,163,545 | ---- | C] () -- C:\Users\Charboneau\Desktop\CureIt.zip

[2010/05/08 00:42:26 | 000,127,462 | ---- | C] () -- C:\Users\Charboneau\Desktop\Dr.Web Cureit screen.png

[2010/05/07 14:55:19 | 002,672,312 | ---- | C] () -- C:\Users\Charboneau\Desktop\esetsmartinstaller_enu.exe

[2010/05/07 14:42:02 | 000,245,103 | ---- | C] () -- C:\Users\Charboneau\Desktop\JavaRa.def

[2010/05/07 00:49:15 | 000,293,376 | ---- | C] () -- C:\Users\Charboneau\Desktop\gmer.exe

[2010/05/07 00:27:19 | 000,525,824 | ---- | C] () -- C:\Users\Charboneau\Desktop\dds.scr

[2010/05/06 08:11:30 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/05/05 11:18:30 | 000,002,999 | ---- | C] () -- C:\Users\Charboneau\Desktop\HiJackThis.lnk

[2010/05/05 09:18:44 | 000,004,857 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0

[2010/05/05 09:18:44 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3

[2010/05/05 09:18:44 | 000,000,081 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2

[2010/04/15 16:40:31 | 000,000,101 | ---- | C] () -- C:\Users\Charboneau\AppData\Roaming\AVSMediaPlayer.m3u

[2010/04/12 14:02:40 | 000,001,236 | ---- | C] () -- C:\Users\Charboneau\Desktop\Downloads - Shortcut.lnk

[2010/04/12 13:17:37 | 000,063,460 | ---- | C] () -- C:\Windows\SysNative\drivers\KmxAgent.asc

[2010/04/12 12:06:45 | 000,018,594 | ---- | C] () -- C:\Windows\SysNative\entitlement.xml

[2010/04/10 14:28:16 | 000,000,969 | ---- | C] () -- C:\Users\Charboneau\Desktop\rapid - Shortcut.lnk

[2010/04/10 14:00:49 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/04/10 13:06:57 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 13:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 13:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f4f5-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:23 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:23 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f466-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:22 | 001,048,576 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat

[2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000002.regtrans-ms

[2010/04/10 12:55:22 | 000,524,288 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TMContainer00000000000000000001.regtrans-ms

[2010/04/10 12:55:22 | 000,262,144 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG1

[2010/04/10 12:55:22 | 000,065,536 | -HS- | C] () -- C:\Users\Charboneau\ntuser.dat{c726f45b-44c1-11df-b1fa-00269ec53d15}.TM.blf

[2010/04/10 12:55:22 | 000,000,000 | -HS- | C] () -- C:\Users\Matthew\ntuser.dat.LOG2

[2010/04/10 11:22:52 | 000,001,254 | ---- | C] () -- C:\Users\Charboneau\Desktop\Pro Media Director.lnk

[2010/04/09 20:39:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2010/04/09 14:49:11 | 000,001,201 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Disc Creator.lnk

[2010/04/09 14:47:52 | 000,001,213 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS DVD Authoring.lnk

[2010/04/09 14:47:05 | 000,001,295 | ---- | C] () -- C:\Users\Public\Desktop\AVS Media Player.lnk

[2010/04/09 14:46:49 | 000,156,910 | ---- | C] () -- C:\Windows\WMSysPr8.prx

[2010/04/09 14:45:50 | 000,001,244 | ---- | C] () -- C:\Users\Charboneau\Desktop\AVS Video Converter 6.lnk

[2010/04/09 14:41:21 | 000,001,885 | ---- | C] () -- C:\Users\Charboneau\Desktop\CCleaner.lnk

[2010/04/09 10:52:51 | 000,002,693 | ---- | C] () -- C:\Users\Charboneau\Desktop\Microsoft Office Word 2007.lnk

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1

[2010/04/09 10:14:43 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0

[2010/04/08 22:31:25 | 000,000,186 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2010/04/08 22:27:27 | 000,000,020 | -HS- | C] () -- C:\Users\Charboneau\ntuser.ini

[2009/12/26 04:24:39 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2009/12/26 04:24:39 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2009/09/29 18:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/04/12 11:26:15 | 000,000,000 | ---D | M] -- C:\Users\Charboneau\AppData\Roaming\GetRightToGo

[2009/07/14 01:08:49 | 000,019,844 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

No, CA internet security quick scan still finding 6 xp internet security threats.

CA log:

5/8/2010 5:07:35 PM

6

XP Internet Security 2010

software\classes\.exe

3

993

0

XP Internet Security 2010

3

993

3

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe

3

993

0

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command

3

993

0

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe\shell\runas\command

3

993

0

XP Internet Security 2010

HKEY_CURRENT_USER\Software\Classes\.exe\shell\start\command

3

993

0

Link to post
Share on other sites

Download avz4.zip from: http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip

  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: avz-update-button.png
  • Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

[*]Start AVZ.

[*]Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.

avz-standardscripts-asa-removal.png

[*]Click on the

Link to post
Share on other sites

Can not cut and past to http://virustotal.com. When you click in window next to browse it opens new window to browse for files. When I paste C:\Windows\System32\SCardSvr.dll

in browser window to search for it, it says file can not be found check path or spelling. I browsed to the location stated in path and there is no file by that name there is a ScarDlg.dll.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.