Am I cleaned up? :/

**jdoe** · 29-10-2010

MBAM

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4980

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/28/2010 8:52:39 PM
mbam-log-2010-10-28 (20-52-39).txt

Scan type: Quick scan
Objects scanned: 150754
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\jzubisiq (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\hretedekos (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run\jgyo0w (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Cerius\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Cerius\downloads\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully.
C:\Users\Cerius\AppData\Roaming\SystemProc\lsass.e xe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\Update\seupd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Cerius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Cerius\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

**jdoe** · 29-10-2010

Gmer.log is blank... said it didn't find anything.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Insyde
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 240):
0x02C68000 \SystemRoot\system32\ntoskrnl.exe
0x02C1F000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00CFA000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00D07000 \SystemRoot\system32\PSHED.dll
0x00D1B000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EE4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F88000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F97000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FEE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E4A000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E53000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E7D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E92000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E9B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00EA7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D79000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EBC000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00EC4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00ED4000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00EDB000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF7000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DD5000 \SystemRoot\System32\drivers\mountmgr.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x010E2000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x0110B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0113B000 \SystemRoot\system32\DRIVERS\pciide.sys
0x01142000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012C4000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x013E2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01200000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0122A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x01247000 \SystemRoot\system32\DRIVERS\storport.sys
0x012A9000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0114A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01161000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01000000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01056000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01085000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014FF000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01546000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01551000 \SystemRoot\system32\DRIVERS\arc.sys
0x0156A000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01400000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01487000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01498000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x014B7000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x014CA000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x014E9000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01617000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016BB000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016CB000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x01855000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x016F6000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01800000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x0180E000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01826000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01755000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x0177F000 \SystemRoot\system32\drivers\fltmgr.sys
0x01830000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A4A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01585000 \SystemRoot\System32\Drivers\msrpc.sys
0x01A00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01CD3000 \SystemRoot\System32\Drivers\cng.sys
0x01D46000 \SystemRoot\System32\drivers\pcw.sys
0x01D57000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01E66000 \SystemRoot\system32\drivers\ndis.sys
0x01F58000 \SystemRoot\system32\drivers\NETIO.SYS
0x01FB8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02002000 \SystemRoot\System32\drivers\tcpip.sys
0x01E00000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E4A000 \SystemRoot\system32\DRIVERS\wd.sys
0x01D61000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E52000 \SystemRoot\System32\Drivers\spldr.sys
0x01FE3000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01DAD000 \SystemRoot\System32\drivers\rdyboost.sys
0x01DE7000 \SystemRoot\System32\Drivers\mup.sys
0x01E5A000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01C00000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01C0A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01C44000 \SystemRoot\system32\DRIVERS\disk.sys
0x01C5A000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01C9A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01CC4000 \SystemRoot\System32\Drivers\Null.SYS
0x01DF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A1A000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01BED000 \SystemRoot\System32\drivers\vga.sys
0x017CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01844000 \SystemRoot\System32\drivers\watchdog.sys
0x01A3D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x017F0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01600000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01609000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015E3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x010A3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x012B4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0348B000 \SystemRoot\system32\drivers\afd.sys
0x03515000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0355A000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03563000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03589000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0359F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x035CB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x035E6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03400000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x0341A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0346B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03477000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x035AE000 \SystemRoot\System32\drivers\discache.sys
0x010C1000 \SystemRoot\System32\Drivers\dfsc.sys
0x013EB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042F3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04319000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x044F7000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04400000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B0E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B54000 \SystemRoot\System32\Drivers\fastfat.SYS
0x04B8A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04C7F000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04DEE000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04C00000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04C39000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04C46000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x0432E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04C51000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x04C5D000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04BAE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04C6E000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x04BCC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04384000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x04BDB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04C7A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x043C3000 \SystemRoot\system32\DRIVERS\enecir.sys
0x04BEA000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x04BF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x043E0000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04200000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04216000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0423A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04246000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04275000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04290000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x042B1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x05205000 \SystemRoot\system32\DRIVERS\ks.sys
0x05248000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0525A000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0526C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x052C6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x052DB000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x052FB000 \SystemRoot\system32\drivers\portcls.sys
0x05338000 \SystemRoot\system32\drivers\drmk.sys
0x0535A000 \SystemRoot\system32\drivers\ksthunk.sys
0x05360000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06021000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x06152000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x06154000 \SystemRoot\system32\drivers\modem.sys
0x06163000 \SystemRoot\system32\DRIVERS\hidir.sys
0x06174000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x0618D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06196000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x061A4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x061B1000 \SystemRoot\System32\drivers\Dxapi.sys
0x061BD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x061CB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x061D7000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x061E2000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x053DB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x01C62000 \SystemRoot\System32\Drivers\usbvideo.sys
0x053E9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00510000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x008A0000 \SystemRoot\System32\ATMFD.DLL
0x042CB000 \SystemRoot\system32\drivers\luafv.sys
0x02E8B000 \SystemRoot\system32\DRIVERS\eamon.sys
0x02F5D000 \SystemRoot\system32\drivers\WudfPf.sys
0x02F7E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02F93000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02FE6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0402F000 \SystemRoot\system32\drivers\HTTP.sys
0x040F7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04115000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0412D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04159000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x041A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x041C9000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x041E9000 \SystemRoot\system32\drivers\npf.sys
0x0620F000 \SystemRoot\system32\drivers\peauth.sys
0x062B5000 \SystemRoot\System32\Drivers\secdrv.SYS
0x062C0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x062ED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x062FF000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06368000 \SystemRoot\System32\DRIVERS\srv.sys
0x77950000 \Windows\System32\ntdll.dll
0x47D70000 \Windows\System32\smss.exe
0xFFC70000 \Windows\System32\apisetschema.dll
0xFF9D0000 \Windows\System32\autochk.exe
0xFFC40000 \Windows\System32\imagehlp.dll
0xFFB60000 \Windows\System32\advapi32.dll
0xFFAC0000 \Windows\System32\msvcrt.dll
0xFFAB0000 \Windows\System32\nsi.dll
0xFF8D0000 \Windows\System32\setupapi.dll
0xFF7C0000 \Windows\System32\msctf.dll
0xFF640000 \Windows\System32\urlmon.dll
0x77B20000 \Windows\System32\normaliz.dll
0xFF570000 \Windows\System32\usp10.dll
0xFF520000 \Windows\System32\Wldap32.dll
0xFF310000 \Windows\System32\ole32.dll
0xFF270000 \Windows\System32\comdlg32.dll
0xFF190000 \Windows\System32\oleaut32.dll
0xFF170000 \Windows\System32\sechost.dll
0xFF100000 \Windows\System32\gdi32.dll
0xFE370000 \Windows\System32\shell32.dll
0xFE320000 \Windows\System32\ws2_32.dll
0xFE2A0000 \Windows\System32\difxapi.dll
0x77830000 \Windows\System32\kernel32.dll
0xFE200000 \Windows\System32\clbcatq.dll
0xFE1F0000 \Windows\System32\lpk.dll
0xFE0C0000 \Windows\System32\wininet.dll
0xFE090000 \Windows\System32\imm32.dll
0x77730000 \Windows\System32\user32.dll
0x77B10000 \Windows\System32\psapi.dll
0xFDF60000 \Windows\System32\rpcrt4.dll
0xFDEE0000 \Windows\System32\shlwapi.dll
0xFDC80000 \Windows\System32\iertutil.dll
0xFDBE0000 \Windows\System32\comctl32.dll
0xFDBC0000 \Windows\System32\devobj.dll
0xFDB50000 \Windows\System32\KernelBase.dll
0xFDB10000 \Windows\System32\cfgmgr32.dll
0xFD9A0000 \Windows\System32\crypt32.dll
0xFD960000 \Windows\System32\wintrust.dll
0xFD950000 \Windows\System32\msasn1.dll
0x773E0000 \Windows\SysWOW64\normaliz.dll

Processes (total 50):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
496 csrss.exe
564 C:\Windows\System32\wininit.exe
596 csrss.exe
628 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
728 C:\Windows\System32\winlogon.exe
796 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\atiesrxx.exe
1004 C:\Windows\System32\svchost.exe
264 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.e xe
1164 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\atieclxx.exe
1552 C:\Windows\System32\spoolsv.exe
1580 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.e xe
1692 C:\Program Files\LSI SoftModem\agr64svc.exe
1716 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1744 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1784 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1872 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\taskhost.exe
2236 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
2512 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2644 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2756 C:\Windows\System32\svchost.exe
2484 C:\Windows\System32\SearchIndexer.exe
3000 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2696 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
2968 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2956 C:\Windows\System32\taskeng.exe
2916 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2112 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
880 C:\Windows\System32\svchost.exe
1112 C:\Users\Cerius\Downloads\OTL.exe
868 C:\Windows\System32\wuauclt.exe
2032 C:\Windows\System32\atibtmon.exe
1912 C:\Windows\System32\audiodg.exe
1440 C:\Windows\System32\SearchProtocolHost.exe
888 C:\Windows\System32\SearchFilterHost.exe
512 C:\Users\Cerius\Downloads\MBRCheck.exe
1384 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`31300000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3256GSY, Rev: LH013C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CBCD51E4B6EE11DD843B0D66AA170585FC7A9A16

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**jdoe** · 29-10-2010

OTL logfile created on: 10/28/2010 9:17:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Cerius\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 5754 5754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 52.51 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 2.20 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: DARKPLANETCORP | User Name: Cerius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\atibtmon.exe
PRC - [2010/10/28 20:50:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cerius\Downloads\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/07/24 00:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 15:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/10/28 20:50:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cerius\Downloads\OTL.exe
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 21:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009/07/13 21:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 17:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/29 16:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64. exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64. exe -- (AESTFilters)
SRV - [2010/09/10 21:34:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/15 10

36 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/25 13:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/11 07:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/11 07:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/11 07:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/28 20:42:44 | 000,021,504 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009/07/28 17:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 21:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/08 17:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 17:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Verizon | MyVerizon 2.0 | Login
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firesheep@codebutler.com:0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\smartweb printing@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 18:14:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7673B4A 1-6A86-4FB7-B201-20428DC81491}: C:\Users\Cerius\AppData\Local\{7673B4A1-6A86-4FB7-B201-20428DC81491}\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 20:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 20:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplg Tb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/28 19:18:13 | 000,000,000 | ---D | M]

[2010/10/28 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Mozilla\Extensions
[2010/10/28 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Mozilla\Firefox\Pr ofiles\x3ni9ahi.default\extensions
[2010/10/28 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Mozilla\Firefox\Pr ofiles\x3ni9ahi.default\extensions\firesheep@codeb utler.com
[2010/10/28 20:14:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/28 18:57:42 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/09/13 17:40:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 20:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 20:06:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/16 11:30:04 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npSfAppM.dll
[2010/07/24 18:15:58 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/25 12:27:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: WallpaperStyle = 2
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/s...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 20:41:06 | 000,000,000 | ---D | C] -- C:\Users\Cerius\AppData\Roaming\Malwarebytes
[2010/10/28 20:40:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/28 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/28 20:40:54 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/28 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/28 20:40:02 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cerius\Desktop\mbam-setup-1.46.exe
[2010/10/28 20:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010/10/28 20:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/06 10:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/05 19:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/05 19:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/05 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/10/05 19:30:49 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/09/29 13:28:31 | 000,000,000 | ---D | C] -- C:\Users\Cerius\AppData\Roaming\Sun
[2010/09/29 13:22:46 | 000,000,000 | ---D | C] -- C:\Users\Cerius\Desktop\ORGANIZE
[2009/07/13 19:24:58 | 000,190,464 | ---- | C] (Systems Internals) -- C:\Users\Cerius\AppData\Local\fasfd.d
[1 C:\Users\Cerius\Documents\*.tmp files -> C:\Users\Cerius\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 21:04:19 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 21:04:19 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/28 21:00:51 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/28 21:00:51 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/28 21:00:51 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/28 21:00:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-397979407-2732575221-1896452353-1000UA.job
[2010/10/28 20:54:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/28 20:54:28 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 20:41:01 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 20:40:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cerius\Desktop\mbam-setup-1.46.exe
[2010/10/28 20:02:25 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/28 20:01:35 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/28 19:54:36 | 000,024,779 | ---- | M] () -- C:\Users\Cerius\Desktop\bookmarks-2010-10-28.json
[2010/10/28 19:35:22 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCerius.job
[2010/10/28 18:28:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-397979407-2732575221-1896452353-1000Core.job
[2010/10/05 19:37:21 | 000,002,515 | ---- | M] () -- C:\Users\Cerius\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/29 10:27:30 | 000,057,344 | ---- | M] () -- C:\Users\Cerius\Documents\Rescue4.asd
[1 C:\Users\Cerius\Documents\*.tmp files -> C:\Users\Cerius\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 20:41:00 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/28 20:02:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/28 20:01:35 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/28 19:54:35 | 000,024,779 | ---- | C] () -- C:\Users\Cerius\Desktop\bookmarks-2010-10-28.json
[2010/10/05 19:37:21 | 000,002,515 | ---- | C] () -- C:\Users\Cerius\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/29 10:27:30 | 000,057,344 | ---- | C] () -- C:\Users\Cerius\Documents\Rescue4.asd
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/02/25 16:38:54 | 000,000,248 | ---- | C] () -- C:\Users\Cerius\AppData\Roaming\default.rss
[2010/02/25 16:38:53 | 000,000,000 | ---- | C] () -- C:\Users\Cerius\AppData\Roaming\downloads.m3u
[2010/02/25 08:29:46 | 000,000,704 | ---- | C] () -- C:\Users\Cerius\AppData\Roaming\wklnhst.dat
[2010/02/14 12:12:46 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/04 17:57:55 | 011,710,464 | ---- | C] () -- C:\Program Files (x86)\5.0.06.0110.usf.exe
[2010/01/16 20:02:50 | 000,000,462 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/13 10:20:07 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 10:19:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 10:19:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 10:19:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 10:18:41 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/24 17:51:45 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/24 17:48:08 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/24 17:46:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/24 17:46:00 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/13 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\.minecraft
[2010/02/02 09:15:37 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Advanced Chemistry Development
[2010/02/04 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\CCDC
[2010/01/25 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\GetRightToGo
[2010/01/17 00:32:09 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\iWin
[2010/05/06 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\TechWizard
[2010/02/25 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Template
[2010/02/01 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Thinstall
[2010/10/28 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\uTorrent
[2010/06/08 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\WindSolutions
[2010/04/04 09:41:41 | 000,022,402 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/28 20:54:28 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/01 13:09:56 | 000,000,549 | ---- | M] () -- C:\NTDClient.log
[2010/10/28 20:54:32 | 1738,539,007 | -HS- | M] () -- C:\pagefile.sys
[2010/07/28 19

20 | 000,000,741 | ---- | M] () -- C:\Update ESET's license.lnk

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/02/04 17:58:03 | 011,710,464 | ---- | M] () -- C:\Program Files (x86)\5.0.06.0110.usf.exe
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/01/16 20:53:30 | 000,000,221 | -HS- | M] () -- C:\Users\Cerius\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/28 20:40:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cerius\Desktop\mbam-setup-1.46.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/01/16 20:02:34 | 000,000,402 | -HS- | M] () -- C:\Users\Cerius\Favorites\desktop.ini
[2010/02/01 13:10:25 | 000,001,276 | ---- | M] () -- C:\Users\Cerius\Favorites\Verizon Central

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/06/22 23:36:38 | 000,000,462 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2009/12/13 10:19:59 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/24 17:52:02 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/12/13 10:19:19 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/24 17:47:58 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/12/13 10:18:41 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/12/13 10:19:42 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/24 17:46:31 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/24 17:51:35 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/12/13 10:20:08 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

**jdoe** · 29-10-2010

OTL Extras logfile created on: 10/28/2010 9:17:06 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Cerius\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): c:\pagefile.sys 5754 5754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 52.51 Gb Free Space | 18.45% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 2.20 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: DARKPLANETCORP | User Name: Cerius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Users\Cerius\Desktop\Stuff\New folder\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Users\Cerius\Desktop\Stuff\New folder\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\Users\Cerius\Desktop\Stuff\NEWFOL~1\Office12\ON ENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Users\Cerius\Desktop\Stuff\New folder\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Users\Cerius\Desktop\Stuff\New folder\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\Users\Cerius\Desktop\Stuff\NEWFOL~1\Office12\ON ENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5C9A7A31-28A6-328A-755D-20C20CFCF19E}" = ccc-utility64
"{67B17AC6-4840-4910-8A4C-72BF85302918}" = ESET NOD32 Antivirus
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{A5F59952-475D-4DCC-BEAD-C216FC68E05C}" = iTunes
"{E1BCA059-1F06-65C0-3229-58337BE5E373}" = ATI Catalyst Install Manager
"5F4DD0919B4763856B77AD385DEEEFCDF01784A8" = ENE CIR Receiver Driver
"LSI Soft Modem" = LSI HDA Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{003C7087-F418-4868-9C50-A65AD5DF6119}" = Mercury 2.2
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F818B2F-71D2-4BBA-C600-6228F8A21712}" = CCC Help Czech
"{12377A05-0062-47F9-9CB9-AAAF8C22D645}" = SciFinder Scholar 2007
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A68CA9-8ADD-3E53-5973-1C23FC0936C3}" = CCC Help Thai
"{2CF8CFD2-DA5F-468C-2043-16C3B1170DA9}" = CCC Help Danish
"{2D28B738-83D4-9894-D619-19EDC1F080C5}" = CCC Help Korean
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{30B9B6B6-C0D9-D74E-44CF-D47A96C04CCF}" = Catalyst Control Center InstallProxy
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{39240F03-83C8-A541-C457-D1DBE6BB3858}" = CCC Help Dutch
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{411BB126-2719-4C82-889C-0ECFAD68E94A}" = CSD System Software 2009
"{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{455F9ACD-4967-446B-9174-8C87EA895F2A}" = SciFinder Scholar Toolbar
"{45E5D641-3C82-4F95-92FB-AE5459DF2988}" = HP User Guides 0146
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3A1757-F8B2-4557-3E7A-67563101C38E}" = Catalyst Control Center Graphics Light
"{4E15864B-DBF6-4E15-9238-403338C8EF2A}" = CSD System Databases V5.30
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58247d48-ba6e-4868-9cad-06f4ea412f7d}" = Nero 9
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{597D97B0-8AFE-7905-7C86-54DF80C82B26}" = CCC Help Greek
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62372BA1-A471-40A4-17E0-A479124D0EA1}" = CCC Help Polish
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6774822B-8634-8FED-0E80-DFB78BE1EE3F}" = CCC Help Italian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C383C07-B2B4-3FC7-CEB3-635A84939913}" = Catalyst Control Center Graphics Full Existing
"{6C5531D6-6A70-768F-8703-3CBB0211067C}" = CCC Help Swedish
"{717E2E71-A477-9B57-4802-B43B3F09B67F}" = CCC Help Portuguese
"{72A2B930-FF3D-34C2-ABFF-F5CBB4707884}" = Catalyst Control Center Core Implementation
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{79A59E55-279B-1B34-3A15-D28DAD5F07B0}" = CCC Help Chinese Standard
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{816CF5ED-BC9C-1229-87D9-D094A26A0C86}" = ccc-core-static
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{828F560B-AE76-F597-F585-6E7D7A4C865B}" = CCC Help Turkish
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E48510-72B5-87F9-1AB9-5D097C82DB78}" = CCC Help French
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{877E9CD5-6979-69FA-CB7D-289170D55A55}" = Catalyst Control Center Graphics Previews Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90898EBA-17D8-B5CD-C023-D3A112F08F9F}" = CCC Help Russian
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{97295AED-5821-803E-A511-F0B7FE07474C}" = Catalyst Control Center Graphics Previews Vista
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2B086E-EE0F-9E3D-2222-B1C084542CB9}" = CCC Help Hungarian
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A70BB436-137E-5119-8216-978E88E06770}" = CCC Help Norwegian
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AAF9E02B-CAA3-359C-33F3-6855392F3EC1}" = CCC Help Spanish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B603ABBC-8340-3752-CBFF-05A571D0B5A8}" = CCC Help Finnish
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B944FF67-C006-3BCD-2DFC-74F096B0EBBA}" = CCC Help English
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C6129910-0223-6C6C-AE2E-668F780EE0D3}" = Catalyst Control Center Graphics Full New
"{C81F4CBC-7E13-B903-0361-F1C842A1C521}" = CCC Help Chinese Traditional
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA386107-815F-6BFB-4587-FF8F0A543788}" = CCC Help Japanese
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FD0282E9-06E0-754F-7A10-78423BD748B3}" = Catalyst Control Center Localization All
"{FF1D836C-0E43-2CF4-2350-4B37A72BC4E5}" = CCC Help German
"7-Zip" = 7-Zip 9.10 beta
"ACDLabs in C__Program_Files_(x86)_ACDFREE12_" = ACD/Labs Software in C:\Program Files (x86)\ACDFREE12\
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avi2Dvd" = Avi2Dvd 0.5
"AviSynth" = AviSynth 2.5
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EphPod" = EphPod
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PokerTracker3" = PokerTracker 3 (remove only)
"PowerISO" = PowerISO
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 12910" = Audiosurf Demo
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/11/2010 3:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 4:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 5:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 6:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 7:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 8:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 9:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 10:14:05 AM | Computer Name = DarkPlanetCorp | Source = Google Update | ID = 20
Description =

Error - 9/13/2010 5:44:23 PM | Computer Name = DarkPlanetCorp | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa64 5303170382f6.manifest.

Error - 9/13/2010 5:44:24 PM | Computer Name = DarkPlanetCorp | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest".Error in manifest or policy file
"" on line . A component version required by the application conflicts with another
component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows. common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.window s.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa64 5303170382f6.manifest.

[ Hewlett-Packard Events ]
Error - 3/8/2010 12:07:18 AM | Computer Name = DarkPlanetCorp | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyz ing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandle r(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Objec t source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(Dependency Object
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArg s
e) at System.Windows.BroadcastEventHelper.BroadcastEvent (DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloa dedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendin gCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRend erCallbacks() at System.Windows.Media.MediaContext.RenderMessageHan dlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.AnimatedRenderMe ssageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.Internal RealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatch When(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

[ OSession Events ]
Error - 9/27/2010 5:57:45 PM | Computer Name = DarkPlanetCorp | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2241
seconds with 1560 seconds of active time. This session ended with a crash.

Error - 9/27/2010 6:00:31 PM | Computer Name = DarkPlanetCorp | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 84
seconds with 60 seconds of active time. This session ended with a crash.

Error - 9/27/2010 6:02:42 PM | Computer Name = DarkPlanetCorp | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 123
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/25/2010 9

14 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/25/2010 9

28 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/4/2010 8:49:39 AM | Computer Name = DarkPlanetCorp | Source = NetBT | ID = 4321
Description = The name "DARKPLANETCORP :0" could not be registered on the interface
with IP address 0.0.0.0. The computer with the IP address 10.247.211.241 did not
allow the name to be claimed by this computer.

Error - 10/5/2010 7:39:39 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/5/2010 7:39:58 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/5/2010 7:40:58 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 10/6/2010 9:36:25 AM | Computer Name = DarkPlanetCorp | Source = NetBT | ID = 4321
Description = The name "DARKPLANETCORP :0" could not be registered on the interface
with IP address 192.168.1.4. The computer with the IP address 10.247.215.241 did
not allow the name to be claimed by this computer.

Error - 10/12/2010 6:38:14 PM | Computer Name = DarkPlanetCorp | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:48:00 PM on ?10/?6/?2010 was unexpected.

Error - 10/28/2010 7:42:19 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7034
Description = The Agere Modem Call Progress Audio service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/28/2010 8:36:15 PM | Computer Name = DarkPlanetCorp | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

< End of report >

**broni** · 29-10-2010

Your MBR seems to be infected...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**jdoe** · 29-10-2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Insyde
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv4 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 211):
0x02C66000 \SystemRoot\system32\ntoskrnl.exe
0x02C1D000 \SystemRoot\system32\hal.dll
0x00BCB000 \SystemRoot\system32\kdcom.dll
0x00C49000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C56000 \SystemRoot\system32\PSHED.dll
0x00C6A000 \SystemRoot\system32\CLFS.SYS
0x00CC8000 \SystemRoot\system32\CI.dll
0x00ED4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F78000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F87000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE7000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E49000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E73000 \SystemRoot\System32\drivers\partmgr.sys
0x00E88000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E91000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E9D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D88000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EB2000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00EBA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00ECA000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00FF1000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF8000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00DE4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C00000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x0104D000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x01076000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x010A6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010AD000 \SystemRoot\system32\DRIVERS\viaide.sys
0x010B5000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x011D3000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0102A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x012D1000 \SystemRoot\system32\DRIVERS\storport.sys
0x01333000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0133E000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01355000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x01200000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x01256000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01285000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x014F9000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x01540000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0154B000 \SystemRoot\system32\DRIVERS\arc.sys
0x01564000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x01400000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01487000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01498000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x014B7000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x014CA000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x014E9000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01634000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016D8000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x016E8000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0182B000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01713000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x019CF000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x019DD000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x019F5000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01800000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01772000 \SystemRoot\system32\drivers\fltmgr.sys
0x017BE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01A51000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0157F000 \SystemRoot\System32\Drivers\msrpc.sys
0x01A00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01C56000 \SystemRoot\System32\Drivers\cng.sys
0x01CC9000 \SystemRoot\System32\drivers\pcw.sys
0x01CDA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01CE4000 \SystemRoot\system32\drivers\ndis.sys
0x01EB5000 \SystemRoot\system32\drivers\NETIO.SYS
0x01F15000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02001000 \SystemRoot\System32\drivers\tcpip.sys
0x01F40000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01F8A000 \SystemRoot\system32\DRIVERS\wd.sys
0x01F92000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01FDE000 \SystemRoot\System32\Drivers\spldr.sys
0x01E00000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01E1D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01E57000 \SystemRoot\System32\Drivers\mup.sys
0x01E69000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01E72000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x01C00000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01E7C000 \SystemRoot\system32\DRIVERS\disk.sys
0x01E92000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x01DD6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01FF1000 \SystemRoot\System32\Drivers\Null.SYS
0x01C4D000 \SystemRoot\System32\Drivers\Beep.SYS
0x01A1A000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x01A3D000 \SystemRoot\System32\drivers\vga.sys
0x017D2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01600000 \SystemRoot\System32\drivers\watchdog.sys
0x01BF4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01610000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01619000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01622000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015DD000 \SystemRoot\System32\Drivers\Npfs.SYS
0x012A3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03479000 \SystemRoot\system32\drivers\afd.sys
0x03503000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03548000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03551000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03577000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0358D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x035B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x035D4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03400000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x0341A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0346B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0359C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x035A7000 \SystemRoot\System32\drivers\discache.sys
0x013D0000 \SystemRoot\System32\Drivers\dfsc.sys
0x035E8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x042C3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x042E9000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x044A5000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04ABC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04BB0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04C02000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04D71000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04D7E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04DB7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04DC4000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04424000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04DCF000 \SystemRoot\system32\DRIVERS\usbfilter.sys
0x04DDB000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0447A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04DEC000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x042FE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0430D000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x0434C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04DF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0435B000 \SystemRoot\system32\DRIVERS\enecir.sys
0x04498000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x04BF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04378000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04388000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0439E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043C2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x043CE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04200000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0421B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0423C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04256000 \SystemRoot\system32\DRIVERS\ks.sys
0x04299000 \SystemRoot\system32\DRIVERS\circlass.sys
0x042AB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0504B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x05081000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x050DB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x050F0000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x05110000 \SystemRoot\system32\drivers\portcls.sys
0x0514D000 \SystemRoot\system32\drivers\drmk.sys
0x0516F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05175000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x06093000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x061C4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x061C6000 \SystemRoot\system32\drivers\modem.sys
0x061D5000 \SystemRoot\system32\DRIVERS\hidir.sys
0x061E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06009000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06017000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06024000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06041000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x0604F000 \SystemRoot\System32\drivers\Dxapi.sys
0x0605B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x051F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x00900000 \SystemRoot\System32\ATMFD.DLL
0x05000000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x0501D000 \SystemRoot\system32\drivers\luafv.sys
0x02EA3000 \SystemRoot\system32\DRIVERS\eamon.sys
0x02F75000 \SystemRoot\system32\drivers\WudfPf.sys
0x02F96000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02FA4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x02FB0000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x02FBB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02FCE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02E00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02E53000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02E66000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04E0F000 \SystemRoot\system32\drivers\HTTP.sys
0x04ED7000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04EF5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04F0D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04F39000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04F86000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04FA9000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x04FC9000 \SystemRoot\system32\drivers\npf.sys
0x06406000 \SystemRoot\system32\drivers\peauth.sys
0x064AC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x064B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x064E4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x064F6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0655F000 \SystemRoot\System32\DRIVERS\srv.sys
0x77630000 \Windows\System32\ntdll.dll
0x47690000 \Windows\System32\smss.exe
0xFF950000 \Windows\System32\apisetschema.dll
0xFF700000 \Windows\System32\autochk.exe
0xFF8A0000 \Windows\System32\msvcrt.dll
0xFF7D0000 \Windows\System32\usp10.dll
0xFF7A0000 \Windows\System32\imm32.dll
0xFF700000 \Windows\System32\autochk.exe
0x77800000 \Windows\System32\normaliz.dll
0xFF5D0000 \Windows\System32\wininet.dll

Processes (total 46):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
500 csrss.exe
564 C:\Windows\System32\wininit.exe
600 csrss.exe
624 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
716 C:\Windows\System32\winlogon.exe
816 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\atiesrxx.exe
1016 C:\Windows\System32\svchost.exe
396 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\svchost.exe
476 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.e xe
1060 C:\Windows\System32\audiodg.exe
1124 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\atieclxx.exe
1472 C:\Windows\System32\atibtmon.exe
1544 C:\Windows\System32\spoolsv.exe
1584 C:\Windows\System32\svchost.exe
1668 C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.e xe
1696 C:\Program Files\LSI SoftModem\agr64svc.exe
1716 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1748 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1812 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1936 C:\Windows\System32\svchost.exe
2216 C:\Windows\System32\taskhost.exe
2280 C:\Windows\System32\rundll32.exe
2340 C:\Windows\System32\dwm.exe
2416 C:\Windows\explorer.exe
2552 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2728 C:\Windows\System32\svchost.exe
2896 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2976 C:\Windows\System32\SearchIndexer.exe
2820 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1260 C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
980 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2448 C:\Windows\System32\taskeng.exe
2724 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
2756 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
2408 C:\Users\Cerius\Downloads\MBRCheck.exe
2696 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`31300000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3256GSY, Rev: LH013C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

**broni** · 30-10-2010

Please, re-run OTL "Quick scan" and post new log.

**jdoe** · 31-10-2010

OTL logfile created on: 10/30/2010 2:43:32 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Cerius\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
9.00 Gb Paging File | 8.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): c:\pagefile.sys 5754 5754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 60.28 Gb Free Space | 21.18% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 2.20 Gb Free Space | 16.65% Space Free | Partition Type: NTFS

Computer Name: DARKPLANETCORP | User Name: Cerius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 20:50:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cerius\Downloads\OTL.exe
PRC - [2010/10/27 02:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 02:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/07/24 00:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 15:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

========== Modules (SafeList) ==========

MOD - [2010/10/28 20:50:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Cerius\Downloads\OTL.exe
MOD - [2009/07/13 21:16:14 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc_os.dll
MOD - [2009/07/13 21:15:42 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msacm32.dll
MOD - [2009/07/13 21:14:51 | 002,175,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcGenral.dll
MOD - [2009/07/13 21:10:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sfc.dll
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_4211 89da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/11 07:33:20 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 17:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 14:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/29 16:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64. exe -- (STacSV)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\st wrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64. exe -- (AESTFilters)
SRV - [2010/09/10 21:34:13 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/07/15 10

36 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/23 14:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/09/11 07:27:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/11 07:23:52 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/11 07:17:20 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/28 20:42:44 | 000,021,504 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009/07/28 17:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 21:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/08 17:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 17:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 14:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 18:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 22:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/05 01:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Verizon | MyVerizon 2.0 | Login
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\smartweb printing@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/24 18:14:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7673B4A 1-6A86-4FB7-B201-20428DC81491}: C:\Users\Cerius\AppData\Local\{7673B4A1-6A86-4FB7-B201-20428DC81491}\
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/28 20:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/28 20:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplg Tb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/07/28 19:18:13 | 000,000,000 | ---D | M]

[2010/10/28 20:02:32 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Mozilla\Extensions
[2010/10/29 10:35:51 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Mozilla\Firefox\Pr ofiles\x3ni9ahi.default\extensions
[2010/10/29 20:58:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/28 18:57:42 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010/09/13 17:40:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/28 20:07:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/28 20:06:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/05/16 11:30:04 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npSfAppM.dll
[2010/07/24 18:15:58 | 000,002,076 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/07/25 12:27:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: WallpaperStyle = 2
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/s...0Installer.cab (Support.com Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Users\Cerius\Desktop\Stuff\New folder\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 20:41:06 | 000,000,000 | ---D | C] -- C:\Users\Cerius\AppData\Roaming\Malwarebytes
[2010/10/28 20:40:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/28 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/28 20:40:54 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/28 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/28 20:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/10/06 10:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/10/05 19:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/05 19:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/10/05 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2010/10/05 19:30:49 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2009/07/13 19:24:58 | 000,190,464 | ---- | C] (Systems Internals) -- C:\Users\Cerius\AppData\Local\fasfd.d
[1 C:\Users\Cerius\Documents\*.tmp files -> C:\Users\Cerius\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/30 14:40:56 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-397979407-2732575221-1896452353-1000UA.job
[2010/10/30 14:40:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/29 18:00:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-397979407-2732575221-1896452353-1000Core.job
[2010/10/29 10:04:00 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 10:04:00 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/29 10:01:07 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/29 10:01:07 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/29 10:01:07 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/29 09:50:27 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/28 20:02:25 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/10/28 20:01:35 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/28 19:35:22 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCerius.job
[2010/10/05 19:37:21 | 000,002,515 | ---- | M] () -- C:\Users\Cerius\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[1 C:\Users\Cerius\Documents\*.tmp files -> C:\Users\Cerius\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 20:02:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/10/28 20:01:35 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/10/05 19:37:21 | 000,002,515 | ---- | C] () -- C:\Users\Cerius\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/02/25 16:38:54 | 000,000,248 | ---- | C] () -- C:\Users\Cerius\AppData\Roaming\default.rss
[2010/02/25 16:38:53 | 000,000,000 | ---- | C] () -- C:\Users\Cerius\AppData\Roaming\downloads.m3u
[2010/02/25 08:29:46 | 000,000,704 | ---- | C] () -- C:\Users\Cerius\AppData\Roaming\wklnhst.dat
[2010/02/14 12:12:46 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/04 17:57:55 | 011,710,464 | ---- | C] () -- C:\Program Files (x86)\5.0.06.0110.usf.exe
[2010/01/16 20:02:50 | 000,000,462 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/12/13 10:20:07 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/12/13 10:19:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/12/13 10:19:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/12/13 10:19:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/12/13 10:18:41 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/24 17:51:45 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/24 17:48:08 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/24 17:46:41 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/24 17:46:00 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/15 20:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/13 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\.minecraft
[2010/02/02 09:15:37 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Advanced Chemistry Development
[2010/02/04 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\CCDC
[2010/01/25 23:23:23 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\GetRightToGo
[2010/01/17 00:32:09 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\iWin
[2010/05/06 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\TechWizard
[2010/02/25 08:29:49 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Template
[2010/02/01 19:46:45 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\Thinstall
[2010/10/28 19:34:21 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\uTorrent
[2010/06/08 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\Cerius\AppData\Roaming\WindSolutions
[2010/04/04 09:41:41 | 000,023,410 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

**broni** · 31-10-2010

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\Shell - "" = AutoRun
O33 - MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
[2009/07/13 19:24:58 | 000,190,464 | ---- | C] (Systems Internals) -- C:\Users\Cerius\AppData\Local\fasfd.d
[1 C:\Users\Cerius\Documents\*.tmp files -> C:\Users\Cerius\Documents\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================== ================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a BitDefender Online Scan

Disable your antivirus program.
Click Start Scanner button.
Click Start scan button
Allow browser plug-in to be installed when prompted.
Click I Agree to agree to the EULA.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on View log.
Notepad will open with scan results.
Save the report to your desktop and post its content in your next reply.

**jdoe** · 31-10-2010

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8 A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32 A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D 5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D 5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8 F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34 C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A 1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c 7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C 0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A 1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Hand ler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A 3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E2 0-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E2 0-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0bee49 a-0f54-11df-9209-002622a49f21}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\{d0bee49a-0f54-11df-9209-002622a49f21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0bee49 a-0f54-11df-9209-002622a49f21}\ not found.
File F:\LaunchU3.exe not found.
C:\Users\Cerius\AppData\Local\fasfd.d moved successfully.
C:\Users\Cerius\Documents\~WRL1774.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cerius
->Temp folder emptied: 421869 bytes
->Temporary Internet Files folder emptied: 20489242 bytes
->Java cache emptied: 8553 bytes
->FireFox cache emptied: 77532996 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5339 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18627966 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppDat a\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.00 mb

[EMPTYFLASH]

User: All Users

User: Cerius
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: postgres

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10302010_214516

Files\Folders moved on Reboot...
C:\Users\Cerius\AppData\Local\Temp\FXSAPIDebugLogF ile.txt moved successfully.
C:\Users\Cerius\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Am I cleaned up? :/

Am I cleaned up? :/

Similar Threads

Previously cleaned PC won't boot

Cleaned SMITFRAUD ?? - help confirming...

cleaned sys-HiJackThis log, per jephree

had 'calsp.dll' cleaned still can't get to certain websites

HiJack log needs to be cleaned - p2esocks_1012.dll