Solved Worm.koobface infection

ComboFix 11-01-06.03 - Steven 01/06/2011 21:07:57.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3070.2116 [GMT -5:00]
Running from: c:\users\Steven\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 02:12 . 2011-01-07 02:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 01:32 . 2011-01-07 01:33 -------- d-----w- c:\program files\7-Zip
2011-01-06 06:07 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EC64EA2-C4BC-4036-A962-6520149B5CE9}\mpengine.dll
2011-01-06 04:05 . 2010-11-30 15:43 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C839705A-3ABA-43B2-8FC5-C6834C042747}\gapaengine.dll
2011-01-06 04:00 . 2011-01-06 04:00 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-06 04:00 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-03 16:06 . 2011-01-03 16:06 -------- d-----w- c:\programdata\Apple Computer
2011-01-02 09:00 . 2011-01-02 09:00 -------- d-----w- c:\program files\MSXML 4.0
2011-01-01 02:31 . 2011-01-01 02:31 -------- d-----w- c:\programdata\muvee Technologies
2011-01-01 02:31 . 2011-01-01 02:33 -------- d-----w- c:\users\Steven\AppData\Roaming\muvee Technologies
2011-01-01 02:16 . 2011-01-01 02:16 -------- d-----w- c:\programdata\Seagate
2011-01-01 02:16 . 2011-01-01 02:16 -------- d-----w- c:\users\Steven\AppData\Local\Downloaded Installations
2011-01-01 02:16 . 2011-01-06 03:36 -------- d-----w- c:\program files\Carbonite
2011-01-01 02:16 . 2011-01-01 02:16 -------- d-sh--w- c:\windows\ftpcache
2011-01-01 02:15 . 2011-01-01 02:16 -------- d-----w- c:\program files\Seagate
2011-01-01 02:15 . 2011-01-01 02:15 -------- d-----w- c:\program files\Common Files\muvee Technologies
2011-01-01 02:12 . 2011-01-01 02:12 -------- d-----w- c:\users\Steven\AppData\Roaming\Leadertech
2010-12-31 22:18 . 2011-01-06 03:50 -------- d-----w- c:\program files\ESET
2010-12-31 20:54 . 2011-01-07 02:12 -------- d-----w- c:\users\Steven\AppData\Local\temp
2010-12-31 04:42 . 2010-12-31 14:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-31 04:42 . 2010-12-31 05:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-15 21:27 . 2010-10-12 04:25 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 21:27 . 2010-10-27 04:32 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2009-11-07 00:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2009-11-07 00:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-12 23:53 . 2010-04-20 02:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-25 02:25 . 2010-10-25 02:25 54144 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2010-10-25 02:25 . 2010-10-25 02:25 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2010-10-25 02:25 . 2010-10-25 02:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2010-10-19 20:51 . 2009-11-06 19:06 222080 ----a-w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MaxMenuMgr "= "c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 4.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 4.0.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Steven^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-15 02:05 136176 ----atw- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-09-23 04:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-11-06 21:20 6244896 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-11-06 21:20 1826816 ----a-w- c:\windows\SkyTel.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-11-06 119256]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-06 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-06-19 604672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

.
Contents of the 'Scheduled Tasks' folder

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 00:53]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 00:53]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295098664-1935458247-2824167555-1001Core.job
- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 02:05]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-295098664-1935458247-2824167555-1001UA.job
- c:\users\Steven\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-30 02:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\bms4nseq.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/?_bc=1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-295098664-1935458247-2824167555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "WindowsLiveMail.Email.1 "

[HKEY_USERS\S-1-5-21-295098664-1935458247-2824167555-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "WindowsLiveMail.VCard.1 "

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-06 21:13:17
ComboFix-quarantined-files.txt 2011-01-07 02:13
ComboFix2.txt 2010-12-31 21:06
ComboFix3.txt 2010-12-31 20:54

Pre-Run: 96,574,492,672 bytes free
Post-Run: 96,528,683,008 bytes free

- - End Of File - - 97C47610FED77D9B810FA1B9F20DFDCD

 

Is IDE1 : TSSTcorp CDDVDW TS-L633a what we want to be first priority. I have moved it to 1st boot priority but I also have USB CDROM as 6th priority.
If so do I then save and exit and will this need to be reversed?

 

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Acer
System Manufacturer: Acer
System Product Name: Aspire 4730Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 184):
0x82C4F000 \SystemRoot\system32\ntkrnlpa.exe
0x82C18000 \SystemRoot\system32\halmacpi.dll
0x80BB5000 \SystemRoot\system32\kdcom.dll
0x83233000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832AB000 \SystemRoot\system32\PSHED.dll
0x832BC000 \SystemRoot\system32\BOOTVID.dll
0x832C4000 \SystemRoot\system32\CLFS.SYS
0x83306000 \SystemRoot\system32\CI.dll
0x8AE00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AE71000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AE7F000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AEC7000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AED0000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AED8000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AF02000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8AF0D000 \SystemRoot\System32\drivers\partmgr.sys
0x8AF1E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AF26000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AF31000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8AF41000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AF8C000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B01D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B0F7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B100000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B134000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B210000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B33F000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B36A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B37D000 \SystemRoot\System32\Drivers\cng.sys
0x8B3DA000 \SystemRoot\System32\drivers\pcw.sys
0x8B3E8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B145000 \SystemRoot\system32\drivers\ndis.sys
0x8AFA2000 \SystemRoot\system32\drivers\NETIO.SYS
0x833B1000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B436000 \SystemRoot\System32\drivers\tcpip.sys
0x8B57F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B5B0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B5EF000 \SystemRoot\System32\Drivers\spldr.sys
0x8B400000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B200000 \SystemRoot\System32\Drivers\mup.sys
0x8B42D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x83200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B000000 \SystemRoot\system32\DRIVERS\disk.sys
0x833D6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8F51D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F53C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8F563000 \SystemRoot\System32\Drivers\Null.SYS
0x8F56A000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F571000 \SystemRoot\System32\drivers\vga.sys
0x8F57D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F59E000 \SystemRoot\System32\drivers\watchdog.sys
0x8F5AB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F5B3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F5BB000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8F5C3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F5CE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F5DC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F5F3000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90803000 \SystemRoot\system32\drivers\afd.sys
0x9085D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9088F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90896000 \SystemRoot\system32\DRIVERS\pacer.sys
0x908B5000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x908C6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x908D4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x908E7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x908F7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90938000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90942000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9094C000 \SystemRoot\System32\drivers\discache.sys
0x90958000 \SystemRoot\System32\Drivers\dfsc.sys
0x90970000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9097E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9099F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91406000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9191B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x909B1000 \SystemRoot\System32\drivers\dxgmms1.sys
0x919D2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90C0C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90C57000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90C66000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90C85000 \SystemRoot\system32\DRIVERS\netr28.sys
0x90D20000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90D2A000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x90D6F000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x90D8E000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x90DB4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x90DB8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x90DD0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x90DDD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90DEA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90DF3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x919DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90C00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91A10000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91A32000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91A61000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x91A78000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91A7A000 \SystemRoot\system32\DRIVERS\ks.sys
0x91AAE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x91ABC000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x91B00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x93825000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x93A31000 \SystemRoot\system32\drivers\portcls.sys
0x93A60000 \SystemRoot\system32\drivers\drmk.sys
0x93A79000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x93B7F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93B81000 \SystemRoot\system32\drivers\modem.sys
0x93FB0000 \SystemRoot\System32\win32k.sys
0x93B8E000 \SystemRoot\System32\drivers\Dxapi.sys
0x93B98000 \SystemRoot\System32\Drivers\crashdmp.sys
0x91B11000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x93BA5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x93BB6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x93BCD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x93BF1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x93E10000 \SystemRoot\System32\TSDDD.dll
0x93800000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9380B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9381E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91BEB000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x93E40000 \SystemRoot\System32\cdd.dll
0x91BF7000 \SystemRoot\system32\DRIVERS\KMWDFILTER.sys
0x91A00000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F418000 \SystemRoot\system32\drivers\luafv.sys
0x8F433000 \SystemRoot\system32\drivers\WudfPf.sys
0x919EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F44D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x909EA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F493000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96618000 \SystemRoot\system32\drivers\HTTP.sys
0x9669D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x966B6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x966C8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x966EB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x96726000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x96759000 \SystemRoot\system32\drivers\peauth.sys
0x967F0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x8F4A6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x96600000 \SystemRoot\System32\drivers\tcpipreg.sys
0x8F4C7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x99A0C000 \SystemRoot\System32\DRIVERS\srv.sys
0x99A5D000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x77120000 \Windows\System32\ntdll.dll
0x47A50000 \Windows\System32\smss.exe
0x77360000 \Windows\System32\apisetschema.dll
0x00840000 \Windows\System32\autochk.exe
0x764D0000 \Windows\System32\shell32.dll
0x77300000 \Windows\System32\Wldap32.dll
0x77270000 \Windows\System32\oleaut32.dll
0x76400000 \Windows\System32\msctf.dll
0x76350000 \Windows\System32\rpcrt4.dll
0x762A0000 \Windows\System32\msvcrt.dll
0x76160000 \Windows\System32\urlmon.dll
0x76000000 \Windows\System32\ole32.dll
0x75FB0000 \Windows\System32\gdi32.dll
0x75F90000 \Windows\System32\imm32.dll
0x77260000 \Windows\System32\lpk.dll
0x75EF0000 \Windows\System32\usp10.dll
0x75ED0000 \Windows\System32\sechost.dll
0x75E30000 \Windows\System32\advapi32.dll
0x75D30000 \Windows\System32\wininet.dll
0x75D20000 \Windows\System32\psapi.dll
0x75C40000 \Windows\System32\kernel32.dll
0x75C30000 \Windows\System32\nsi.dll
0x75C00000 \Windows\System32\imagehlp.dll
0x75B70000 \Windows\System32\clbcatq.dll
0x75B10000 \Windows\System32\difxapi.dll
0x75A40000 \Windows\System32\user32.dll
0x75840000 \Windows\System32\iertutil.dll
0x75800000 \Windows\System32\ws2_32.dll
0x75780000 \Windows\System32\comdlg32.dll
0x75770000 \Windows\System32\normaliz.dll
0x755D0000 \Windows\System32\setupapi.dll
0x75570000 \Windows\System32\shlwapi.dll
0x75520000 \Windows\System32\KernelBase.dll
0x754F0000 \Windows\System32\cfgmgr32.dll
0x753D0000 \Windows\System32\crypt32.dll
0x753A0000 \Windows\System32\wintrust.dll
0x75380000 \Windows\System32\devobj.dll
0x752F0000 \Windows\System32\comctl32.dll
0x752E0000 \Windows\System32\msasn1.dll

Processes (total 53):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
436 csrss.exe
512 C:\Windows\System32\wininit.exe
520 csrss.exe
560 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\svchost.exe
820 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
876 C:\Windows\System32\atiesrxx.exe
968 C:\Windows\System32\winlogon.exe
1040 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\audiodg.exe
1252 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1600 C:\Windows\System32\spoolsv.exe
1624 C:\Windows\System32\atieclxx.exe
1684 C:\Windows\System32\svchost.exe
1852 C:\Windows\System32\svchost.exe
1972 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
376 C:\Program Files\CDBurnerXP\NMSAccessU.exe
580 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1280 C:\Windows\System32\svchost.exe
1504 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2092 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2268 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2444 C:\Windows\System32\svchost.exe
2684 C:\Windows\System32\taskeng.exe
2716 C:\Windows\System32\dwm.exe
2724 C:\Windows\System32\taskhost.exe
2764 C:\Windows\explorer.exe
3056 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3104 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
3120 C:\Program Files\Microsoft Security Client\msseces.exe
3148 C:\Program Files\Windows Sidebar\sidebar.exe
3552 WmiPrvSE.exe
3668 C:\Windows\System32\SearchIndexer.exe
3756 C:\Program Files\Windows Media Player\wmpnetwk.exe
4076 WmiPrvSE.exe
2192 C:\Windows\System32\svchost.exe
2848 C:\Program Files\Internet Explorer\iexplore.exe
2992 C:\Program Files\Internet Explorer\iexplore.exe
3748 dllhost.exe
3416 C:\Program Files\Internet Explorer\iexplore.exe
3764 dllhost.exe
3084 dllhost.exe
1776 C:\Users\Steven\Desktop\MBRCheck.exe
1028 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`00400000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`c3100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

 

IE is running again have not tried chrome yet. Redirects appear to have stopped. I really can not tell you how much your help is appreciated. I only wish I knew half of what you do about these things

Logs to follow..

 

OTL logfile created on: 1/6/2011 9:59:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Steven\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 89.95 Gb Free Space | 62.88% Space Free | Partition Type: NTFS
Drive D: | 143.04 Gb Total Space | 118.04 Gb Free Space | 82.52% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/06 21:57:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/18 11:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe


========== Modules (SafeList) ==========

MOD - [2011/01/06 21:57:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/09/22 23:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/04/06 10:05:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steven\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/09/22 23:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/06/23 08:10:54 | 000,275,048 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/06 16:20:54 | 002,147,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/06 15:05:07 | 000,119,256 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/19 07:57:14 | 000,604,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2009/06/04 20:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/04/29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 40 88 EA 13 5F CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/?_bc=1 "
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.12
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/03 11:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/03 11:07:01 | 000,000,000 | ---D | M]

[2009/11/06 19:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Extensions
[2011/01/06 07:17:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\bms4nseq.default\extensions
[2010/12/23 09:27:51 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\bms4nseq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/09/18 08:55:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\bms4nseq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/11/06 19:07:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\bms4nseq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/06 20:05:47 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\bms4nseq.default\extensions\firefox@tvunetworks.com
[2010/12/31 18:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/19 21:43:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/05 08:14:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/01 07:19:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/31 18:04:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/31 15:53:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/01/06 21:57:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/01/06 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\logs
[2011/01/06 21:26:52 | 000,000,000 | ---D | C] -- C:\Users\Steven\Desktop\NTBR_CD
[2011/01/06 21:13:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/06 21:12:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/06 21:06:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/06 20:35:41 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Steven\Desktop\remover.exe
[2011/01/06 20:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/06 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/01/05 23:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/03 11:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/03 11:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/01/03 11:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/01/02 04:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/12/31 21:31:27 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
[2010/12/31 21:31:22 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\muvee Technologies
[2010/12/31 21:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/12/31 21:16:06 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\Downloaded Installations
[2010/12/31 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/12/31 21:16:00 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/12/31 21:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2010/12/31 21:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/12/31 21:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/12/31 21:12:54 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Roaming\Leadertech
[2010/12/31 17:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/12/31 15:54:47 | 000,000,000 | ---D | C] -- C:\Users\Steven\AppData\Local\temp
[2010/12/31 15:49:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/31 15:49:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/31 15:49:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/31 15:49:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/31 15:48:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/30 23:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/12/30 23:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/16 09:47:52 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2011/01/06 22:00:19 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/06 22:00:19 | 000,014,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/06 21:57:28 | 000,626,278 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/06 21:57:28 | 000,107,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/06 21:57:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2011/01/06 21:53:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/06 21:52:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/06 21:52:53 | 2414,358,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/06 21:50:16 | 000,080,384 | ---- | M] () -- C:\Users\Steven\Desktop\MBRCheck.exe
[2011/01/06 21:32:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/06 21:28:28 | 002,565,432 | ---- | M] () -- C:\Users\Steven\Desktop\NTBR_CD.exe
[2011/01/06 21:16:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-295098664-1935458247-2824167555-1001UA.job
[2011/01/06 21:16:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-295098664-1935458247-2824167555-1001Core.job
[2011/01/06 21:03:14 | 004,149,439 | R--- | M] () -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/01/06 20:07:51 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe
[2011/01/05 23:11:51 | 000,001,897 | ---- | M] () -- C:\Users\Steven\Desktop\Microsoft Security Essentials.lnk
[2011/01/05 23:00:45 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/03 11:06:56 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/31 23:13:13 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/12/31 21:15:59 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\muvee Reveal Seagate Edition.lnk
[2010/12/31 15:53:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/31 00:31:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/28 23:58:09 | 000,003,584 | ---- | M] () -- C:\Users\Steven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/16 09:32:17 | 000,317,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/13 21:16:50 | 000,002,403 | ---- | M] () -- C:\Users\Steven\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2011/01/06 21:50:16 | 000,080,384 | ---- | C] () -- C:\Users\Steven\Desktop\MBRCheck.exe
[2011/01/06 21:25:57 | 002,565,432 | ---- | C] () -- C:\Users\Steven\Desktop\NTBR_CD.exe
[2011/01/06 21:03:11 | 004,149,439 | R--- | C] () -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/01/05 23:11:51 | 000,001,897 | ---- | C] () -- C:\Users\Steven\Desktop\Microsoft Security Essentials.lnk
[2011/01/05 23:00:45 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/03 11:06:56 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/31 23:13:13 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Manager.lnk
[2010/12/31 21:15:59 | 000,002,230 | ---- | C] () -- C:\Users\Public\Desktop\muvee Reveal Seagate Edition.lnk
[2010/12/31 15:49:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/31 15:49:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/31 15:49:07 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/31 15:49:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/31 15:49:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/28 23:58:09 | 000,003,584 | ---- | C] () -- C:\Users\Steven\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/05 15:06:48 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/13 17:25:25 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/11/06 20:56:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/06 16:21:28 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/08/02 19:57:40 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Canneverbe Limited
[2009/12/05 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Canon
[2010/08/03 07:39:38 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\FrostWire
[2009/11/19 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\gtk-2.0
[2010/12/31 21:12:54 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Leadertech
[2010/12/31 21:33:09 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\muvee Technologies
[2009/11/13 16:23:03 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\NCH Swift Sound
[2010/07/26 19:26:12 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Opera
[2010/10/22 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\Steven\AppData\Roaming\Windows Live Writer
[2011/01/06 05:03:08 | 000,031,154 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/11/06 16:43:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/01/06 21:13:17 | 000,012,950 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/01/06 21:52:53 | 2414,358,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/31 18:08:12 | 000,023,008 | ---- | M] () -- C:\JavaRa.log
[2011/01/06 21:52:56 | 3219,144,704 | -HS- | M] () -- C:\pagefile.sys
[2011/01/06 20:08:58 | 000,061,374 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_06.01.2011_20.08.05_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9W.DLL
[2010/04/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9W.DLL
[2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/22 23:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/11/06 14:04:06 | 000,000,221 | -HS- | M] () -- C:\Users\Steven\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/06 21:03:14 | 004,149,439 | R--- | M] () -- C:\Users\Steven\Desktop\ComboFix.exe
[2011/01/06 21:50:16 | 000,080,384 | ---- | M] () -- C:\Users\Steven\Desktop\MBRCheck.exe
[2011/01/06 21:28:28 | 002,565,432 | ---- | M] () -- C:\Users\Steven\Desktop\NTBR_CD.exe
[2011/01/06 21:57:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steven\Desktop\OTL.exe
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Steven\Desktop\remover.exe
[2011/01/06 20:07:51 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Steven\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/08/03 07:51:09 | 000,000,402 | -HS- | M] () -- C:\Users\Steven\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >

 

OTL Extras logfile created on: 1/6/2011 9:59:17 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Steven\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 89.95 Gb Free Space | 62.88% Space Free | Partition Type: NTFS
Drive D: | 143.04 Gb Total Space | 118.04 Gb Free Space | 82.52% Space Free | Partition Type: NTFS

Computer Name: STEVEN-PC | User Name: Steven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3BAC6780-EAA2-012B-AE74-000000000000}" = TurboTax 2009 wohiper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"SopCast" = SopCast 3.2.4
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Premier 2007" = TurboTax Premier 2007
"TVUPlayer" = TVUPlayer 2.4.9.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2011 1:44:34 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x454 Faulting application start time: 0x01cbad579d6b175f Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 0a164a93-1958-11e0-b0a8-00235a67aeec

Error - 1/6/2011 5:37:20 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x1334 Faulting application start time: 0x01cbad64dcfffe67 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8e782ce9-1978-11e0-b0a8-00235a67aeec

Error - 1/6/2011 6:03:03 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x560 Faulting application start time: 0x01cbad855ba82ff7 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 261274ce-197c-11e0-b0a8-00235a67aeec

Error - 1/6/2011 9:21:27 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16559, time
stamp: 0x4ba9b21e Exception code: 0xc0000005 Fault offset: 0x0006af67 Faulting process
id: 0x3c0 Faulting application start time: 0x01cbad88eb968cba Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: dd7ed01b-1997-11e0-b0a8-00235a67aeec

Error - 1/6/2011 10:00:02 AM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.0.2.4, time stamp:
0x4bed9a1b Faulting module name: USER32.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb2f Exception code: 0xc0000005 Fault offset: 0x0001619b Faulting process id:
0xbf0 Faulting application start time: 0x01cbada94e760089 Faulting application path:
C:\Program Files\Common Files\Java\Java Update\jusched.exe Faulting module path:
C:\Windows\system32\USER32.dll Report Id: 416ddb3d-199d-11e0-b1ec-00235a67aeec

Error - 1/6/2011 10:28:15 AM | Computer Name = Steven-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll ".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll "
on line 2. Invalid Xml syntax.

Error - 1/6/2011 9:15:00 PM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.0.2.4, time stamp:
0x4bed9a1b Faulting module name: USER32.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb2f Exception code: 0xc0000005 Fault offset: 0x0001619b Faulting process id:
0xbec Faulting application start time: 0x01cbae07988f7bf2 Faulting application path:
C:\Program Files\Common Files\Java\Java Update\jusched.exe Faulting module path:
C:\Windows\system32\USER32.dll Report Id: 8bf1c5bf-19fb-11e0-95ff-00235a67aeec

Error - 1/6/2011 9:28:51 PM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.0.2.4, time stamp:
0x4bed9a1b Faulting module name: USER32.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb2f Exception code: 0xc0000005 Fault offset: 0x0001619b Faulting process id:
0xbf4 Faulting application start time: 0x01cbae0988c8a08a Faulting application path:
C:\Program Files\Common Files\Java\Java Update\jusched.exe Faulting module path:
C:\Windows\system32\USER32.dll Report Id: 7afb0600-19fd-11e0-874b-00235a67aeec

Error - 1/6/2011 9:47:52 PM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.0.2.4, time stamp:
0x4bed9a1b Faulting module name: USER32.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb2f Exception code: 0xc0000005 Fault offset: 0x0001619b Faulting process id:
0xb64 Faulting application start time: 0x01cbae0c3199533f Faulting application path:
C:\Program Files\Common Files\Java\Java Update\jusched.exe Faulting module path:
C:\Windows\system32\USER32.dll Report Id: 235a0432-1a00-11e0-a843-00235a67aeec

Error - 1/6/2011 10:58:19 PM | Computer Name = Steven-PC | Source = Application Error | ID = 1000
Description = Faulting application name: jusched.exe, version: 2.0.2.4, time stamp:
0x4bed9a1b Faulting module name: USER32.dll, version: 6.1.7600.16385, time stamp:
0x4a5bdb2f Exception code: 0xc0000005 Fault offset: 0x0001619b Faulting process id:
0xbf0 Faulting application start time: 0x01cbae16098406de Faulting application path:
C:\Program Files\Common Files\Java\Java Update\jusched.exe Faulting module path:
C:\Windows\system32\USER32.dll Report Id: facb3699-1a09-11e0-9b39-00235a67aeec

[ System Events ]
Error - 12/13/2010 12:41:23 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 12:41:24 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 1:06:35 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 1:06:36 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 1:56:50 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 1:56:51 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 2:21:49 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 2:21:50 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 4:26:35 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/13/2010 4:26:36 PM | Computer Name = Steven-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >

 

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steven
->Temp folder emptied: 32759 bytes
->Temporary Internet Files folder emptied: 8807028 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 44289062 bytes
->Google Chrome cache emptied: 7184185 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4726 bytes
RecycleBin emptied: 2577285 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Steven
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01062011_221551

Files\Folders moved on Reboot...
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RINASH0C\97200-active-worm-koobface-infection-3[1].html moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

Thould I proceed with last scans now?

 

Sorry bout that!!

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader X
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

 

TFC complete. ESET no threats.

 

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Steven
->Temp folder emptied: 36059 bytes
->Temporary Internet Files folder emptied: 11234589 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 566 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2218 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Steven
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.20.1 log created on 01062011_232319

Files\Folders moved on Reboot...
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTVJN8UD\97200-active-worm-koobface-infection-3[1].html moved successfully.
C:\Users\Steven\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

 

Do we need to update java? One of the logs indicated java was not up to date. I will continue with OTL and let you know how we are doing. So far so good. Thank you so much.

Steven