Mcafee detecting Trojans Options

[Enoch]

Hello it's been a while since I last posted, I recently noticed in one of my security reports that Mcafee had detected two Trojans. I just recently noticed this and when I ran a fresh scan it didn't detect anything. I let other people use the computer and thought maybe one of them had done something, I havn't really noticed anything different in the running of the computer, but wanted to make sure that I don't have any viruses or Malware on my computer.

[Conspire]

Hello there, Enoch



I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:

• Read the entire procedure
• It is important to perform ALL actions in sequence.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Stick with me till you're given the all clear.
• Remember, absence of symptoms does not mean the infection is all gone.
• Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

**In any case where you happen to be busy or unable to give us a reply, we would be more than grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in FIVE(5) days.

[Enoch]

No problem Conspire, i'll just await your instructions on which one of the three tools I should download before I post the scan results. Thanks for your help.

[Conspire]

Download OTL to your Desktop

• Right click on the icon and select "Run as Adminstrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Minimal Output at the top
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
• Click the OK button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[Enoch]

Here they are:

OTL logfile created on: 10/2/2010 12:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.18 Gb Total Space | 108.43 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 141.18 Gb Total Space | 141.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN-PC
Current User Name: Sean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe (Lexmark International, Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Sean\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (lxcz_device) -- C:\Windows\SysWow64\lxczcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28rsi5by7k1a987
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28rsi5by7k1a987
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28rsi5by7k1a987
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...28rsi5by7k1a987

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?sourceid=nav...nt&ie=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2010/07/07 18:53:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/09/08 09:58:51 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100914233259.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100914233259.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\nvLsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysNative\nvLsp.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://javadl-esd.sun.com/update/1.6.0/jin...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/02 11:59:51 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2010/10/01 01:51:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010/09/15 15:05:45 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/09/08 09:58:47 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/08 09:58:43 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/08 09:58:43 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/08 09:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2010/09/08 09:58:16 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/08 09:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2010/09/08 09:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010/09/08 09:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2010/09/08 09:58:11 | 000,000,000 | ---D | C] -- C:\Users\Sean\AppData\Roaming\Real
[2010/03/07 20:46:52 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll
[2010/03/07 20:46:52 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll
[2010/03/07 20:46:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll
[2010/03/07 20:46:52 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll
[2010/03/07 20:46:52 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll
[2010/03/07 20:46:52 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll
[2010/03/07 20:46:51 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll
[2010/03/07 20:46:51 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll
[2010/03/07 20:46:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll
[2010/03/07 20:46:51 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll
[2010/03/07 20:46:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll
[2009/08/14 18:54:53 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2010/10/02 12:05:09 | 002,359,296 | -HS- | M] () -- C:\Users\Sean\ntuser.dat
[2010/10/02 12:01:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/02 11:59:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe
[2010/10/02 10:24:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 10:24:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/02 10:21:11 | 000,720,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/02 10:21:11 | 000,623,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/02 10:21:11 | 000,109,332 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/02 10:19:01 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
[2010/10/02 10:17:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/02 10:16:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/02 10:16:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/02 10:16:42 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/02 05:26:14 | 002,197,520 | -H-- | M] () -- C:\Users\Sean\AppData\Local\IconCache.db
[2010/09/28 20:52:36 | 000,000,496 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sean.job
[2010/09/23 21:44:39 | 000,000,336 | ---- | M] () -- C:\Windows\Lexstat.ini
[2010/09/17 14:47:44 | 000,009,728 | ---- | M] () -- C:\Users\Sean\Documents\Statement of Reasons.wps
[2010/09/17 14:47:44 | 000,001,888 | ---- | M] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/09/13 03:14:02 | 000,008,704 | ---- | M] () -- C:\Users\Sean\Documents\Forum message.wps
[2010/09/08 10:01:48 | 000,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2010/09/08 09:58:51 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010/09/08 09:58:51 | 000,001,272 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/08 09:58:47 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2010/09/08 09:58:43 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2010/09/08 09:58:43 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2010/09/08 09:58:17 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010/09/08 09:58:16 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010/09/08 09:58:16 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010/09/05 20:45:12 | 000,010,240 | ---- | M] () -- C:\Users\Sean\Documents\Letter to Doctor Woolsey.wps

========== Files Created - No Company Name ==========

[2010/09/10 10:36:14 | 000,008,704 | ---- | C] () -- C:\Users\Sean\Documents\Forum message.wps
[2010/09/08 10:01:48 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010/09/08 09:58:51 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Free Games & Music.lnk
[2010/09/08 09:58:51 | 000,001,272 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010/09/05 21:56:13 | 000,009,728 | ---- | C] () -- C:\Users\Sean\Documents\Statement of Reasons.wps
[2010/09/05 20:17:17 | 000,010,240 | ---- | C] () -- C:\Users\Sean\Documents\Letter to Doctor Woolsey.wps
[2010/03/17 17:47:50 | 000,001,888 | ---- | C] () -- C:\Users\Sean\AppData\Roaming\wklnhst.dat
[2010/03/07 20:47:25 | 000,000,336 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010/03/07 20:46:52 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll
[2010/03/07 20:46:52 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll
[2009/08/14 18:54:32 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/17 17:47:51 | 000,000,000 | ---D | M] -- C:\Users\Sean\AppData\Roaming\Template
[2010/09/06 11:45:08 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/14 19:30:27 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/08/05 06:44:24 | 000,003,368 | ---- | M] () \ENZ1LP03.MD5 -- C:\ENZ1LP03.MD5
[2010/10/02 10:16:42 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/05 06:39:06 | 000,000,282 | ---- | M] () -- C:\LPCD.DAT
[2010/10/02 10:16:44 | 2951,270,400 | -HS- | M] () -- C:\pagefile.sys
[2009/08/14 18:49:37 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/02/07 03:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/02/04 19:24:12 | 000,000,221 | -HS- | M] () -- C:\Users\Sean\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/02 11:59:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sean\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/02/10 20:23:42 | 000,192,484 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

[Enoch]

OTL Extras logfile created on: 10/2/2010 12:02:38 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sean\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.18 Gb Total Space | 108.43 Gb Free Space | 76.80% Space Free | Partition Type: NTFS
Drive D: | 141.18 Gb Total Space | 141.09 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SEAN-PC
Current User Name: Sean
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Lexmark 1200 Series" = Lexmark 1200 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAF89271-2594-468D-B578-96B2E30C41C4}" = eBay Worldwide
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{dcecd67a-83b9-491f-93bd-059cab7dff56}" = Nero 9 Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"MSC" = McAfee AntiVirus Plus
"NSS" = Norton Security Scan
"RealPlayer 12.0" = RealPlayer
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 4:28:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 6:42:52 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 7:04:18 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 9/22/2010 8:04:33 PM | Computer Name = Sean-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 9/23/2010 12:52:28 PM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/24/2010 8:30:37 AM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/26/2010 6:22:38 AM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/27/2010 3:19:02 PM | Computer Name = Sean-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 20:17:35 on ?27/?09/?2010 was unexpected.

Error - 9/28/2010 12:28:24 AM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).

Error - 9/28/2010 5:41:42 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 9/30/2010 7:17:37 PM | Computer Name = Sean-PC | Source = DCOM | ID = 10010
Description =

Error - 9/30/2010 8:17:54 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
%%5.

Error - 9/30/2010 8:18:22 PM | Computer Name = Sean-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 10/1/2010 11:31:23 PM | Computer Name = Sean-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 04:29:47 on ?02/?10/?2010 was unexpected.


< End of report >

[Conspire]

Please download MBRCheck.exe to your desktop.

• Be sure to disable your security programs
• Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
• A window will open on your desktop
• if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
• If nothing unusual is found just press Enter
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Please post the contents of that file.

[Enoch]

Hi I think I was able to disable the security settings on Mcafee, here is the file contents:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire X1301
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 191):
0x0305B000 \SystemRoot\system32\ntoskrnl.exe
0x03012000 \SystemRoot\system32\hal.dll
0x00BCA000 \SystemRoot\system32\kdcom.dll
0x00CA8000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB5000 \SystemRoot\system32\PSHED.dll
0x00CC9000 \SystemRoot\system32\CLFS.SYS
0x00D27000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E7D000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00ED4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00EDD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00EE7000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F1A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F27000 \SystemRoot\System32\drivers\partmgr.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F51000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FB4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FC4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\nvstor64.sys
0x0100A000 \SystemRoot\system32\DRIVERS\storport.sys
0x0106C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01077000 \SystemRoot\system32\drivers\fltmgr.sys
0x010C3000 \SystemRoot\system32\drivers\fileinfo.sys
0x010D7000 \SystemRoot\system32\drivers\mfehidk.sys
0x0121D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01156000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014B6000 \SystemRoot\System32\Drivers\cng.sys
0x01529000 \SystemRoot\System32\drivers\pcw.sys
0x0153A000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01687000 \SystemRoot\system32\drivers\ndis.sys
0x01779000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0162B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01677000 \SystemRoot\System32\Drivers\spldr.sys
0x01544000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D9000 \SystemRoot\System32\Drivers\mup.sys
0x017EB000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0157E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x015B8000 \SystemRoot\system32\DRIVERS\disk.sys
0x015CE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0145E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01488000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
0x01491000 \SystemRoot\System32\Drivers\Null.SYS
0x0167F000 \SystemRoot\System32\Drivers\Beep.SYS
0x0149A000 \SystemRoot\System32\drivers\vga.sys
0x013DA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01200000 \SystemRoot\System32\drivers\watchdog.sys
0x014A8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01210000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011B4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011BD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011C8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02A03000 \SystemRoot\System32\drivers\tcpip.sys
0x0340E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03458000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0349C000 \SystemRoot\system32\drivers\TDI.SYS
0x034A9000 \SystemRoot\system32\DRIVERS\tdx.sys
0x034C7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0350C000 \SystemRoot\system32\drivers\afd.sys
0x03596000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0359F000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035C5000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x035D6000 \SystemRoot\system32\DRIVERS\netbios.sys
0x035E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x011D9000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03EA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03EF6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03F02000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
0x03F15000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
0x03F1D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03F28000 \SystemRoot\System32\drivers\discache.sys
0x03F37000 \SystemRoot\System32\Drivers\dfsc.sys
0x03F55000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03F66000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F8C000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03FA1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03FAA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03FC8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03FD7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FE6000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x03FF1000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E56000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E8B000 \??\C:\Windows\system32\drivers\UBHelper.sys
0x03E93000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
0x042F5000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
0x046D9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x051D7000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04200000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04600000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04646000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04684000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04694000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x046AA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x051D9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04347000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x051E5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04376000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04397000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x046CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x043B1000 \SystemRoot\system32\DRIVERS\ks.sys
0x011ED000 \SystemRoot\system32\DRIVERS\umbus.sys
0x054F9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05553000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05623000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05568000 \SystemRoot\system32\drivers\portcls.sys
0x05600000 \SystemRoot\system32\drivers\drmk.sys
0x057E1000 \SystemRoot\system32\drivers\ksthunk.sys
0x057E7000 \SystemRoot\system32\drivers\nvhda64v.sys
0x055A5000 \SystemRoot\system32\drivers\mfeavfk.sys
0x05400000 \SystemRoot\system32\drivers\mfefirek.sys
0x0546A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x05487000 \SystemRoot\System32\Drivers\crashdmp.sys
0x05495000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x0549F000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
0x054DC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x055D2000 \SystemRoot\System32\drivers\Dxapi.sys
0x055DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x055FB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01400000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x03400000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0141B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x054EF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x01434000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00530000 \SystemRoot\System32\TSDDD.dll
0x03682000 \SystemRoot\system32\drivers\luafv.sys
0x036A5000 \SystemRoot\system32\drivers\WudfPf.sys
0x00650000 \SystemRoot\System32\cdd.dll
0x036C6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x036DB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x036F3000 \SystemRoot\system32\drivers\HTTP.sys
0x037BB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x037D9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03600000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0362D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x052EE000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05311000 \SystemRoot\system32\drivers\peauth.sys
0x053B7000 \SystemRoot\System32\Drivers\secdrv.SYS
0x053C2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05200000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0523F000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05E47000 \SystemRoot\System32\DRIVERS\srv.sys
0x05EF9000 \SystemRoot\system32\drivers\cfwids.sys
0x05F07000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05FBF000 \SystemRoot\system32\drivers\mfeapfk.sys
0x77580000 \Windows\System32\ntdll.dll
0x48570000 \Windows\System32\smss.exe
0xFF8A0000 \Windows\System32\apisetschema.dll
0xFFF80000 \Windows\System32\autochk.exe
0xFF880000 \Windows\System32\nsi.dll
0xFF700000 \Windows\System32\urlmon.dll
0xFF6F0000 \Windows\System32\lpk.dll
0xFF6A0000 \Windows\System32\ws2_32.dll
0xFF5C0000 \Windows\System32\advapi32.dll
0xFF4F0000 \Windows\System32\usp10.dll
0xFF3E0000 \Windows\System32\msctf.dll
0xFF2B0000 \Windows\System32\wininet.dll
0xFF260000 \Windows\System32\Wldap32.dll
0xFF000000 \Windows\System32\iertutil.dll
0x77750000 \Windows\System32\psapi.dll
0xFEED0000 \Windows\System32\rpcrt4.dll
0xFEDF0000 \Windows\System32\oleaut32.dll
0xFEC10000 \Windows\System32\setupapi.dll
0x77740000 \Windows\System32\normaliz.dll
0x77480000 \Windows\System32\user32.dll
0xFEBF0000 \Windows\System32\imagehlp.dll
0xFEB70000 \Windows\System32\shlwapi.dll
0xFDDE0000 \Windows\System32\shell32.dll
0xFDD70000 \Windows\System32\gdi32.dll
0xFDCF0000 \Windows\System32\difxapi.dll
0xFDCD0000 \Windows\System32\sechost.dll
0xFDC30000 \Windows\System32\clbcatq.dll
0xFDA20000 \Windows\System32\ole32.dll
0xFD980000 \Windows\System32\comdlg32.dll
0xFD8E0000 \Windows\System32\msvcrt.dll
0xFD8B0000 \Windows\System32\imm32.dll
0x77360000 \Windows\System32\kernel32.dll
0xFD870000 \Windows\System32\wintrust.dll
0xFD850000 \Windows\System32\devobj.dll
0xFD7E0000 \Windows\System32\KernelBase.dll
0xFD670000 \Windows\System32\crypt32.dll
0xFD630000 \Windows\System32\cfgmgr32.dll
0xFD590000 \Windows\System32\comctl32.dll
0xFD580000 \Windows\System32\msasn1.dll

Processes (total 70):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
532 csrss.exe
576 C:\Windows\System32\wininit.exe
612 csrss.exe
636 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\nvvsvc.exe
864 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
324 C:\Windows\System32\winlogon.exe
364 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1200 C:\Windows\System32\nvvsvc.exe
1316 C:\Windows\System32\spoolsv.exe
1352 C:\Windows\System32\svchost.exe
1528 C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
1608 C:\Windows\System32\lxczcoms.exe
1636 C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
1684 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1720 C:\Windows\System32\rundll32.exe
1744 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
1756 C:\Windows\SysWOW64\rundll32.exe
1856 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
1916 C:\Windows\System32\svchost.exe
1944 C:\Program Files\Acer\Acer Updater\UpdaterService.exe
2000 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
2044 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1116 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
1704 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
1940 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2832 C:\Windows\System32\svchost.exe
2928 C:\Windows\System32\svchost.exe
2976 WUDFHost.exe
2692 C:\Windows\System32\dwm.exe
2876 C:\Windows\System32\taskhost.exe
2612 C:\Windows\explorer.exe
3188 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3204 C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
3392 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe
3416 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3472 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3484 C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmon.exe
3604 C:\Windows\System32\SearchIndexer.exe
3724 C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
3736 C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
3748 C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
3840 C:\Program Files\McAfee.com\Agent\mcagent.exe
3940 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3952 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
3380 C:\Program Files\Windows Media Player\wmpnetwk.exe
2176 C:\Windows\System32\svchost.exe
4148 C:\PROGRA~2\INTERN~1\iexplore.exe
4296 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
4488 C:\PROGRA~2\INTERN~1\iexplore.exe
5012 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
4728 C:\Program Files\Common Files\McAfee\Core\mchost.exe
4280 C:\PROGRA~2\INTERN~1\iexplore.exe
5808 C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
3060 mcupdmgr.exe
3176 C:\PROGRA~2\INTERN~1\iexplore.exe
5744 C:\Windows\System32\audiodg.exe
2768 C:\Users\Sean\Desktop\MBRCheck.exe
5468 C:\Windows\System32\conhost.exe
4444 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ee500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`3a000000 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22L7A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 RE: Acer MBR code detected
SHA1: 3183CBF02DD9B39C5FF84F50BA2419D633E30179


Done!

This post has been edited by Enoch: Oct 2 2010, 06:45 AM

[Conspire]

Hi,

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
• At the end, be sure a checkmark is placed next to:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Kaspersky Online Scanner in IE

I recommend you to leave your computer on for the whole night as the scanning will take longer than you expected.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Please go to Kaspersky website and click on Kaspersky Online Scanner to perform an online scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  
  
  
• Please post this log in your next reply.

**Note

For clearer guidance, here's the animated tutorial :-

Click here

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

===================================================

On your next reply please post :
MBAM log
Kaspersky log

Good Day!

[Enoch]

Hi, does Mcafee security centre need to be disabled before I run the quick scan with Malwarebytes'Anti Malware?

I ran the scan without it being disabled, here are the results;

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4735

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03/10/2010 09:41:33
mbam-log-2010-10-03 (09-41-33).txt

Scan type: Quick scan
Objects scanned: 135577
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Does just the real time scanner and nothing else need to be disabled before I run the Kaspersky Online Scanner?

[Conspire]

If you have problems with running the scanner then you've got to disable it. Just the real time scanner.

[Enoch]

Here is the scan results from Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, October 3, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, October 03, 2010 05:10:15
Records in database: 4280953
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 149390
Threats found: 3
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 01:47:54


File name / Threat / Threats count
C:\Users\Sean\AppData\Local\Temp\jar_cache5708339257509333731.tmp Infected: Trojan-Downloader.Java.Agent.gx 3
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16eb5319-209f5f01 Infected: Trojan-Downloader.Java.Agent.fe 3
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\bd32d19-387a3326 Infected: Exploit.Java.Agent.cc 1

Selected area has been scanned.

[Enoch]

Here is another scan with Malwarebytes'Anti Malware with my Real Time Scanning turned off:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4735

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03/10/2010 12:57:02
mbam-log-2010-10-03 (12-57-02).txt

Scan type: Quick scan
Objects scanned: 138407
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Conspire]

Hi,

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  CODE
  :Files
  C:\Users\Sean\AppData\Local\Temp\jar_cache5708339257509333731.tmp
  C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16eb5319-209f5f01
  C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\bd32d19-387a3326
  
  :Commands
  [emptytemp]
  [emptyflash]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

===================================================

On your next reply please post :
Fresh OTL log
OTL fix log

Good Day!

[Enoch]

Hi here it is:

All processes killed
========== FILES ==========
C:\Users\Sean\AppData\Local\Temp\jar_cache5708339257509333731.tmp moved successfully.
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\16eb5319-209f5f01 moved successfully.
C:\Users\Sean\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\bd32d19-387a3326 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sean
->Temp folder emptied: 244437924 bytes
->Temporary Internet Files folder emptied: 125774898 bytes
->Java cache emptied: 617181 bytes
->Flash cache emptied: 120374 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10812079 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 23898 bytes

Total Files Cleaned = 364.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Sean
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10032010_202445

Files\Folders moved on Reboot...
C:\Users\Sean\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Sean\AppData\Local\Temp\~DF0213F19AF72654F7.TMP not found!
File\Folder C:\Users\Sean\AppData\Local\Temp\~DF154B5761FF9EA730.TMP not found!
File\Folder C:\Users\Sean\AppData\Local\Temp\~DF5D985F45FD99AC7E.TMP not found!
File\Folder C:\Users\Sean\AppData\Local\Temp\~DF7F911C8854F93128.TMP not found!
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GCVVO8DA\ads[1].htm moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B2HMNJXG\ads[2].htm moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B2HMNJXG\index[1].htm moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NTITVBB\iframe[1].htm moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5NTITVBB\like[1].htm moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\39ONQBV4\iframescript[1].htm moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Sean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...