Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Does it appear that I am infected?

19 Sep 2010   #11
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

Dont worry there is nothing there.

Its a log of what was checked and what was found. It does not care how it found its way to the computer.


My System SpecsSystem Spec
.
19 Sep 2010   #12
glennc

Windows 7 Ultimate
 
 

Well I think I did it correctly.

Quote:
DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 21:28:56.31 on Sun 09/19/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1169 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Rhapsody\rhaphlpr.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Analytics Opt-out Browser Add-on: {75ef13ce-b59e-41ba-8a5a-a944031bd8b4} - c:\program files (x86)\google\google analytics opt-out\gaoptout.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Antimalware Script Scanner: {97055cd1-f6c4-40f8-af50-932f1890e7f5} - c:\program files (x86)\microsoft security client\antimalware\MpBHO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ThreatFire] c:\program files (x86)\threatfire\TFTray.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
mRun-x64: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\5079p0j1.default\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\5079p0j1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-7-15 65072]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-7-15 59880]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-15 308296]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 188936]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-4 203264]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\sitead~1\mcsacore.exe [2010-8-20 101048]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2010-7-15 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-7-15 155456]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-7-29 301024]
R2 ThreatFire;ThreatFire;c:\program files (x86)\threatfire\tfservice.exe service --> c:\program files (x86)\threatfire\TFService.exe service [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-4 7451648]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-4 268288]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2010-7-15 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-15 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-7-15 49480]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-6-29 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-6-27 346984]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 17464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-7-15 41888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-9-4 136176]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E18C.tmp [2010-9-18 6144]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-7-15 40904]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-7-29 39904]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-15 1255736]

=============== Created Last 30 ================

2010-09-18 13:13:19 6144 ------w- c:\windows\system32\E18C.tmp
2010-09-18 13:12:31 6144 ------w- c:\windows\system32\25BC.tmp
2010-09-17 13:30:02 0 d-----w- c:\users\owner\appdata\roaming\Foxit Software
2010-09-17 13:29:20 0 d-----w- c:\program files (x86)\Ask.com
2010-09-17 13:28:46 0 d-----w- c:\program files (x86)\Foxit Software
2010-09-17 11:07:32 0 d-----w- c:\program files (x86)\EMET
2010-09-17 10:10:51 0 d-----w- c:\program files (x86)\Auslogics
2010-09-17 09:47:21 0 d-----w- c:\programdata\Apple Computer
2010-09-15 23:33:13 46 ----a-w- c:\windows\syswow64\_WKERNEL.FRE
2010-09-15 23:32:58 56496 ----a-w- c:\windows\syswow64\wbhelp2.dll
2010-09-15 23:32:58 544768 ----a-w- c:\windows\syswow64\wbocx.ocx
2010-09-15 23:32:58 4608 ----a-w- c:\windows\syswow64\W95INF32.DLL
2010-09-15 23:32:58 33968 ----a-w- c:\windows\syswow64\anim.dll
2010-09-15 23:32:58 258352 ----a-w- c:\windows\syswow64\unicows.dll
2010-09-15 23:32:58 2272 ----a-w- c:\windows\syswow64\W95INF16.DLL
2010-09-15 23:32:58 1706800 ----a-w- c:\windows\syswow64\gdiplus.dll
2010-09-15 23:32:57 439 ----a-w- c:\windows\syswow64\shfolder.inf
2010-09-15 23:32:57 0 d-----w- c:\program files (x86)\WinUtilities
2010-09-15 23:15:51 65536 --sha-w- c:\users\owner\NTUSER.DAT{1b075d6e-c0b6-11df-a99f-6cf0497e2990}.TM.blf
2010-09-15 23:15:51 524288 --sha-w- c:\users\owner\NTUSER.DAT{1b075d6e-c0b6-11df-a99f-6cf0497e2990}.TMContainer00000000000000000002.regtrans-ms
2010-09-15 23:15:51 524288 --sha-w- c:\users\owner\NTUSER.DAT{1b075d6e-c0b6-11df-a99f-6cf0497e2990}.TMContainer00000000000000000001.regtrans-ms
2010-09-15 02:33:25 65536 --sha-w- c:\users\owner\NTUSER.DAT{c331d19c-c03d-11df-8c06-6cf0497e2990}.TM.blf
2010-09-15 02:33:25 524288 --sha-w- c:\users\owner\NTUSER.DAT{c331d19c-c03d-11df-8c06-6cf0497e2990}.TMContainer00000000000000000002.regtrans-ms
2010-09-15 02:33:25 524288 --sha-w- c:\users\owner\NTUSER.DAT{c331d19c-c03d-11df-8c06-6cf0497e2990}.TMContainer00000000000000000001.regtrans-ms
2010-09-15 02:31:51 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-14 20:28:16 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 12:54:30 6144 ------w- c:\windows\system32\F06A.tmp
2010-09-13 12:53:51 6144 ------w- c:\windows\system32\5A72.tmp
2010-09-12 13:22:08 6144 ------w- c:\windows\system32\DF49.tmp
2010-09-12 13:21:20 6144 ------w- c:\windows\system32\256C.tmp
2010-09-11 02:17:48 65536 --sha-w- c:\users\owner\NTUSER.DAT{cdd401e3-bd1e-11df-ad57-6cf0497e2990}.TM.blf
2010-09-11 02:17:48 524288 --sha-w- c:\users\owner\NTUSER.DAT{cdd401e3-bd1e-11df-ad57-6cf0497e2990}.TMContainer00000000000000000002.regtrans-ms
2010-09-11 02:17:48 524288 --sha-w- c:\users\owner\NTUSER.DAT{cdd401e3-bd1e-11df-ad57-6cf0497e2990}.TMContainer00000000000000000001.regtrans-ms
2010-09-09 15:13:42 0 d-----w- c:\program files (x86)\APC
2010-09-09 13:54:59 0 d-----w- c:\windows\pss
2010-09-08 15:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-09-08 13:43:32 6144 ------w- c:\windows\system32\4C7C.tmp
2010-09-08 13:43:11 6144 ------w- c:\windows\system32\F9E9.tmp
2010-09-05 17:23:22 6144 ------w- c:\windows\system32\826E.tmp
2010-09-05 17:23:01 6144 ------w- c:\windows\system32\31CE.tmp
2010-09-05 11:37:30 6144 ------w- c:\windows\system32\585F.tmp
2010-09-05 11:36:53 6144 ------w- c:\windows\system32\C7A3.tmp
2010-09-04 10:43:32 6144 ------w- c:\windows\system32\2F8A.tmp
2010-09-04 10:42:54 6144 ------w- c:\windows\system32\9D39.tmp
2010-09-04 08:36:57 0 d-----w- c:\users\owner\appdata\roaming\WinPatrol
2010-09-04 08:36:32 0 d-----w- c:\program files (x86)\BillP Studios
2010-09-04 08:14:05 0 d-----w- c:\windows\syswow64\Adobe
2010-09-03 13:32:14 6144 ------w- c:\windows\system32\F40.tmp
2010-09-03 13:31:21 6144 ------w- c:\windows\system32\432B.tmp
2010-09-02 21:03:56 6144 ------w- c:\windows\system32\5C7D.tmp
2010-09-02 21:03:14 6144 ------w- c:\windows\system32\BA64.tmp
2010-09-02 20:56:15 0 d-----w- c:\program files (x86)\Sophos
2010-09-01 11:22:43 0 d-----w- c:\program files (x86)\common files\Real
2010-09-01 09:08:04 0 d-----w- c:\programdata\Apple
2010-08-30 11:24:47 0 d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2010-08-25 09:29:58 571904 ----a-w- c:\windows\syswow64\oleaut32.dll
2010-08-25 09:29:57 861184 ----a-w- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-08-18 05:58:02 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2010-08-18 05:58:02 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2010-08-13 02:51:57 97862 ----a-w- c:\windows\csdf.dat
2010-08-13 02:51:57 39220 ----a-w- c:\windows\csdf_sdum.dat
2010-08-13 02:51:57 25746 ----a-w- c:\windows\crpf_sdum.bin
2010-08-13 02:51:57 25522 ----a-w- c:\windows\crpf.bin
2010-08-13 02:36:08 468480 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 12:25:11 4096 ----a-w- c:\windows\d3dx.dat
2010-08-04 06:22:38 7451648 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-04 06:07:14 20817408 ----a-w- c:\windows\system32\atio6axx.dll
2010-08-04 05:55:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 05:54:52 519680 ----a-w- c:\windows\syswow64\aticfx32.dll
2010-08-04 05:54:02 598528 ----a-w- c:\windows\system32\aticfx64.dll
2010-08-04 05:52:06 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 05:51:56 461824 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 05:51:22 203264 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 05:50:16 120320 ----a-w- c:\windows\system32\atitmm64.dll
2010-08-04 05:49:58 421376 ----a-w- c:\windows\system32\atipdl64.dll
2010-08-04 05:49:52 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll
2010-08-04 05:49:50 15845888 ----a-w- c:\windows\syswow64\atioglxx.dll
2010-08-04 05:49:42 278528 ----a-w- c:\windows\syswow64\Oemdspif.dll
2010-08-04 05:49:38 12288 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 05:49:34 59392 ----a-w- c:\windows\system32\atiedu64.dll
2010-08-04 05:49:28 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll
2010-08-04 05:46:34 3899392 ----a-w- c:\windows\syswow64\atidxx32.dll
2010-08-04 05:37:48 4554240 ----a-w- c:\windows\system32\atidxx64.dll
2010-08-04 05:28:32 3077120 ----a-w- c:\windows\system32\atiumd6a.dll
2010-08-04 05:28:28 4021760 ----a-w- c:\windows\syswow64\atiumdag.dll
2010-08-04 05:26:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2010-08-04 05:26:02 46080 ----a-w- c:\windows\syswow64\aticalrt.dll
2010-08-04 05:25:56 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2010-08-04 05:25:52 44032 ----a-w- c:\windows\syswow64\aticalcl.dll
2010-08-04 05:25:44 5394432 ----a-w- c:\windows\system32\aticaldd64.dll
2010-08-04 05:24:36 4341248 ----a-w- c:\windows\syswow64\aticaldd.dll
2010-08-04 05:23:46 56832 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 05:22:36 5167104 ----a-w- c:\windows\system32\atiumd64.dll
2010-08-04 05:21:40 3324416 ----a-w- c:\windows\syswow64\atiumdva.dll
2010-08-04 05:16:16 337920 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 05:16:08 241664 ----a-w- c:\windows\syswow64\atiadlxy.dll
2010-08-04 05:16:00 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2010-08-04 05:15:56 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll
2010-08-04 05:15:56 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 05:15:54 18432 ----a-w- c:\windows\system32\atig6txx.dll
2010-08-04 05:15:50 16896 ----a-w- c:\windows\syswow64\atigktxx.dll
2010-08-04 05:15:46 268288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-04 05:15:10 39424 ----a-w- c:\windows\system32\atiuxp64.dll
2010-08-04 05:15:04 30208 ----a-w- c:\windows\syswow64\atiuxpag.dll
2010-08-04 05:14:58 36864 ----a-w- c:\windows\system32\atiu9p64.dll
2010-08-04 05:14:50 27648 ----a-w- c:\windows\syswow64\atiu9pag.dll
2010-08-04 05:14:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-04 05:09:30 54784 ----a-w- c:\windows\system32\atimpc64.dll
2010-08-04 05:09:30 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2010-08-04 05:09:24 52736 ----a-w- c:\windows\syswow64\atimpc32.dll
2010-08-04 05:09:24 52736 ----a-w- c:\windows\syswow64\amdpcom32.dll
2010-07-30 00:44:20 12768 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2010-07-30 00:43:54 39904 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-17 09:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-17 09:00:12 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-17 09:00:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 21:35:05.23 ===============
Quote:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2010 11:59:49 AM
System Uptime: 9/19/2010 9:13:13 AM (12 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket M2 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 121.931 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 289 GiB total, 256.832 GiB free.
F: is FIXED (NTFS) - 154 GiB total, 143.916 GiB free.
G: is FIXED (NTFS) - 489 GiB total, 274.658 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL

==== System Restore Points ===================

RP148: 8/31/2010 3:07:23 AM - Windows Update
RP149: 8/31/2010 12:47:12 PM - Windows Update
RP150: 9/1/2010 4:22:39 AM - Windows Update
RP151: 9/1/2010 5:08:32 AM - Installed QuickTime
RP152: 9/1/2010 10:17:18 AM - Windows Update
RP153: 9/1/2010 5:43:08 PM - Windows Update
RP154: 9/2/2010 7:13:52 AM - Windows Update
RP155: 9/3/2010 6:02:08 AM - Windows Update
RP156: 9/3/2010 2:23:47 PM - Windows Update
RP157: 9/3/2010 9:52:41 PM - Windows Update
RP158: 9/3/2010 9:53:36 PM - Windows Update
RP159: 9/3/2010 9:56:01 PM - Windows Update
RP160: 9/4/2010 5:22:11 AM - Revo Uninstaller's restore point - WinPatrol
RP161: 9/4/2010 6:44:15 AM - Revo Uninstaller's restore point - Google Chrome
RP162: 9/5/2010 5:59:25 AM - Windows Update
RP163: 9/5/2010 4:27:46 PM - Windows Update
RP164: 9/6/2010 7:45:22 AM - Windows Update
RP165: 9/6/2010 1:41:50 PM - Windows Update
RP166: 9/7/2010 5:11:59 AM - Windows Update
RP167: 9/7/2010 10:09:40 AM - Windows Update
RP168: 9/8/2010 7:28:13 AM - Windows Update
RP169: 9/8/2010 5:55:50 PM - Windows Update
RP170: 9/9/2010 5:55:48 AM - Windows Update
RP171: 9/9/2010 11:06:37 AM - preAPCreinstall
RP172: 9/9/2010 11:08:45 AM - Revo Uninstaller's restore point - APC PowerChute Personal Edition v2.2
RP173: 9/9/2010 11:08:59 AM - Removed APC PowerChute Personal Edition v2.2
RP174: 9/9/2010 11:13:19 AM - Installed APC PowerChute Personal Edition v2.2
RP175: 9/9/2010 11:44:25 AM - Windows Update
RP176: 9/10/2010 7:22:15 AM - Windows Update
RP177: 9/10/2010 11:11:14 AM - Windows Update
RP178: 9/11/2010 6:25:53 AM - Windows Update
RP179: 9/11/2010 10:10:45 AM - Windows Update
RP180: 9/12/2010 7:49:11 AM - Windows Update
RP181: 9/12/2010 11:04:50 AM - Windows Update
RP182: 9/13/2010 5:41:39 AM - Windows Update
RP183: 9/13/2010 12:05:55 PM - Windows Update
RP184: 9/13/2010 8:53:39 PM - Windows Update
RP185: 9/14/2010 6:49:38 AM - Windows Update
RP186: 9/14/2010 4:33:05 PM - Windows Update
RP187: 9/14/2010 10:31:36 PM - Windows Update
RP188: 9/15/2010 6:49:49 AM - Windows Update
RP189: 9/15/2010 5:44:41 PM - Windows Update
RP190: 9/15/2010 7:39:50 PM - Revo Uninstaller's restore point - Registry Cleaner Free
RP191: 9/17/2010 5:40:56 AM - Windows Update
RP192: 9/17/2010 5:42:54 AM - Windows Update
RP193: 9/17/2010 7:06:55 AM - Installed EMET
RP194: 9/17/2010 2:09:07 PM - Windows Update
RP195: 9/18/2010 5:42:27 AM - Windows Update
RP196: 9/19/2010 6:31:38 AM - Windows Update
RP197: 9/19/2010 10:38:16 AM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
APC PowerChute Personal Edition v2.2
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Registration
Auslogics Disk Defrag
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CCleaner
EASEUS Data Recovery Wizard 5.0.1
EMET
EPSON Scan
FastStone Image Viewer 4.2
FastStone Photo Resizer 3.0
FileHippo.com Update Checker
Foxit Reader
GIMP 2.6.10
Glary Utilities 2.28.0.1011
Google Analytics Opt-out Browser Add-on
Google Chrome
Google Update Helper
ImgBurn
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MozBackup 1.4.10
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSVCRT
OpenOffice.org 3.2
PC Wizard 2010.1.94
QuickTime
Revo Uninstaller 1.89
Rhapsody
Secunia PSI
Sophos Anti-Rootkit 1.5.4
The Lord of the Rings FREE Trial
ThreatFire
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinUtilities 9.84 Free Edition

==== Event Viewer Messages From Past Week ========

9/19/2010 9:13:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
9/19/2010 9:13:50 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
9/19/2010 6:00:07 PM, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.
9/18/2010 9:30:05 AM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
9/18/2010 9:30:05 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\E18C.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/18/2010 9:12:38 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\25BC.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/17/2010 7:51:27 PM, Error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
9/17/2010 5:56:45 AM, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/17/2010 10:56:27 AM, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/15/2010 9:45:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RIDGEWAY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10DD8DF3-5FF7-42FE-B02C-B83635E24041}. The master browser is stopping or an election is being forced.
9/14/2010 4:33:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1620.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/14/2010 4:33:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1620.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/14/2010 4:33:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1620.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/13/2010 9:17:40 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\F06A.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/13/2010 8:53:52 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\5A72.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/12/2010 9:49:12 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\DF49.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/12/2010 9:21:26 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\256C.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/12/2010 7:49:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1489.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/12/2010 7:49:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1489.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/12/2010 7:49:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1489.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==== End Of File ===========================
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4653

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9/19/2010 10:19:05 PM
mbam-log-2010-09-19 (22-19-05).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 245995
Time elapsed: 36 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks Jacee and richc46. If you need more info I will attempt to provide it.
I really appreciate your help!
glennc
My System SpecsSystem Spec
19 Sep 2010   #13
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

You did good with the log.
I would be unfair, to you, for me to try and help. Jacee is an expert, you have to wait a bit, but its worth it.
My System SpecsSystem Spec
.

19 Sep 2010   #14
richc46

Microsoft Community Contributor Award Recipient

Windows 10, Home Clean Install
 
 

I would dump macafee and get Microsoft Security Essentisls. When I had Mcafee, and changed to Security Essentials, I found 7 nasties the first scan.
My System SpecsSystem Spec
19 Sep 2010   #15
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Right now, I'm going to log off, but I would like you todownload TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Next, rescan with DDS and post both logs again, so I can see the before and after.
My System SpecsSystem Spec
20 Sep 2010   #16
Maxxwire

Windows 7 x64 Home Premium
 
 

glennc- In addition to better AV software have you ever considered using an Image Backup Program either the one in Win 7 or from a reliable a 3rd party which you could use to restore a previously made completely clean System Image in just a few minutes from a remote HDD?

~Maxx~
.
My System SpecsSystem Spec
20 Sep 2010   #17
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Go into Programs and Features, uninstall GenericAskToolbar/Ask toolbar
Next, navigate to
c:\program files (x86)\ask.com <--delete this folder

Now, go to VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 36 AntiVirus Engines! then upload and scan each of these files individually:
c:\windows\system32\25BC.tmp
c:\windows\system32\F06A.tmp
c:\windows\system32\5A72.tmp
c:\windows\system32\DF49.tmp
c:\windows\system32\256C.tmp


You may have to show hidden files and folders in order for you to find them....
Click on 'folder options' in the control Panel, 'view' tab, Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply
My System SpecsSystem Spec
20 Sep 2010   #18
glennc

Windows 7 Ultimate
 
 

Quote   Quote: Originally Posted by richc46 View Post
I would dump macafee and get Microsoft Security Essentisls. When I had Mcafee, and changed to Security Essentials, I found 7 nasties the first scan.
I run both....
glennc
My System SpecsSystem Spec
20 Sep 2010   #19
glennc

Windows 7 Ultimate
 
 

Quote   Quote: Originally Posted by Maxxwire View Post
glennc- In addition to better AV software have you ever considered using an Image Backup Program either the one in Win 7 or from a reliable a 3rd party which you could use to restore a previously made completely clean System Image in just a few minutes from a remote HDD?

~Maxx~
.
Thanks Maxxwire,
I am using Macrium. Just didn't have a new enough one that I wanted to restore without proof of infection, if possible.
glennc
My System SpecsSystem Spec
20 Sep 2010   #20
glennc

Windows 7 Ultimate
 
 

Quote   Quote: Originally Posted by Jacee View Post
Right now, I'm going to log off, but I would like you todownload TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.

Save any unsaved work. TFC will close ALL open programs including your browser!

Right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Next, rescan with DDS and post both logs again, so I can see the before and after.
Howdy Jacee,
First, thanks. Second, idiosyncracies - a few weeks ago my APC Powerchute Software icon and apparently it's running disappeared. After running TFC, it came back and now I have two instances possibly running.
3rd here are the attach and DDS logs after running TFC.

Quote:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/15/2010 11:59:49 AM
System Uptime: 9/20/2010 11:45:23 AM (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | Socket M2 | 2580/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 118.245 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 289 GiB total, 256.832 GiB free.
F: is FIXED (NTFS) - 154 GiB total, 143.905 GiB free.
G: is FIXED (NTFS) - 489 GiB total, 274.658 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL

==== System Restore Points ===================

RP148: 8/31/2010 3:07:23 AM - Windows Update
RP149: 8/31/2010 12:47:12 PM - Windows Update
RP150: 9/1/2010 4:22:39 AM - Windows Update
RP151: 9/1/2010 5:08:32 AM - Installed QuickTime
RP152: 9/1/2010 10:17:18 AM - Windows Update
RP153: 9/1/2010 5:43:08 PM - Windows Update
RP154: 9/2/2010 7:13:52 AM - Windows Update
RP155: 9/3/2010 6:02:08 AM - Windows Update
RP156: 9/3/2010 2:23:47 PM - Windows Update
RP157: 9/3/2010 9:52:41 PM - Windows Update
RP158: 9/3/2010 9:53:36 PM - Windows Update
RP159: 9/3/2010 9:56:01 PM - Windows Update
RP160: 9/4/2010 5:22:11 AM - Revo Uninstaller's restore point - WinPatrol
RP161: 9/4/2010 6:44:15 AM - Revo Uninstaller's restore point - Google Chrome
RP162: 9/5/2010 5:59:25 AM - Windows Update
RP163: 9/5/2010 4:27:46 PM - Windows Update
RP164: 9/6/2010 7:45:22 AM - Windows Update
RP165: 9/6/2010 1:41:50 PM - Windows Update
RP166: 9/7/2010 5:11:59 AM - Windows Update
RP167: 9/7/2010 10:09:40 AM - Windows Update
RP168: 9/8/2010 7:28:13 AM - Windows Update
RP169: 9/8/2010 5:55:50 PM - Windows Update
RP170: 9/9/2010 5:55:48 AM - Windows Update
RP171: 9/9/2010 11:06:37 AM - preAPCreinstall
RP172: 9/9/2010 11:08:45 AM - Revo Uninstaller's restore point - APC PowerChute Personal Edition v2.2
RP173: 9/9/2010 11:08:59 AM - Removed APC PowerChute Personal Edition v2.2
RP174: 9/9/2010 11:13:19 AM - Installed APC PowerChute Personal Edition v2.2
RP175: 9/9/2010 11:44:25 AM - Windows Update
RP176: 9/10/2010 7:22:15 AM - Windows Update
RP177: 9/10/2010 11:11:14 AM - Windows Update
RP178: 9/11/2010 6:25:53 AM - Windows Update
RP179: 9/11/2010 10:10:45 AM - Windows Update
RP180: 9/12/2010 7:49:11 AM - Windows Update
RP181: 9/12/2010 11:04:50 AM - Windows Update
RP182: 9/13/2010 5:41:39 AM - Windows Update
RP183: 9/13/2010 12:05:55 PM - Windows Update
RP184: 9/13/2010 8:53:39 PM - Windows Update
RP185: 9/14/2010 6:49:38 AM - Windows Update
RP186: 9/14/2010 4:33:05 PM - Windows Update
RP187: 9/14/2010 10:31:36 PM - Windows Update
RP188: 9/15/2010 6:49:49 AM - Windows Update
RP189: 9/15/2010 5:44:41 PM - Windows Update
RP190: 9/15/2010 7:39:50 PM - Revo Uninstaller's restore point - Registry Cleaner Free
RP191: 9/17/2010 5:40:56 AM - Windows Update
RP192: 9/17/2010 5:42:54 AM - Windows Update
RP193: 9/17/2010 7:06:55 AM - Installed EMET
RP194: 9/17/2010 2:09:07 PM - Windows Update
RP195: 9/18/2010 5:42:27 AM - Windows Update
RP196: 9/19/2010 6:31:38 AM - Windows Update
RP197: 9/19/2010 10:38:16 AM - Windows Update

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
APC PowerChute Personal Edition v2.2
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Registration
Auslogics Disk Defrag
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
CCleaner
EASEUS Data Recovery Wizard 5.0.1
EMET
EPSON Scan
FastStone Image Viewer 4.2
FastStone Photo Resizer 3.0
FileHippo.com Update Checker
Foxit Reader
GIMP 2.6.10
Glary Utilities 2.28.0.1011
Google Analytics Opt-out Browser Add-on
Google Chrome
Google Update Helper
ImgBurn
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MozBackup 1.4.10
Mozilla Firefox (3.6.10)
Mozilla Thunderbird (3.1.4)
MSVCRT
OpenOffice.org 3.2
PC Wizard 2010.1.94
QuickTime
Revo Uninstaller 1.89
Rhapsody
Secunia PSI
Sophos Anti-Rootkit 1.5.4
The Lord of the Rings FREE Trial
ThreatFire
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinUtilities 9.84 Free Edition

==== Event Viewer Messages From Past Week ========

9/20/2010 8:00:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.1998.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/20/2010 8:00:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.87.1998.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6004.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
9/20/2010 7:54:08 AM, Error: Service Control Manager [7000] - The McAfee Inc. mferkdk service failed to start due to the following error: The specified procedure could not be found.
9/20/2010 11:46:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
9/20/2010 11:46:03 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
9/20/2010 11:43:42 AM, Error: Service Control Manager [7034] - The APC UPS Service service terminated unexpectedly. It has done this 1 time(s).
9/18/2010 9:30:05 AM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
9/18/2010 9:30:05 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\E18C.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/18/2010 9:12:38 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\25BC.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/17/2010 7:51:27 PM, Error: Service Control Manager [7034] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 3 time(s).
9/17/2010 5:56:45 AM, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/17/2010 10:56:27 AM, Error: Service Control Manager [7031] - The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/15/2010 9:45:33 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RIDGEWAY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{10DD8DF3-5FF7-42FE-B02C-B83635E24041}. The master browser is stopping or an election is being forced.
9/14/2010 4:33:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1620.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/14/2010 4:33:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1620.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/14/2010 4:33:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.89.1620.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: Microsoft Corporation Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6103.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/13/2010 9:17:40 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\F06A.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
9/13/2010 8:53:52 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\5A72.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

==== End Of File ===========================

Quote:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 11:50:46.38 on Mon 09/20/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1574 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\taskhost.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\sppsvc.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Owner\Downloads\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Analytics Opt-out Browser Add-on: {75ef13ce-b59e-41ba-8a5a-a944031bd8b4} - c:\program files (x86)\google\google analytics opt-out\gaoptout.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Antimalware Script Scanner: {97055cd1-f6c4-40f8-af50-932f1890e7f5} - c:\program files (x86)\microsoft security client\antimalware\MpBHO.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ThreatFire] c:\program files (x86)\threatfire\TFTray.exe
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Display] c:\program files (x86)\apc\apc powerchute personal edition\DataCollectionLauncher.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files (x86)\apc\apc powerchute personal edition\Display.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\5079p0j1.default\
FF - prefs.js: browser.search.selectedEngine - Google SSL
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\owner\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\5079p0j1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe --> c:\windows\system32\atiesrxx.exe [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\sitead~1\mcsacore.exe [2010-8-20 101048]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-7-29 301024]
R2 ThreatFire;ThreatFire;c:\program files (x86)\threatfire\tfservice.exe service --> c:\program files (x86)\threatfire\TFService.exe service [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys --> c:\windows\system32\drivers\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys --> c:\windows\system32\drivers\atikmpag.sys [?]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\atihdmi.sys --> c:\windows\system32\drivers\AtiHdmi.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\mpnwmon.sys --> c:\windows\system32\drivers\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\nisdrvwfp.sys --> c:\windows\system32\drivers\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-6-27 346984]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys --> c:\windows\system32\drivers\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\rt64win7.sys --> c:\windows\system32\drivers\Rt64win7.sys [?]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-9-4 136176]
S3 PSMounter;Macrium Reflect Image Explorer Service;\??\c:\windows\system32\drivers\psmounter.sys --> c:\windows\system32\drivers\psmounter.sys [?]

=============== Created Last 30 ================

2010-09-17 09:30 <DIR> --d----- c:\users\owner\appdata\roaming\Foxit Software
2010-09-17 09:29 <DIR> --d----- c:\program files (x86)\Ask.com
2010-09-17 09:28 <DIR> --d----- c:\program files (x86)\Foxit Software
2010-09-17 07:07 <DIR> --d----- c:\program files (x86)\EMET
2010-09-17 06:10 <DIR> --d----- c:\program files (x86)\Auslogics
2010-09-17 05:47 <DIR> --d----- c:\programdata\Apple Computer
2010-09-15 19:33 46 a------- c:\windows\system32\_WKERNEL.FRE
2010-09-15 19:32 1,706,800 a------- c:\windows\system32\gdiplus.dll
2010-09-15 19:32 544,768 a------- c:\windows\system32\wbocx.ocx
2010-09-15 19:32 258,352 a------- c:\windows\system32\unicows.dll
2010-09-15 19:32 56,496 a------- c:\windows\system32\wbhelp2.dll
2010-09-15 19:32 33,968 a------- c:\windows\system32\anim.dll
2010-09-15 19:32 4,608 a------- c:\windows\system32\W95INF32.DLL
2010-09-15 19:32 2,272 a------- c:\windows\system32\W95INF16.DLL
2010-09-15 19:32 439 a------- c:\windows\system32\shfolder.inf
2010-09-15 19:32 <DIR> --d----- c:\program files (x86)\WinUtilities
2010-09-09 11:13 <DIR> --d----- c:\program files (x86)\APC
2010-09-09 09:54 <DIR> --d----- c:\windows\pss
2010-09-08 11:17 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 11:17 69,632 a------- c:\windows\system32\QuickTime.qts
2010-09-04 04:36 <DIR> --d----- c:\users\owner\appdata\roaming\WinPatrol
2010-09-04 04:36 <DIR> --d----- c:\program files (x86)\BillP Studios
2010-09-04 04:14 <DIR> --d----- c:\windows\system32\Adobe
2010-09-02 16:56 <DIR> --d----- c:\program files (x86)\Sophos
2010-09-01 07:22 <DIR> --d----- c:\program files (x86)\common files\Real
2010-09-01 05:08 <DIR> --d----- c:\programdata\Apple
2010-08-30 07:24 <DIR> --d----- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2010-08-25 05:29 571,904 a------- c:\windows\system32\oleaut32.dll

==================== Find3M ====================

2010-09-09 11:35 46,448 a------- c:\windows\apppatch\apppatch64\EMET64.dll
2010-09-09 11:35 43,888 a------- c:\windows\apppatch\EMET.dll
2010-08-18 01:58 499,712 a------- c:\windows\system32\msvcp71.dll
2010-08-18 01:58 348,160 a------- c:\windows\system32\msvcr71.dll
2010-08-12 22:51 97,862 a------- c:\windows\csdf.dat
2010-08-12 22:51 39,220 a------- c:\windows\csdf_sdum.dat
2010-08-12 22:51 25,746 a------- c:\windows\crpf_sdum.bin
2010-08-12 22:51 25,522 a------- c:\windows\crpf.bin
2010-08-09 08:25 4,096 a------- c:\windows\d3dx.dat
2010-08-04 01:54 519,680 a------- c:\windows\system32\aticfx32.dll
2010-08-04 01:49 356,352 a------- c:\windows\system32\atipdlxx.dll
2010-08-04 01:49 15,845,888 a------- c:\windows\system32\atioglxx.dll
2010-08-04 01:49 278,528 a------- c:\windows\system32\Oemdspif.dll
2010-08-04 01:49 43,520 a------- c:\windows\system32\ati2edxx.dll
2010-08-04 01:46 3,899,392 a------- c:\windows\system32\atidxx32.dll
2010-08-04 01:28 4,021,760 a------- c:\windows\system32\atiumdag.dll
2010-08-04 01:26 46,080 a------- c:\windows\system32\aticalrt.dll
2010-08-04 01:25 44,032 a------- c:\windows\system32\aticalcl.dll
2010-08-04 01:24 4,341,248 a------- c:\windows\system32\aticaldd.dll
2010-08-04 01:21 3,324,416 a------- c:\windows\system32\atiumdva.dll
2010-08-04 01:16 241,664 a------- c:\windows\system32\atiadlxy.dll
2010-08-04 01:15 12,800 a------- c:\windows\system32\atiglpxx.dll
2010-08-04 01:15 16,896 a------- c:\windows\system32\atigktxx.dll
2010-08-04 01:15 30,208 a------- c:\windows\system32\atiuxpag.dll
2010-08-04 01:14 27,648 a------- c:\windows\system32\atiu9pag.dll
2010-08-04 01:09 52,736 a------- c:\windows\system32\atimpc32.dll
2010-08-04 01:09 52,736 a------- c:\windows\system32\amdpcom32.dll
2010-07-29 02:30 82,944 a------- c:\windows\system32\iccvid.dll
2010-07-17 05:00 423,656 a------- c:\windows\system32\deployJava1.dll
2010-07-07 01:52 135,168 a------- c:\windows\apppatch\apppatch64\AcXtrnal.dll
2010-07-07 01:52 347,648 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2010-06-30 02:25 978,432 a------- c:\windows\system32\wininet.dll
2009-07-14 01:37 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 01:37 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 01:37 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 01:37 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 00:54 174 a--sh--- c:\program files (x86)\desktop.ini
2009-07-13 21:00 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 21:00 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 21:00 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 21:00 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 16:44 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2009-07-13 21:39 398,848 a--sh--- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-13 21:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:00:37.30 ===============
I sure glad that there are benevolent people with the knowledge to understand the above that are willing to assist.
glennc
My System SpecsSystem Spec
Reply

 Does it appear that I am infected?




Thread Tools




Similar help and support threads
Thread Forum
My PC is infected!
:(I've tried to find these things and delete them. But I have at least two I can't get rid of. One of them is a "PC CLeaner" Another is some problem in ITunes saying its not for my new W-7....but it always was good till this other thing came along. The PC is doing something else when I...
System Security
I am infected.
I was looking for info on a new korean game called tree of saviour and i found a webpage siliconera.com which apparently had a good image of the game classes so i tried to go into the page and suddenly a windows want to execute cmd something came up and i went full retard and put yes my laptop...
System Security
My Pc is Infected
Hi everyone. I believe I have a virus on my pc. I was on my pc and I had several windows open. when I tried to close them they continued to reopen. This action lasted for 1 minute until I shutdown my pc. When I restarted the pc, everything seems alright. The same action happened two days ago....
System Security
Infected?
I'm wondering if I got a virus. I got the death blue screen once, but only once. Things boot fine now. Anyway, later, when I try to run various applications, I get errors for some of them, like this: "The application was unable to start correctly (0x0000005). Click OK to close the application."...
System Security
Am I infected?
Hello to all, Thank you for any response. Yesterday while running Malwarebytes Antimalware a scan on W7 Ultimate 64 bit it seemed to freeze up, now to be honest on certain cab or manifest files it can take a long time. But the clock was over 5 minutes slow, cursor immovable, and Task Manager...
General Discussion
Have you ever been infected?
Yes. During the years of IE6 we used Norton. It was regularly finding viruses/malware until we switched to Firefox. We switched to AVG. It found at least one threat my dad had downloaded. We tried ESET and I downloaded a program that 1000s had downloaded and a few said it was clean. It seemed to...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:05.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App