FLVTube virus - removed but still causing problems

View previous topic View next topic Go down

FLVTube virus - removed but still causing problems

Post by elfarley on Sat 13 Nov 2010, 9:59 am

clicked on a video link in an email from a known customer of mine
it installed flvtube player (virus)
to fix, i deleted my user account, created a new one (with administrator priviledges) and uninstalled adobe reader and java and removed all reference to flv in the registry
everything seemed to work again but now I get kicked off the network constantly - I connect through a wireless router wherever I am and all locations are affected, so it seems my network drivers on my computer are affected
when i shut down computer it asks me to close "background" programs - never did that before
just recently, computer said that it needed to check disk for inconsistencies when i rebooted - never did that before either - its a fairly new computer
i followed your instructions for malware removal - malwarebytes found nothing in safe mode, but i got kicked off the internet several times before it downloaded correctly - also got several messages that windows installer was not available and that my search engine preference file was corrupted
then i followed your instructions for OTL

Log files are too large to post here--what now?



elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

OTL pt1

Post by elfarley on Sat 13 Nov 2010, 11:15 am

OTL logfile created on: 11/12/2010 2:13:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\elfarley\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 380.66 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.86 Gb Total Space | 0.51 Gb Free Space | 27.09% Space Free | Partition Type: FAT

Computer Name: SQUAREBACK | User Name: elfarley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\DRIVERS\o2flash.exe
PRC - [2010/11/12 14:10:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\elfarley\Desktop\OTL.com
PRC - [2010/09/10 14:11:16 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/10 12:46:32 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/09/02 13:17:40 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 12:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/21 07:36:02 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 00:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 00:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/21 13:07:46 | 000,497,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2009/07/21 13:06:26 | 000,554,224 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/06/24 13:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/11/12 14:10:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\elfarley\Desktop\OTL.com
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 21:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 21:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/24 13:57:38 | 000,200,056 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 09:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/01/20 12:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/16 05:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/08/13 18:15:42 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/02 10:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/12 00:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2010/09/10 12:46:32 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/08/20 12:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/02 21:19:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/12 09:48:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/21 13:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 16:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/13 21:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 21:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 21:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 21:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 21:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 21:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 21:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 21:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/12 12:20:43 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010/01/20 12:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/12/16 05:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 05:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/12 22:42:52 | 000,074,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/10/29 02:02:48 | 000,299,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 10:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/08/13 20:30:14 | 006,201,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/23 22:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 00:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 10:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:22:14 | 000,034,640 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\packet.sys -- (Packet)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/22 06:32:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/11/01 08:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/12/29 13:35:40 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/05/12 12:59:44] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2009/06/10 13:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20101102132537.dll (McAfee, Inc.)
O2 - BHO: (TinyBHO Class) - {00e71626-0bef-11dc-8314-0800200c9a66} - C:\Program Files (x86)\Deal Cricket\TinyBHO.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20101102132537.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\elfarley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} [You must be registered and logged in to see this link.] (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 18:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 14:22:16 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{5099e47d-5dfd-11df-8290-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5099e47d-5dfd-11df-8290-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 18:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: mcmscsvc - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet:64bit: MCODS - C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet:64bit: mfefirek - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfefirek.sys - C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

OTL pt2

Post by elfarley on Sat 13 Nov 2010, 11:17 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 14:10:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\elfarley\Desktop\OTL.com
[2010/11/12 13:59:01 | 000,000,000 | ---D | C] -- C:\Users\elfarley\Desktop\JavaRa
[2010/11/12 13:46:26 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/11/12 13:46:25 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/11/12 13:46:25 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/11/12 13:46:25 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/11/12 13:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/12 13:40:27 | 016,192,800 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\elfarley\Desktop\jre-6u22-windows-x64.exe
[2010/11/12 13:26:16 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Malwarebytes
[2010/11/12 13:26:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/12 13:26:09 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/12 13:26:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/12 13:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/12 13:25:23 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\elfarley\Desktop\mbam-setup-1.46.exe
[2010/11/11 15:51:09 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Intuit
[2010/11/10 08:01:26 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Google
[2010/11/08 22:27:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 22:27:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 22:27:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/08 21:19:48 | 000,000,000 | ---D | C] -- C:\Users\elfarley\Documents\Electronic Arts
[2010/11/08 18:06:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software
[2010/11/08 18:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software
[2010/11/08 16:29:55 | 000,000,000 | ---D | C] -- C:\Users\elfarley\Documents\CoffeeCup Software
[2010/11/08 16:29:55 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\CoffeeCup Software
[2010/11/06 21:55:03 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\PowerDVD DX
[2010/11/06 21:55:02 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\CyberLink
[2010/11/05 23:58:43 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Electronic Arts
[2010/11/05 23:56:06 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Macrovision
[2010/11/05 21:39:44 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010/11/05 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Diagnostics
[2010/11/05 20:36:33 | 000,000,000 | ---D | C] -- C:\Users\elfarley\Documents\elf
[2010/11/05 20:26:54 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\NOS
[2010/11/05 20:26:54 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Adobe
[2010/11/05 20:12:38 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2010/11/05 20:07:10 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Macromedia
[2010/11/05 20:04:03 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Adobe
[2010/11/05 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Dell
[2010/11/05 20:03:21 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\DataSafeOnline
[2010/11/05 20:03:12 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Roxio
[2010/11/05 20:03:12 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Apple Computer
[2010/11/05 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\SupportSoft
[2010/11/05 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Stardock_Corporation
[2010/11/05 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\ATI
[2010/11/05 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\ATI
[2010/11/05 20:03:10 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Apple Computer
[2010/11/05 20:02:55 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Searches
[2010/11/05 20:02:55 | 000,000,000 | -H-D | C] -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/11/05 20:02:47 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Identities
[2010/11/05 20:02:44 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Contacts
[2010/11/05 20:02:42 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\VirtualStore
[2010/11/05 20:02:35 | 000,000,000 | --SD | C] -- C:\Users\elfarley\AppData\Roaming\Microsoft
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Videos
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Saved Games
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Pictures
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Music
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Links
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Favorites
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Downloads
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\My Documents
[2010/11/05 20:02:35 | 000,000,000 | R--D | C] -- C:\Users\elfarley\Desktop
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\AppData\Local\Temporary Internet Files
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Templates
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Start Menu
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\SendTo
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Recent
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\PrintHood
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\NetHood
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Documents\My Videos
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Documents\My Pictures
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Documents\My Music
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\My Documents
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Local Settings
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\AppData\Local\History
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Cookies
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\Application Data
[2010/11/05 20:02:35 | 000,000,000 | -HSD | C] -- C:\Users\elfarley\AppData\Local\Application Data
[2010/11/05 20:02:35 | 000,000,000 | -H-D | C] -- C:\Users\elfarley\AppData
[2010/11/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Temp
[2010/11/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\SoftThinks
[2010/11/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Mozilla
[2010/11/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Microsoft Help
[2010/11/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Local\Microsoft
[2010/11/05 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\elfarley\AppData\Roaming\Media Center Programs
[2010/10/26 15:48:14 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/10/26 15:48:14 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/10/26 15:48:14 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/10/26 15:48:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/10/26 15:48:14 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/10/26 15:48:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/10/26 15:48:14 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/10/26 15:47:56 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2010/10/22 10:47:07 | 000,000,000 | ---D | C] -- C:\Windows\en
[2010/10/22 10:44:28 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2010/10/22 10:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/10/22 10:42:32 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010/10/22 10:42:32 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010/10/22 10:42:32 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010/10/22 10:42:32 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010/10/22 10:42:24 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/10/22 10:42:24 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/10/22 10:41:21 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2010/10/22 10:41:21 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2010/10/22 10:41:21 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2010/10/22 10:41:21 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2010/10/22 10:41:20 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2010/10/22 10:41:20 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2010/10/22 10:41:20 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

========== Files - Modified Within 30 Days ==========

[2010/11/12 14:10:23 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\elfarley\Desktop\OTL.com
[2010/11/12 14:01:47 | 000,205,540 | ---- | M] () -- C:\Users\elfarley\Desktop\JavaRa.zip
[2010/11/12 13:51:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 13:51:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 13:50:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 13:48:03 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/12 13:48:03 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/12 13:48:03 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/12 13:46:15 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010/11/12 13:46:15 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/11/12 13:46:15 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/11/12 13:46:15 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/11/12 13:44:54 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 13:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/12 13:43:39 | 3212,189,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 13:40:32 | 016,192,800 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\elfarley\Desktop\jre-6u22-windows-x64.exe
[2010/11/12 13:26:13 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 13:25:44 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\elfarley\Desktop\mbam-setup-1.46.exe
[2010/11/12 12:31:14 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/11/08 22:27:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/11/08 22:27:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/11/08 22:27:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/11/08 22:27:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/11/08 21:27:26 | 000,149,504 | ---- | M] () -- C:\Users\elfarley\AppData\Roaming\SharedSettings.ccs
[2010/11/08 18:08:48 | 000,000,013 | ---- | M] () -- C:\Windows\SysWow64\WinSys32.crc
[2010/11/08 17:59:57 | 000,002,067 | ---- | M] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup Free [You must be registered and logged in to see this link.]
[2010/11/08 16:56:54 | 000,001,011 | ---- | M] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2010/11/08 12:51:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2010/11/06 19:06:04 | 000,001,139 | ---- | M] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/06 19:05:26 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/11/05 20:09:06 | 000,000,036 | ---- | M] () -- C:\Users\elfarley\AppData\Local\housecall.guid.cache
[2010/11/05 20:03:35 | 000,001,443 | ---- | M] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/05 20:03:11 | 000,001,984 | ---- | M] () -- C:\Users\elfarley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/11/05 18:29:41 | 000,000,281 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2010/10/16 18:50:24 | 000,361,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/10/13 21:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2010/10/13 21:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2010/10/13 21:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2010/10/13 21:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2010/10/13 21:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2010/10/13 21:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2010/10/13 21:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2010/10/13 21:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2010/10/13 21:28:54 | 000,009,984 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys

========== Files Created - No Company Name ==========

[2010/11/12 13:58:16 | 000,205,540 | ---- | C] () -- C:\Users\elfarley\Desktop\JavaRa.zip
[2010/11/12 13:26:13 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 12:31:14 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2010/11/08 18:06:18 | 000,149,504 | ---- | C] () -- C:\Users\elfarley\AppData\Roaming\SharedSettings.ccs
[2010/11/08 17:59:57 | 000,002,067 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup Free [You must be registered and logged in to see this link.]
[2010/11/08 16:56:54 | 000,001,011 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\CoffeeCup HTML Editor.lnk
[2010/11/08 16:56:54 | 000,000,013 | ---- | C] () -- C:\Windows\SysWow64\WinSys32.crc
[2010/11/08 12:51:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2010/11/06 19:06:04 | 000,001,139 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/11/05 20:09:06 | 000,000,036 | ---- | C] () -- C:\Users\elfarley\AppData\Local\housecall.guid.cache
[2010/11/05 20:03:35 | 000,001,443 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/05 20:03:11 | 000,001,984 | ---- | C] () -- C:\Users\elfarley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2010/11/05 20:02:35 | 000,002,245 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/05 20:02:35 | 000,000,290 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/11/05 20:02:35 | 000,000,272 | ---- | C] () -- C:\Users\elfarley\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/11/05 18:29:41 | 000,000,281 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2010/06/21 21:28:02 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/06/18 20:09:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/05 20:03:35 | 000,000,221 | -HS- | M] () -- C:\Users\elfarley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/11/12 13:40:32 | 016,192,800 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\elfarley\Desktop\jre-6u22-windows-x64.exe
[2010/11/12 13:25:44 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\elfarley\Desktop\mbam-setup-1.46.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/05 20:03:01 | 000,000,402 | -HS- | M] () -- C:\Users\elfarley\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %SYSTEMDRIVE%\*.* >
[2010/11/12 12:31:14 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2010/05/12 12:24:36 | 000,003,915 | RH-- | M] () -- C:\dell.sdr
[2010/11/12 13:43:39 | 3212,189,696 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 13:43:51 | 4282,920,960 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2010/11/05 20:48:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/05/22 10:42:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010/05/12 09:44:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2010/09/28 09:52:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2010/05/12 09:46:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2010/05/12 09:48:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2010/11/08 17:59:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CoffeeCup Software
[2010/11/05 18:28:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/05/12 10:05:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010/05/12 10:04:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2010/05/12 09:59:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/05/12 10:10:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DELL
[2010/11/12 13:45:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2010/05/12 09:48:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Online
[2010/05/12 09:54:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Remote Access
[2010/05/12 09:54:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Support Center
[2010/05/12 10:05:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2010/08/16 11:02:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2010/09/28 11:47:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/08/16 10:41:08 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/10/16 18:49:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/06/21 21:28:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intuit
[2010/09/28 09:54:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/10/26 11:54:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010/11/12 13:26:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/14 18:49:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Maxis
[2010/05/22 21:40:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2010/05/12 10:07:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mcafee.com
[2010/05/12 10:01:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/06/18 20:09:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft ActiveSync
[2010/05/12 09:48:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/06/18 20:07:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/05/12 10:02:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/08/18 02:02:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/08/16 11:02:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2010/06/25 02:01:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/06/21 21:27:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010/05/22 11:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PopCap Games
[2010/11/09 23:13:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/05/12 10:07:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2010/09/28 09:50:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2010/09/09 17:16:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009/07/13 20:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/05/12 09:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
[2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/10/22 10:47:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/05/29 10:31:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/16 18:49:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/13 21:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< %appdata%\*.* >
[2010/11/08 21:27:26 | 000,149,504 | ---- | M] () -- C:\Users\elfarley\AppData\Roaming\SharedSettings.ccs


< MD5 for: AGP440.SYS >
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysWow64\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 17:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 17:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 17:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 17:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009/07/13 16:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\SysWow64\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\USBSTOR.SYS
[2009/07/13 16:06:34 | 000,089,600 | ---- | M] (Microsoft Corporation) MD5=080D3820DA6C046BE82FC8B45A893E83 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_a47b405db18421ea\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2010/06/02 21:33:32 | 000,000,000 | ---D | M](C:\Windows\SysNative\??) -- C:\Windows\SysNative\邐आ
[2010/06/02 21:33:32 | 000,000,000 | ---D | C](C:\Windows\SysNative\??) -- C:\Windows\SysNative\邐आ

< End of report >

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by elfarley on Sat 13 Nov 2010, 11:30 am

OTL Extras logfile created on: 11/12/2010 2:13:04 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\elfarley\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 71.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 380.66 Gb Free Space | 84.39% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 1.86 Gb Total Space | 0.51 Gb Free Space | 27.09% Space Free | Partition Type: FAT

Computer Name: SQUAREBACK | User Name: elfarley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F325B47E-7592-7556-52F6-3D3D3842A028}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05886DF5-4816-0808-67D3-CC7583FF2412}" = CCC Help Spanish
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B41DC4A-DF1E-949F-5665-31483F2C72F4}" = Catalyst Control Center Graphics Previews Vista
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0D961826-E722-B86D-7BA7-AA70A0B110C5}" = Catalyst Control Center Graphics Previews Common
"{0EA3F981-CC0C-E079-726E-CD0F7D23F2AA}" = Catalyst Control Center Localization All
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{10CE3DC0-A77E-7661-13F4-25D30BC113B2}" = Catalyst Control Center Graphics Full New
"{1204CCB8-9A7D-3375-C8E0-6A4FA16A4036}" = CCC Help Chinese Traditional
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C11FFE1-50D3-B755-A8A7-8363385B4CA3}" = CCC Help Danish
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21B8371C-9EBA-2CB4-E0A2-9DF0C4A074EC}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{27A21358-02A7-B745-ABBE-25566FE9B397}" = Catalyst Control Center Graphics Full Existing
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{32778D4F-E904-E33E-0C48-15E672604D09}" = Catalyst Control Center InstallProxy
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3444DB77-6D7A-9553-2EE1-60D2A4D003D3}" = CCC Help German
"{34842CCC-AE14-61AE-C8FB-87FAD755B483}" = CCC Help Russian
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3D65CEB1-0709-43EB-D6CF-DB66D3FAB2D4}" = CCC Help Japanese
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{49F1C7D8-B6D5-448C-C9D5-F6C2E3889B16}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53104B7F-FE3A-B641-1E46-89870E1A63D8}" = CCC Help Chinese Standard
"{5E2E222D-D776-A325-362C-B95017148AB1}" = CCC Help Dutch
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A6CD707-5B29-5069-B571-2778668C952F}" = CCC Help Finnish
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{816E3C02-DABF-1354-0B98-5E153F7DF79B}" = Skins
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{856DC9B3-F770-9F58-E939-EBEB66C880C1}" = CCC Help Portuguese
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D56904D-6C69-DA2A-F573-9F362C55CB6C}" = CCC Help Swedish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B51C759D-20FD-A4B0-83D1-C4F45E60EC8B}" = CCC Help English
"{B862DF65-94C8-6119-1096-2B230D7A6C0E}" = ccc-core-static
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9CB74A9-8C7C-16C1-D75A-199B4331CEC2}" = CCC Help French
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D489B636-E9AB-C08A-ED7B-EA21B2D3D633}" = CCC Help Korean
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDBB2E2-D331-1DB1-7FC0-AB896FDCA8AE}" = Catalyst Control Center Graphics Light
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FB2BED9C-50ED-F5C9-1475-B6C15D21C02A}" = CCC Help Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CoffeeCup Free FTP 4.3.2" = CoffeeCup Free FTP
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSC" = McAfee Security Center
"Plants vs. Zombies" = Plants vs. Zombies
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by Belahzur on Sat 13 Nov 2010, 12:05 pm

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by elfarley on Sat 13 Nov 2010, 3:30 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1747
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 204):
0x03011000 \SystemRoot\system32\ntoskrnl.exe
0x035ED000 \SystemRoot\system32\hal.dll
0x00BAE000 \SystemRoot\system32\kdcom.dll
0x00CAA000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CEE000 \SystemRoot\system32\PSHED.dll
0x00D02000 \SystemRoot\system32\CLFS.SYS
0x00ED3000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F93000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FEA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FF3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00D60000 \SystemRoot\system32\DRIVERS\pci.sys
0x00EB3000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00D93000 \SystemRoot\System32\drivers\partmgr.sys
0x00EC0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DA8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DB4000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00EC9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C76000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DC9000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DD4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DE4000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0104F000 \SystemRoot\system32\drivers\fltmgr.sys
0x0109B000 \SystemRoot\system32\drivers\fileinfo.sys
0x010AF000 \SystemRoot\system32\drivers\mfehidk.sys
0x0112E000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01214000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113A000 \SystemRoot\System32\Drivers\msrpc.sys
0x013B7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0148F000 \SystemRoot\System32\Drivers\cng.sys
0x01502000 \SystemRoot\System32\drivers\pcw.sys
0x01513000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0164D000 \SystemRoot\system32\drivers\ndis.sys
0x0173F000 \SystemRoot\system32\drivers\NETIO.SYS
0x0179F000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0151D000 \SystemRoot\system32\drivers\mfewfpk.sys
0x017CA000 \SystemRoot\system32\drivers\TDI.SYS
0x01561000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017D7000 \SystemRoot\System32\Drivers\spldr.sys
0x015AD000 \SystemRoot\System32\drivers\rdyboost.sys
0x017DF000 \SystemRoot\System32\Drivers\mup.sys
0x017F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01198000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x013E4000 \SystemRoot\System32\Drivers\Null.SYS
0x013ED000 \SystemRoot\System32\Drivers\Beep.SYS
0x01200000 \SystemRoot\System32\drivers\vga.sys
0x011C2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x011E7000 \SystemRoot\System32\drivers\watchdog.sys
0x013F4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x011F7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01000000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01009000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01014000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01025000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CFE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D43000 \SystemRoot\system32\drivers\afd.sys
0x02DCD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DD6000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C16000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x02C27000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C36000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C51000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C65000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02CB6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CC2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02CCD000 \SystemRoot\System32\drivers\discache.sys
0x02CDC000 \SystemRoot\System32\Drivers\dfsc.sys
0x00DEF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04043000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04069000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0489C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04EDC000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0486A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04072000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04243000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04531000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0453E000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0457C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x0459C000 \SystemRoot\system32\DRIVERS\o2mdgx64.sys
0x045AD000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x04200000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04239000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x045DC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0487B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x040C8000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x045FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0488A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04FD0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04FDD000 \SystemRoot\system32\DRIVERS\Acceler.sys
0x04FE9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04117000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04127000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0413D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04161000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x0416D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0419C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x041B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041D8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045FC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04000000 \SystemRoot\system32\DRIVERS\ks.sys
0x052F4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05306000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05360000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0x05369000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0x05372000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05387000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x053A8000 \SystemRoot\system32\drivers\portcls.sys
0x05200000 \SystemRoot\system32\drivers\drmk.sys
0x05222000 \SystemRoot\system32\drivers\ksthunk.sys
0x05228000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x052A7000 \SystemRoot\system32\drivers\mfeavfk.sys
0x06010000 \SystemRoot\system32\drivers\mfefirek.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x0607A000 \SystemRoot\System32\drivers\Dxapi.sys
0x06086000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x060A3000 \SystemRoot\System32\Drivers\usbvideo.sys
0x060D1000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x060FC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005E0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\cdd.dll
0x0610A000 \SystemRoot\system32\drivers\luafv.sys
0x0612D000 \SystemRoot\system32\drivers\WudfPf.sys
0x0614E000 \SystemRoot\system32\DRIVERS\packet.sys
0x0615B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06170000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x061C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x061D6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03CDC000 \SystemRoot\system32\drivers\HTTP.sys
0x03DA4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03DC2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03C2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03C7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0640B000 \SystemRoot\system32\drivers\peauth.sys
0x064B1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x064BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x064E9000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x064F1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06503000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06539000 \??\C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
0x06564000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A20000 \SystemRoot\System32\DRIVERS\srv.sys
0x06AB6000 \SystemRoot\system32\DRIVERS\udfs.sys
0x06B0B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06B19000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06B25000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x06B30000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06B43000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06B74000 \SystemRoot\system32\drivers\cfwids.sys
0x06B9E000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x06BA7000 \SystemRoot\system32\drivers\mfeapfk.sys
0x06BC3000 \SystemRoot\system32\drivers\mferkdet.sys
0x06BD9000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77C70000 \Windows\System32\ntdll.dll
0x477E0000 \Windows\System32\smss.exe
0xFFF90000 \Windows\System32\apisetschema.dll
0xFF490000 \Windows\System32\autochk.exe
0x77E40000 \Windows\System32\normaliz.dll
0xFF1F0000 \Windows\System32\shell32.dll
0xFF1D0000 \Windows\System32\imagehlp.dll
0x77B50000 \Windows\System32\kernel32.dll
0xFF1A0000 \Windows\System32\imm32.dll
0xFF190000 \Windows\System32\lpk.dll
0xFF0B0000 \Windows\System32\advapi32.dll
0xFEFA0000 \Windows\System32\msctf.dll
0xFEF00000 \Windows\System32\msvcrt.dll
0xFED80000 \Windows\System32\urlmon.dll
0xFECE0000 \Windows\System32\comdlg32.dll
0xFEC60000 \Windows\System32\shlwapi.dll
0x77A50000 \Windows\System32\user32.dll
0xFEC10000 \Windows\System32\Wldap32.dll
0xFEBC0000 \Windows\System32\ws2_32.dll
0xFE960000 \Windows\System32\iertutil.dll
0xFE750000 \Windows\System32\ole32.dll
0xFE570000 \Windows\System32\setupapi.dll
0xFE490000 \Windows\System32\oleaut32.dll
0xFE3C0000 \Windows\System32\usp10.dll
0xFE3B0000 \Windows\System32\nsi.dll
0xFE280000 \Windows\System32\wininet.dll
0xFE200000 \Windows\System32\difxapi.dll
0xFE1E0000 \Windows\System32\sechost.dll
0xFE0B0000 \Windows\System32\rpcrt4.dll
0xFE040000 \Windows\System32\gdi32.dll
0x77E30000 \Windows\System32\psapi.dll
0xFDFA0000 \Windows\System32\clbcatq.dll
0xFDF60000 \Windows\System32\wintrust.dll
0xFDF40000 \Windows\System32\devobj.dll
0xFDDD0000 \Windows\System32\crypt32.dll
0xFDD90000 \Windows\System32\cfgmgr32.dll
0xFDD20000 \Windows\System32\KernelBase.dll
0xFDC80000 \Windows\System32\comctl32.dll
0xFDC70000 \Windows\System32\msasn1.dll
0x77E20000 \Windows\SysWOW64\normaliz.dll

Processes (total 91):
0 System Idle Process
4 System
336 C:\Windows\System32\smss.exe
548 csrss.exe
616 C:\Windows\System32\wininit.exe
640 csrss.exe
684 C:\Windows\System32\services.exe
704 C:\Windows\System32\lsass.exe
712 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\winlogon.exe
932 C:\Windows\System32\svchost.exe
996 C:\Windows\System32\atiesrxx.exe
232 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
596 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
1148 C:\Windows\System32\svchost.exe
1208 C:\Program Files\Dell\DellDock\DockLogin.exe
1236 C:\Windows\System32\atieclxx.exe
1364 C:\Windows\System32\svchost.exe
1516 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1524 C:\Windows\System32\wlanext.exe
1532 C:\Windows\System32\conhost.exe
1560 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1676 C:\Windows\System32\spoolsv.exe
1724 C:\Windows\System32\svchost.exe
1824 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
1852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1872 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1916 C:\Windows\System32\svchost.exe
1940 C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
1144 C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe
1568 C:\Windows\System32\drivers\o2flash.exe
1772 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2080 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2132 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2160 C:\Windows\System32\svchost.exe
2212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2284 C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
2372 C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
2392 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2448 C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
3088 WUDFHost.exe
3192 WmiPrvSE.exe
3288 C:\Windows\System32\svchost.exe
3912 C:\Windows\System32\taskhost.exe
3988 C:\Windows\System32\dwm.exe
4072 C:\Windows\explorer.exe
3676 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2336 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3836 C:\Windows\System32\conhost.exe
3024 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3704 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3188 C:\Program Files\IDT\WDM\sttray64.exe
4060 C:\Program Files\Dell\QuickSet\quickset.exe
1636 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
4184 C:\Program Files\Windows Sidebar\sidebar.exe
4308 C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
4324 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4396 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4404 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
4424 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
4460 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
4548 C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
4560 C:\Program Files\mcafee.com\agent\mcagent.exe
4568 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
4580 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
4592 C:\Program Files\Dell\DellDock\DellDock.exe
4792 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1496 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
552 C:\Windows\System32\SearchIndexer.exe
4148 C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
1268 C:\Program Files\iPod\bin\iPodService.exe
6080 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
4176 C:\Program Files\Windows Media Player\wmpnetwk.exe
2332 C:\Windows\System32\svchost.exe
2536 dllhost.exe
6428 taskhost.exe
4316 C:\Program Files\mcafee\virusscan\mcods.exe
7024 C:\Windows\System32\audiodg.exe
776 C:\PROGRA~2\INTERN~1\iexplore.exe
1860 C:\PROGRA~2\INTERN~1\iexplore.exe
6316 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
6632 C:\PROGRA~2\INTERN~1\iexplore.exe
7056 C:\Windows\System32\SearchProtocolHost.exe
4268 C:\Windows\System32\SearchFilterHost.exe
3596 C:\Windows\System32\dllhost.exe
5116 C:\Users\elfarley\Desktop\MBRCheck.exe
2900 C:\Windows\System32\conhost.exe
7156

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5056GSY, Rev: LH002D

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by Belahzur on Sun 14 Nov 2010, 11:05 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by elfarley on Mon 15 Nov 2010, 7:11 am

I've done this twice already - once in safe mode with networking, once after a regular reboot. Here are the log files, but I will uninstall it, reinstall it and do it again and post the new log file in a new post. Thanks, E.
log file #1-->
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5103

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/12/2010 1:34:02 PM
mbam-log-2010-11-12 (13-34-02).txt

Scan type: Quick scan
Objects scanned: 145020
Time elapsed: 6 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

log file #2-->
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5103

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/12/2010 3:18:16 PM
mbam-log-2010-11-12 (15-18-16).txt

Scan type: Quick scan
Objects scanned: 146294
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by elfarley on Mon 15 Nov 2010, 7:43 am

Ok, uninstalled, downloaded in safe mode and reinstalled malwarebytes and scanned - here's log:
Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5115

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

11/14/2010 12:31:47 PM
mbam-log-2010-11-14 (12-31-47).txt

Scan type: Quick scan
Objects scanned: 145170
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by Belahzur on Mon 15 Nov 2010, 12:59 pm

Still having problems? everything looks good here.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by elfarley on Mon 15 Nov 2010, 1:20 pm

well, actually, nothing has changed since my first post - still asks me to close background programs everytime i shut down, still disconnects every 15 to 30 mins from the internet, still gives random weird error messages like the one about my browser preference file being corrupt. I had to uninstall Google Chrome because it would not connect to the internet anymore, so I am stuck using IE 8. I have to log into my bank accounts from this computer by tomorrow - i run my business from this computer. I guess I'll just have someone look at it...thanks for trying...E

elfarley

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-13
Operating System : windows 7 home premium

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by Belahzur on Tue 16 Nov 2010, 5:33 am

Try this.

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: FLVTube virus - removed but still causing problems

Post by Sponsored content Today at 9:51 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum