Solved Can't see files on hard drive

mannclann

Posts: 20   +0
Hi,

Looks like I have been hit by a mean little virus on my laptop even though I am pretty careful about where I go and what I do.

I have tried to do the steps outlined in the "5-Step" plan but could not complete most of them.

I was unable to install malwarebytes and run it and dds would not run either.

I was able to install and run gmer, see below:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-13 22:15:07
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: pz0q85wn.exe; Driver: C:\Users\Rick\AppData\Local\Temp\pwacauoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Thanks in advance for your help in resolving this issue.

Rick
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
14:04:08.0321 6112 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
14:04:10.0344 6112 ============================================================
14:04:10.0344 6112 Current date / time: 2012/02/15 14:04:10.0344
14:04:10.0344 6112 SystemInfo:
14:04:10.0344 6112
14:04:10.0345 6112 OS Version: 6.0.6002 ServicePack: 2.0
14:04:10.0345 6112 Product type: Workstation
14:04:10.0345 6112 ComputerName: MANNCLANNLAPTOP
14:04:10.0345 6112 UserName: Rick
14:04:10.0345 6112 Windows directory: C:\Windows
14:04:10.0345 6112 System windows directory: C:\Windows
14:04:10.0345 6112 Processor architecture: Intel x86
14:04:10.0345 6112 Number of processors: 2
14:04:10.0345 6112 Page size: 0x1000
14:04:10.0345 6112 Boot type: Normal boot
14:04:10.0346 6112 ============================================================
14:04:14.0331 6112 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:04:14.0337 6112 \Device\Harddisk0\DR0:
14:04:14.0337 6112 MBR used
14:04:14.0337 6112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23E55000
14:04:14.0337 6112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E55800, BlocksNum 0x15D7800
14:04:14.0843 6112 Initialize success
14:04:14.0843 6112 ============================================================
14:04:23.0981 0156 ============================================================
14:04:23.0981 0156 Scan started
14:04:23.0981 0156 Mode: Manual;
14:04:23.0981 0156 ============================================================
14:04:25.0879 0156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:04:25.0886 0156 ACPI - ok
14:04:26.0181 0156 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:04:26.0213 0156 adp94xx - ok
14:04:26.0258 0156 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:04:26.0281 0156 adpahci - ok
14:04:26.0324 0156 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:04:26.0329 0156 adpu160m - ok
14:04:26.0364 0156 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:04:26.0375 0156 adpu320 - ok
14:04:26.0441 0156 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:04:26.0447 0156 AFD - ok
14:04:26.0561 0156 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:04:26.0588 0156 agp440 - ok
14:04:26.0621 0156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:04:26.0652 0156 aic78xx - ok
14:04:26.0709 0156 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
14:04:26.0712 0156 aliide - ok
14:04:26.0764 0156 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:04:26.0806 0156 amdagp - ok
14:04:26.0836 0156 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
14:04:26.0840 0156 amdide - ok
14:04:26.0871 0156 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:04:26.0876 0156 AmdK7 - ok
14:04:26.0898 0156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:04:26.0902 0156 AmdK8 - ok
14:04:26.0980 0156 AMP (a7634ad081a97dd792ab261d80eafd84) C:\Windows\system32\DRIVERS\amp.sys
14:04:27.0004 0156 AMP - ok
14:04:27.0121 0156 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\Windows\system32\DRIVERS\ampse.sys
14:04:27.0156 0156 AMPSE - ok
14:04:27.0240 0156 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:04:27.0244 0156 arc - ok
14:04:27.0269 0156 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:04:27.0276 0156 arcsas - ok
14:04:27.0325 0156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:04:27.0328 0156 AsyncMac - ok
14:04:27.0365 0156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:04:27.0368 0156 atapi - ok
14:04:27.0482 0156 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
14:04:27.0518 0156 athr - ok
14:04:27.0600 0156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:04:27.0604 0156 Beep - ok
14:04:27.0924 0156 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
14:04:27.0938 0156 BHDrvx86 - ok
14:04:28.0071 0156 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:04:28.0097 0156 blbdrive - ok
14:04:28.0183 0156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:04:28.0187 0156 bowser - ok
14:04:28.0239 0156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:04:28.0243 0156 BrFiltLo - ok
14:04:28.0273 0156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:04:28.0278 0156 BrFiltUp - ok
14:04:28.0328 0156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:04:28.0336 0156 Brserid - ok
14:04:28.0359 0156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:04:28.0365 0156 BrSerWdm - ok
14:04:28.0384 0156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:04:28.0389 0156 BrUsbMdm - ok
14:04:28.0409 0156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:04:28.0414 0156 BrUsbSer - ok
14:04:28.0441 0156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:04:28.0447 0156 BTHMODEM - ok
14:04:28.0585 0156 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys
14:04:28.0592 0156 ccSet_NIS - ok
14:04:28.0629 0156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:04:28.0633 0156 cdfs - ok
14:04:28.0719 0156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:04:28.0725 0156 cdrom - ok
14:04:28.0761 0156 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:04:28.0767 0156 circlass - ok
14:04:28.0831 0156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:04:28.0837 0156 CLFS - ok
14:04:28.0898 0156 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:04:28.0901 0156 CmBatt - ok
14:04:28.0919 0156 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
14:04:28.0924 0156 cmdide - ok
14:04:28.0981 0156 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
14:04:28.0991 0156 CnxtHdAudService - ok
14:04:29.0062 0156 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:04:29.0066 0156 Compbatt - ok
14:04:29.0104 0156 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:04:29.0125 0156 crcdisk - ok
14:04:29.0158 0156 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:04:29.0165 0156 Crusoe - ok
14:04:29.0273 0156 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:04:29.0279 0156 DfsC - ok
14:04:29.0342 0156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:04:29.0368 0156 disk - ok
14:04:29.0415 0156 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
14:04:29.0420 0156 Dot4 - ok
14:04:29.0476 0156 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:04:29.0479 0156 Dot4Print - ok
14:04:29.0515 0156 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
14:04:29.0519 0156 dot4usb - ok
14:04:29.0567 0156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:04:29.0571 0156 drmkaud - ok
14:04:29.0646 0156 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:04:29.0700 0156 DXGKrnl - ok
14:04:29.0731 0156 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:04:29.0743 0156 E1G60 - ok
14:04:29.0811 0156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:04:29.0817 0156 Ecache - ok
14:04:29.0906 0156 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:04:30.0410 0156 eeCtrl - ok
14:04:30.0496 0156 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
14:04:30.0500 0156 ElRawDisk - ok
14:04:30.0542 0156 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:04:30.0566 0156 elxstor - ok
14:04:30.0666 0156 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:04:30.0672 0156 EraserUtilRebootDrv - ok
14:04:30.0773 0156 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:04:30.0778 0156 ErrDev - ok
14:04:30.0951 0156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:04:31.0133 0156 exfat - ok
14:04:31.0270 0156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:04:31.0309 0156 fastfat - ok
14:04:31.0342 0156 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:04:31.0346 0156 fdc - ok
14:04:31.0424 0156 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\Windows\system32\drivers\FileDisk.sys
14:04:31.0428 0156 FileDisk - ok
14:04:31.0475 0156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:04:31.0480 0156 FileInfo - ok
14:04:31.0509 0156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:04:31.0512 0156 Filetrace - ok
14:04:31.0534 0156 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:04:31.0538 0156 flpydisk - ok
14:04:31.0583 0156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:04:31.0589 0156 FltMgr - ok
14:04:31.0684 0156 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:04:31.0689 0156 fssfltr - ok
14:04:31.0745 0156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:04:31.0749 0156 Fs_Rec - ok
14:04:31.0774 0156 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:04:31.0780 0156 gagp30kx - ok
14:04:31.0831 0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:04:31.0834 0156 GEARAspiWDM - ok
14:04:31.0880 0156 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:04:31.0889 0156 HdAudAddService - ok
14:04:31.0989 0156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:04:32.0013 0156 HDAudBus - ok
14:04:32.0049 0156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:04:32.0053 0156 HidBth - ok
14:04:32.0108 0156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:04:32.0111 0156 HidIr - ok
14:04:32.0227 0156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:04:32.0230 0156 HidUsb - ok
14:04:32.0500 0156 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:04:32.0533 0156 HpCISSs - ok
14:04:32.0639 0156 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:04:32.0643 0156 HpqKbFiltr - ok
14:04:32.0749 0156 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:04:32.0793 0156 HSF_DPV - ok
14:04:32.0867 0156 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:04:32.0874 0156 HSXHWAZL - ok
14:04:32.0956 0156 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:04:32.0989 0156 HTTP - ok
14:04:33.0030 0156 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:04:33.0051 0156 i2omp - ok
14:04:33.0087 0156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:04:33.0093 0156 i8042prt - ok
14:04:33.0135 0156 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:04:33.0151 0156 iaStorV - ok
14:04:33.0557 0156 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120214.003\IDSvix86.sys
14:04:33.0581 0156 IDSVix86 - ok
14:04:33.0950 0156 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:04:34.0240 0156 igfx - ok
14:04:34.0321 0156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:04:34.0328 0156 iirsp - ok
14:04:34.0399 0156 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
14:04:34.0404 0156 IntcHdmiAddService - ok
14:04:34.0451 0156 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
14:04:34.0458 0156 intelide - ok
14:04:34.0492 0156 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:04:34.0519 0156 intelppm - ok
14:04:34.0844 0156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:04:34.0848 0156 IpFilterDriver - ok
14:04:34.0902 0156 IpInIp - ok
14:04:34.0945 0156 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:04:34.0972 0156 IPMIDRV - ok
14:04:34.0996 0156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:04:35.0002 0156 IPNAT - ok
14:04:35.0059 0156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:04:35.0061 0156 IRENUM - ok
14:04:35.0097 0156 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:04:35.0101 0156 isapnp - ok
14:04:35.0158 0156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:04:35.0164 0156 iScsiPrt - ok
14:04:35.0195 0156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:04:35.0200 0156 iteatapi - ok
14:04:35.0217 0156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:04:35.0221 0156 iteraid - ok
14:04:35.0251 0156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:04:35.0256 0156 kbdclass - ok
14:04:35.0294 0156 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:04:35.0298 0156 kbdhid - ok
14:04:35.0411 0156 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:04:35.0420 0156 KSecDD - ok
14:04:35.0506 0156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:04:35.0509 0156 lltdio - ok
14:04:35.0550 0156 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:04:35.0556 0156 LSI_FC - ok
14:04:35.0596 0156 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:04:35.0602 0156 LSI_SAS - ok
14:04:35.0631 0156 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:04:35.0657 0156 LSI_SCSI - ok
14:04:35.0718 0156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:04:35.0722 0156 luafv - ok
14:04:35.0787 0156 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
14:04:35.0791 0156 MBAMSwissArmy - ok
14:04:35.0838 0156 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:04:35.0852 0156 mdmxsdk - ok
14:04:35.0914 0156 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:04:35.0918 0156 megasas - ok
14:04:35.0954 0156 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:04:35.0978 0156 MegaSR - ok
14:04:36.0013 0156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:04:36.0034 0156 Modem - ok
14:04:36.0064 0156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:04:36.0069 0156 monitor - ok
14:04:36.0128 0156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:04:36.0132 0156 mouclass - ok
14:04:36.0201 0156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:04:36.0205 0156 mouhid - ok
14:04:36.0253 0156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:04:36.0256 0156 MountMgr - ok
14:04:36.0279 0156 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:04:36.0285 0156 mpio - ok
14:04:36.0319 0156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:04:36.0323 0156 mpsdrv - ok
14:04:36.0362 0156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:04:36.0389 0156 Mraid35x - ok
14:04:36.0440 0156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:04:36.0446 0156 MRxDAV - ok
14:04:36.0487 0156 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:04:36.0493 0156 mrxsmb - ok
14:04:36.0553 0156 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:04:36.0562 0156 mrxsmb10 - ok
14:04:36.0627 0156 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:04:36.0630 0156 mrxsmb20 - ok
14:04:36.0670 0156 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:04:36.0674 0156 msahci - ok
14:04:36.0720 0156 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:04:36.0725 0156 msdsm - ok
14:04:36.0768 0156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:04:36.0772 0156 Msfs - ok
14:04:36.0831 0156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:04:36.0834 0156 msisadrv - ok
14:04:36.0891 0156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:04:36.0894 0156 MSKSSRV - ok
14:04:36.0915 0156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:04:36.0918 0156 MSPCLOCK - ok
14:04:37.0071 0156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:04:37.0075 0156 MSPQM - ok
14:04:37.0142 0156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:04:37.0178 0156 MsRPC - ok
14:04:37.0251 0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:04:37.0255 0156 mssmbios - ok
14:04:37.0291 0156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:04:37.0294 0156 MSTEE - ok
14:04:37.0327 0156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:04:37.0332 0156 Mup - ok
14:04:37.0386 0156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:04:37.0391 0156 NativeWifiP - ok
14:04:37.0730 0156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120215.004\NAVENG.SYS
14:04:37.0736 0156 NAVENG - ok
14:04:37.0806 0156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120215.004\NAVEX15.SYS
14:04:37.0865 0156 NAVEX15 - ok
14:04:37.0993 0156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:04:38.0090 0156 NDIS - ok
14:04:38.0152 0156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:04:38.0155 0156 NdisTapi - ok
14:04:38.0182 0156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:04:38.0186 0156 Ndisuio - ok
14:04:38.0226 0156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:04:38.0232 0156 NdisWan - ok
14:04:38.0273 0156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:04:38.0295 0156 NDProxy - ok
14:04:38.0335 0156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:04:38.0339 0156 NetBIOS - ok
14:04:38.0382 0156 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:04:38.0390 0156 netbt - ok
14:04:38.0531 0156 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:04:38.0571 0156 NETw3v32 - ok
14:04:38.0646 0156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:04:38.0663 0156 nfrd960 - ok
14:04:38.0723 0156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:04:38.0747 0156 Npfs - ok
14:04:38.0788 0156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:04:38.0792 0156 nsiproxy - ok
14:04:38.0879 0156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:04:38.0971 0156 Ntfs - ok
14:04:39.0017 0156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:04:39.0020 0156 ntrigdigi - ok
14:04:39.0061 0156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:04:39.0067 0156 Null - ok
14:04:39.0119 0156 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:04:39.0123 0156 nvraid - ok
14:04:39.0153 0156 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:04:39.0157 0156 nvstor - ok
14:04:39.0205 0156 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:04:39.0210 0156 nv_agp - ok
14:04:39.0230 0156 NwlnkFlt - ok
14:04:39.0255 0156 NwlnkFwd - ok
14:04:39.0286 0156 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:04:39.0291 0156 ohci1394 - ok
14:04:39.0365 0156 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:04:39.0369 0156 Parport - ok
14:04:39.0423 0156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:04:39.0426 0156 partmgr - ok
14:04:39.0465 0156 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:04:39.0469 0156 Parvdm - ok
14:04:39.0522 0156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:04:39.0527 0156 pci - ok
14:04:39.0550 0156 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
14:04:39.0555 0156 pciide - ok
14:04:39.0629 0156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:04:39.0636 0156 pcmcia - ok
14:04:39.0709 0156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:04:39.0726 0156 PEAUTH - ok
14:04:39.0851 0156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:04:39.0855 0156 PptpMiniport - ok
14:04:39.0883 0156 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:04:39.0889 0156 Processor - ok
14:04:39.0972 0156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:04:39.0976 0156 PSched - ok
14:04:40.0011 0156 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
14:04:40.0017 0156 PxHelp20 - ok
14:04:40.0102 0156 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:04:40.0148 0156 ql2300 - ok
14:04:40.0197 0156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:04:40.0202 0156 ql40xx - ok
14:04:40.0242 0156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:04:40.0245 0156 QWAVEdrv - ok
14:04:40.0280 0156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:04:40.0283 0156 RasAcd - ok
14:04:40.0331 0156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:04:40.0337 0156 Rasl2tp - ok
14:04:40.0397 0156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:04:40.0401 0156 RasPppoe - ok
14:04:40.0436 0156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:04:40.0440 0156 RasSstp - ok
14:04:40.0480 0156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:04:40.0504 0156 rdbss - ok
14:04:40.0541 0156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:04:40.0544 0156 RDPCDD - ok
14:04:40.0640 0156 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:04:40.0658 0156 rdpdr - ok
14:04:40.0690 0156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:04:40.0693 0156 RDPENCDD - ok
14:04:40.0766 0156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:04:40.0792 0156 RDPWD - ok
14:04:40.0841 0156 RimUsb - ok
14:04:40.0965 0156 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:04:40.0968 0156 RimVSerPort - ok
14:04:41.0016 0156 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
14:04:41.0027 0156 ROOTMODEM - ok
14:04:41.0112 0156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:04:41.0117 0156 rspndr - ok
14:04:41.0170 0156 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:04:41.0180 0156 RTL8169 - ok
14:04:41.0220 0156 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
14:04:41.0261 0156 RTSTOR - ok
14:04:41.0299 0156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:04:41.0305 0156 sbp2port - ok
14:04:41.0372 0156 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:04:41.0376 0156 sdbus - ok
14:04:41.0441 0156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:04:41.0462 0156 secdrv - ok
14:04:41.0509 0156 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:04:41.0514 0156 Serenum - ok
14:04:41.0554 0156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:04:41.0560 0156 Serial - ok
14:04:41.0631 0156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:04:41.0653 0156 sermouse - ok
14:04:41.0898 0156 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:04:41.0903 0156 sffdisk - ok
14:04:41.0946 0156 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:04:41.0949 0156 sffp_mmc - ok
14:04:41.0968 0156 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:04:41.0972 0156 sffp_sd - ok
14:04:42.0020 0156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:04:42.0024 0156 sfloppy - ok
14:04:42.0114 0156 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:04:42.0130 0156 Sftfs - ok
14:04:42.0226 0156 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:04:42.0231 0156 Sftplay - ok
14:04:42.0289 0156 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:04:42.0292 0156 Sftredir - ok
14:04:42.0333 0156 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:04:42.0337 0156 Sftvol - ok
14:04:42.0445 0156 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:04:42.0449 0156 sisagp - ok
14:04:42.0522 0156 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:04:42.0527 0156 SiSRaid2 - ok
14:04:42.0559 0156 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:04:42.0611 0156 SiSRaid4 - ok
14:04:42.0675 0156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:04:42.0702 0156 Smb - ok
14:04:42.0760 0156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:04:42.0765 0156 spldr - ok
14:04:42.0882 0156 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS
14:04:42.0951 0156 SRTSP - ok
14:04:42.0989 0156 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS
14:04:43.0019 0156 SRTSPX - ok
14:04:43.0075 0156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:04:43.0099 0156 srv - ok
14:04:43.0138 0156 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:04:43.0146 0156 srv2 - ok
14:04:43.0211 0156 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:04:43.0236 0156 srvnet - ok
14:04:43.0303 0156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:04:43.0307 0156 swenum - ok
14:04:43.0409 0156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:04:43.0443 0156 Symc8xx - ok
14:04:43.0546 0156 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS
14:04:43.0575 0156 SymDS - ok
14:04:43.0721 0156 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS
14:04:43.0758 0156 SymEFA - ok
14:04:43.0800 0156 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:04:43.0807 0156 SymEvent - ok
14:04:43.0865 0156 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
14:04:43.0869 0156 SymIM - ok
14:04:43.0958 0156 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS
14:04:43.0967 0156 SymIRON - ok
14:04:44.0003 0156 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS
14:04:44.0026 0156 SYMTDIv - ok
14:04:44.0089 0156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:04:44.0095 0156 Sym_hi - ok
14:04:44.0170 0156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:04:44.0175 0156 Sym_u3 - ok
14:04:44.0230 0156 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
14:04:44.0236 0156 SynTP - ok
14:04:44.0363 0156 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
14:04:44.0402 0156 tap0901 - ok
14:04:44.0445 0156 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
14:04:44.0449 0156 taphss - ok
14:04:44.0560 0156 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:04:44.0577 0156 Tcpip - ok
14:04:44.0680 0156 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:04:44.0696 0156 Tcpip6 - ok
14:04:44.0738 0156 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:04:44.0756 0156 tcpipreg - ok
14:04:44.0800 0156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:04:44.0803 0156 TDPIPE - ok
14:04:44.0867 0156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:04:44.0877 0156 TDTCP - ok
14:04:44.0931 0156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:04:44.0936 0156 tdx - ok
14:04:45.0064 0156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:04:45.0068 0156 TermDD - ok
14:04:45.0222 0156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:04:45.0225 0156 tssecsrv - ok
14:04:45.0524 0156 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:04:45.0528 0156 tunmp - ok
14:04:45.0645 0156 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:04:45.0649 0156 tunnel - ok
14:04:45.0682 0156 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:04:45.0688 0156 uagp35 - ok
14:04:45.0746 0156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:04:45.0756 0156 udfs - ok
14:04:45.0811 0156 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:04:45.0844 0156 uliagpkx - ok
14:04:45.0897 0156 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:04:45.0905 0156 uliahci - ok
14:04:45.0939 0156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:04:45.0946 0156 UlSata - ok
14:04:45.0993 0156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:04:46.0001 0156 ulsata2 - ok
14:04:46.0046 0156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:04:46.0050 0156 umbus - ok
14:04:46.0235 0156 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:04:46.0280 0156 USBAAPL - ok
14:04:46.0363 0156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:04:46.0368 0156 usbccgp - ok
14:04:46.0401 0156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:04:46.0407 0156 usbcir - ok
14:04:46.0464 0156 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:04:46.0486 0156 usbehci - ok
14:04:46.0514 0156 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:04:46.0523 0156 usbhub - ok
14:04:46.0566 0156 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:04:46.0570 0156 usbohci - ok
14:04:46.0628 0156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:04:46.0654 0156 usbprint - ok
14:04:46.0695 0156 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:04:46.0700 0156 usbscan - ok
14:04:46.0726 0156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:04:46.0732 0156 USBSTOR - ok
14:04:46.0766 0156 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:04:46.0770 0156 usbuhci - ok
14:04:46.0871 0156 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:04:46.0879 0156 usbvideo - ok
14:04:46.0923 0156 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:04:46.0932 0156 vga - ok
14:04:46.0959 0156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:04:46.0963 0156 VgaSave - ok
14:04:46.0996 0156 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:04:47.0001 0156 viaagp - ok
14:04:47.0037 0156 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:04:47.0041 0156 ViaC7 - ok
14:04:47.0106 0156 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
14:04:47.0109 0156 viaide - ok
14:04:47.0171 0156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:04:47.0175 0156 volmgr - ok
14:04:47.0255 0156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:04:47.0285 0156 volmgrx - ok
14:04:47.0346 0156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:04:47.0361 0156 volsnap - ok
14:04:47.0419 0156 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:04:47.0430 0156 vsmraid - ok
14:04:47.0488 0156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:04:47.0496 0156 WacomPen - ok
14:04:47.0559 0156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:47.0565 0156 Wanarp - ok
14:04:47.0641 0156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:04:47.0645 0156 Wanarpv6 - ok
14:04:47.0698 0156 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:04:47.0718 0156 Wd - ok
14:04:47.0756 0156 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:04:47.0812 0156 Wdf01000 - ok
14:04:47.0940 0156 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:04:47.0974 0156 winachsf - ok
14:04:48.0131 0156 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:04:48.0135 0156 WmiAcpi - ok
14:04:48.0242 0156 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:04:48.0247 0156 WpdUsb - ok
14:04:48.0283 0156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:04:48.0287 0156 ws2ifsl - ok
14:04:48.0351 0156 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:04:48.0416 0156 WUDFRd - ok
14:04:48.0483 0156 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
14:04:48.0488 0156 XAudio - ok
14:04:48.0542 0156 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
14:04:48.0550 0156 yukonwlh - ok
14:04:48.0638 0156 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
14:04:48.0663 0156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:04:48.0663 0156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:04:48.0697 0156 Boot (0x1200) (9f6828b81b5b5c38467da487c976c956) \Device\Harddisk0\DR0\Partition0
14:04:48.0700 0156 \Device\Harddisk0\DR0\Partition0 - ok
14:04:48.0733 0156 Boot (0x1200) (65cd1f299bae1fea6f78153a0b0cc66a) \Device\Harddisk0\DR0\Partition1
14:04:48.0735 0156 \Device\Harddisk0\DR0\Partition1 - ok
14:04:48.0737 0156 ============================================================
14:04:48.0737 0156 Scan finished
14:04:48.0737 0156 ============================================================
14:04:48.0772 3352 Detected object count: 1
14:04:48.0772 3352 Actual detected object count: 1
14:04:59.0377 3352 \Device\Harddisk0\DR0\# - copied to quarantine
14:04:59.0390 3352 \Device\Harddisk0\DR0 - copied to quarantine
14:04:59.0485 3352 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:04:59.0523 3352 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:04:59.0608 3352 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:04:59.0629 3352 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:04:59.0676 3352 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:04:59.0937 3352 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:04:59.0963 3352 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:04:59.0984 3352 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:05:00.0552 3352 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:05:00.0608 3352 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:05:00.0645 3352 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
14:05:00.0750 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:05:00.0752 3352 \Device\Harddisk0\DR0 - ok
14:05:01.0746 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:05:20.0581 4092 Deinitialize success
 
I am trying hard to get through the GMER run. Having trouble getting it completed. Hopefully will have everything up tomorrow.

Posting this so that you do not delete this thread.

Thanks

Rick
 
Malwarebytes:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Stacey :: MANNCLANNLAPTOP [administrator]

2/15/2012 4:41:44 PM
mbam-log-2012-02-15 (16-41-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 298968
Time elapsed: 44 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Rick\AppData\Roaming\java.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\451A.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\5F11.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\F6DC.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\FED8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

(end)


GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-17 23:21:03
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
Running: kcndg3kud.exe; Driver: C:\Users\Rick\AppData\Local\Temp\pwacauoc.sys


---- System - GMER 1.0.15 ----

SSDT 88553400 ZwAlertResumeThread
SSDT 885534E0 ZwAlertThread
SSDT 88553DF0 ZwAllocateVirtualMemory
SSDT 87419718 ZwAlpcConnectPort
SSDT 88554BA8 ZwAssignProcessToJobObject
SSDT 88553150 ZwCreateMutant
SSDT 885548C8 ZwCreateSymbolicLinkObject
SSDT 88552688 ZwCreateThread
SSDT 88554C88 ZwDebugActiveProcess
SSDT 88553FC0 ZwDuplicateObject
SSDT 88553C10 ZwFreeVirtualMemory
SSDT 88553240 ZwImpersonateAnonymousToken
SSDT 88553320 ZwImpersonateThread
SSDT 874196A0 ZwLoadDriver
SSDT 88553B10 ZwMapViewOfSection
SSDT 88553070 ZwOpenEvent
SSDT 88552570 ZwOpenProcess
SSDT 88553EE0 ZwOpenProcessToken
SSDT 88554EB0 ZwOpenSection
SSDT 885524A0 ZwOpenThread
SSDT 88554AB8 ZwProtectVirtualMemory
SSDT 885535C0 ZwResumeThread
SSDT 88553860 ZwSetContextThread
SSDT 88553940 ZwSetInformationProcess
SSDT 88554D68 ZwSetSystemInformation
SSDT 88554F90 ZwSuspendProcess
SSDT 885536A0 ZwSuspendThread
SSDT 88552768 ZwTerminateProcess
SSDT 88553780 ZwTerminateThread
SSDT 88553A30 ZwUnmapViewOfSection
SSDT 88553D00 ZwWriteVirtualMemory
SSDT 885549B8 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 820F48A0 8 Bytes [00, 34, 55, 88, E0, 34, 55, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 820F48B4 4 Bytes [F0, 3D, 55, 88]
.text ntkrnlpa.exe!KeSetEvent + 13D 820F48C0 4 Bytes [18, 97, 41, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 820F4914 4 Bytes [A8, 4B, 55, 88]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820F4978 4 Bytes [50, 31, 55, 88] {PUSH EAX; XOR [EBP-0x78], EDX}
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74907817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7495A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7490BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74938395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7490DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7498CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7492C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74902AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS Text

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_25
Run by Rick at 23:22:39 on 2012-02-17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1494 [GMT -7:00]
.
AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\1Password\Agile1pService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\1Password\Agile1pAgent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57293
uWinlogon: Shell=explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - c:\progra~1\1passw~1\AGILE1~1.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Agile1pAgent] c:\program files\1password\Agile1pAgent.exe
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rick\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1passw~1\AGILE1~1.DLL
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\iavlsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3C07E7D7-601F-42E5-9888-EE5353F6A131} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\
FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/
FF - prefs.js: network.proxy.http - 173.208.51.246:12243
FF - prefs.js: network.proxy.http_port - 12243
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\rick\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\rick\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-9 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-9 132744]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-2-12 20392]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120215.002\IDSvix86.sys [2012-2-15 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-9 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys [2012-2-9 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Agile1Password;1Password;c:\program files\1password\Agile1pService.exe [2011-4-24 768776]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2011-9-28 138048]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2011-2-12 1189184]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-2-12 722616]
R2 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-9 138248]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-26 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2011-9-28 97088]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2011-9-28 97088]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-9 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-31 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2011-9-28 142144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-02-16 03:18:57 100864 ----a-w- C:\pwacauoc.sys
2012-02-15 21:04:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-15 03:52:35 388096 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-02-15 03:52:34 -------- d-----w- c:\program files\Trend Micro
2012-02-14 02:13:17 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-02-13 03:29:00 -------- d-----w- c:\program files\Defraggler
2012-02-10 05:27:26 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
2012-02-10 05:27:26 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
2012-02-10 05:27:25 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
2012-02-10 05:27:24 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
2012-02-10 05:27:24 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
2012-02-10 05:27:23 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
2012-02-10 05:27:23 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
2012-02-10 05:27:23 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
2012-02-10 05:26:10 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
2012-02-10 05:26:10 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
2012-02-10 02:22:01 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-10 02:21:59 -------- d-----w- c:\program files\Symantec
2012-02-10 02:21:59 -------- d-----w- c:\program files\common files\Symantec Shared
2012-02-10 01:56:20 764654 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-10 01:55:33 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-10 01:55:21 -------- d-----w- c:\program files\Norton Internet Security
2012-02-10 01:55:02 -------- d-----w- c:\program files\NortonInstaller
2012-02-10 01:52:55 -------- d--h--w- c:\users\rick\appdata\roaming\8C431
2012-02-10 01:51:29 -------- d--h--w- c:\users\rick\appdata\roaming\2DF8C
2012-02-10 00:48:07 -------- d--h--w- c:\program files\8C431
2012-02-10 00:47:56 -------- d--h--w- c:\program files\LP
2012-02-09 03:49:21 -------- d--h--w- c:\users\rick\appdata\roaming\AVG2012
2012-02-09 03:46:33 -------- d--h--w- c:\programdata\AVG2012
2012-02-08 08:44:52 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{2bf33d93-5d95-428a-8c1a-48e799ea5184}\offreg.dll
2012-02-08 05:09:37 6557240 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{2bf33d93-5d95-428a-8c1a-48e799ea5184}\mpengine.dll
2012-01-31 06:03:09 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:03:09 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 06:03:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 06:03:08 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-31 06:03:08 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 06:03:08 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-22 22:40:43 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-22 22:40:31 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-22 22:40:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-22 22:37:26 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-22 22:37:22 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-22 22:37:22 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-22 22:36:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-22 22:36:22 376320 ----a-w- c:\windows\system32\winsrv.dll
.
==================== Find3M ====================
.
2012-01-27 07:21:24 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-01-06 18:51:24 29696 ---ha-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 18:51:16 11776 ---ha-w- c:\windows\system32\smrgdf.exe
2012-01-06 18:29:06 2083464 ---ha-w- c:\windows\system32\Incinerator32.dll
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 20:26:13 74703 ---ha-w- c:\windows\system32\mfc45.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:24:44.30 ===============
 
ATTACH Text

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2009 7:20:46 PM
System Uptime: 2/16/2012 9:26:17 PM (26 hours ago)
.
Motherboard: Wistron | | 360C
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 1044/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 105.835 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.821 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Composite Device
Device ID: USB\VID_0C45&PID_62C0\SN0001
Manufacturer: (Standard USB Host Controller)
Name: USB Composite Device
PNP Device ID: USB\VID_0C45&PID_62C0\SN0001
Service: usbccgp
.
==== System Restore Points ===================
.
RP1168: 2/15/2012 2:16:13 PM - Windows Update
.
==== Installed Programs ======================
.
1Password 1.0.9.272
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Amazon Kindle
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVIGenerator V1.0.0.0
AVS Audio Converter version 6.2
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
AVSDK5
Bonjour
Canon ScanGear Starter
CCleaner
Click to Call with Skype
CoffeeCup Free HTML Editor
CoffeeCup HTML Editor
Conexant HD Audio
CyberLink DVD Suite
CyberLink YouCam
D3DX10
Defraggler
Destination Component
DeviceDiscovery
DHTML Editing Component
DocMgr
DocProc
Download Accelerator Plus (DAP)
Dropbox
DupeFree Pro
e-Sword
ESU for Microsoft Vista
Fax
FileZilla Client 3.5.3
FlipShare
Google Chrome
Google Talk Plugin
GPBaseService2
HDAUDIO Soft Data Fax Modem with SmartCP
Hide My ***! Pro 1.8
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 12.0
HP Doc Viewer
HP Document Manager 2.0
HP DVD Play 3.7
HP Help and Support
HP Imaging Device Functions 12.0
HP Quick Launch Buttons 6.40 H2
HP Smart Web Printing
HP Solution Center 12.0
HP Total Care Advisor
HP Total Care Setup
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
IBP 11.7.4
iCloud
iLumina Gold Premium
iMacros V6.90
Intel(R) Graphics Media Accelerator Driver
iolo technologies' System Mechanic Professional
iTunes
Java Auto Updater
Java(TM) 6 Update 25
Jing
Junk Mail filter update
Juno Preloader
Korean Fonts Support For Adobe Reader 9
LabelPrint
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware version 1.51.2.1300
Market Samurai
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mindjet MindManager Viewer 7
Mozilla Firefox 10.0.1 (x86 en-US)
Mozilla Firefox 4.0b12 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee Reveal
My HP Games
MySQL Connector/ODBC 5.1
MySQL Server 5.1
MySQL Tools for 5.0
NetWaiting
NetZero Preloader
Nitro PDF Professional
Norton Internet Security
OCR Software by I.R.I.S. 12.0
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
Playback 2.3.0.4
Power2Go
PowerDirector
PxMergeModule
QuickTime
Rank Tracker
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
S3 Ripper 1.3
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Segoe UI
SERPAssist
SERPAttacks
Skype™ 5.3
SmartWebPrinting
SolutionCenter
SpeedBit Video Downloader
Spybot - Search & Destroy
Status
SupportSoft Assisted Service
Synaptics Pointing Device Driver
TeamViewer 5
TheBestSpinner
TrayApp
TweetAttacks
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Visual C++ Runtime for Dragon NaturallySpeaking
Visual Studio 2005 Tools for Office Second Edition Runtime
VLC media player 1.1.7
WampServer 2.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinMerge 2.12.4
WinRAR archiver
ZipGenius 6 (6.0.3.1150)
.
==== Event Viewer Messages From Past Week ========
.
2/16/2012 9:29:06 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80040154'. If possible, reinstall Windows Media Player.
2/16/2012 9:27:30 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/16/2012 9:26:50 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:30 PM on 2/16/2012 was unexpected.
2/16/2012 5:11:47 PM, Error: EventLog [6008] - The previous system shutdown at 1:01:50 AM on 2/16/2012 was unexpected.
2/15/2012 8:23:45 PM, Error: EventLog [6008] - The previous system shutdown at 8:21:53 PM on 2/15/2012 was unexpected.
2/15/2012 8:16:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:00 PM on 2/15/2012 was unexpected.
2/15/2012 5:46:10 PM, Error: EventLog [6008] - The previous system shutdown at 5:44:04 PM on 2/15/2012 was unexpected.
2/15/2012 2:09:24 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:32 PM on 2/15/2012 was unexpected.
2/15/2012 2:07:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
2/15/2012 2:06:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
2/15/2012 2:06:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
2/15/2012 2:02:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/14/2012 9:03:16 PM, Error: EventLog [6008] - The previous system shutdown at 8:59:29 PM on 2/14/2012 was unexpected.
2/14/2012 7:40:24 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
2/14/2012 5:25:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
2/14/2012 5:25:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
2/14/2012 5:24:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
2/14/2012 5:24:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
2/14/2012 5:23:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
2/14/2012 3:14:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367).
2/14/2012 3:08:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
2/14/2012 3:07:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
2/14/2012 3:07:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
2/13/2012 8:23:14 PM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
2/13/2012 3:17:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367).
2/13/2012 3:11:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
2/13/2012 3:09:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
2/13/2012 3:09:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
2/13/2012 10:20:57 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
2/12/2012 7:54:28 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
2/10/2012 9:56:35 PM, Error: EventLog [6008] - The previous system shutdown at 9:51:56 PM on 2/10/2012 was unexpected.
2/10/2012 10:02:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
2/10/2012 10:02:01 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Uninstall iolo technologies' System Mechanic Professional
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


It also includes an AV program and you're already running Norton.

=================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
 
aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 14:08:38
-----------------------------
14:08:38.312 OS Version: Windows 6.0.6002 Service Pack 2
14:08:38.312 Number of processors: 2 586 0x170A
14:08:38.316 ComputerName: MANNCLANNLAPTOP UserName: Rick
14:09:11.997 Initialize success
14:09:20.259 AVAST engine download error: 0
14:09:46.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
14:09:46.201 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
14:09:46.214 Disk 0 MBR read successfully
14:09:46.220 Disk 0 MBR scan
14:09:46.224 Disk 0 Windows XP default MBR code
14:09:46.294 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294058 MB offset 2048
14:09:46.351 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11183 MB offset 602232832
14:09:46.360 Disk 0 scanning sectors +625135616
14:09:46.563 Disk 0 scanning C:\Windows\system32\drivers
14:09:57.589 Service scanning
14:10:21.863 Modules scanning
14:10:55.195 Disk 0 trace - called modules:
14:10:55.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS partmgr.sys volmgr.sys ecache.sys volsnap.sys Ntfs.sys dxgkrnl.sys igdkmd32.sys
14:10:55.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86beeac8]
14:10:55.242 3 CLASSPNP.SYS[807d38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x86122b98]
14:10:55.247 Scan finished successfully
14:13:23.071 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
14:13:23.077 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"



CreateFile() ERROR 6
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;



Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
When trying to run combofix I am getting a screen that says something about an expired date and then it wants to know if I want to run it in a reduced function mode.

Is that normal?

Thanks

Rick
 
ComboFix 12-02-17.02 - Rick 02/18/2012 16:22:12.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1697 [GMT -7:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\3CD2\F16.exe
c:\programdata\~letYrmvezEAY0F
c:\programdata\~letYrmvezEAY0Fr
c:\programdata\letYrmvezEAY0F
c:\users\Rick\AppData\Roaming\EurekaLog
c:\users\Rick\AppData\Roaming\EurekaLog\firefox\Agile1pFF.elf
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Rick\AppData\Roaming\ubot
c:\windows\Temp\tmp3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Rick\AppData\Local\CrashDumps
2012-02-18 23:46 . 2012-02-18 23:47 -------- d-----w- c:\users\Rick\AppData\Local\temp
2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Stacey\AppData\Local\temp
2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-16 03:18 . 2012-02-16 03:18 100864 ----a-w- C:\pwacauoc.sys
2012-02-15 23:39 . 2012-02-15 23:39 -------- d-----w- c:\users\Stacey\AppData\Roaming\Malwarebytes
2012-02-15 21:04 . 2012-02-15 21:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-15 03:52 . 2012-02-15 03:52 388096 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-15 03:52 . 2012-02-15 03:52 -------- d-----w- c:\program files\Trend Micro
2012-02-14 02:13 . 2011-11-24 02:23 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2012-02-13 03:29 . 2012-02-13 03:29 -------- d-----w- c:\program files\Defraggler
2012-02-10 02:22 . 2012-02-10 05:28 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-10 02:21 . 2012-02-10 05:28 -------- d-----w- c:\program files\Symantec
2012-02-10 02:21 . 2012-02-10 02:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-10 01:56 . 2012-02-18 21:10 764654 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-10 01:55 . 2012-02-11 04:52 -------- d-----w- c:\windows\system32\drivers\NIS
2012-02-10 01:55 . 2012-02-10 01:55 -------- d-----w- c:\program files\Norton Internet Security
2012-02-10 01:55 . 2012-02-10 01:55 -------- d-----w- c:\program files\NortonInstaller
2012-02-10 01:52 . 2012-02-10 02:31 -------- d--h--w- c:\users\Rick\AppData\Roaming\8C431
2012-02-10 01:51 . 2012-02-10 02:30 -------- d--h--w- c:\users\Rick\AppData\Roaming\2DF8C
2012-02-10 00:48 . 2012-02-10 00:54 -------- d--h--w- c:\program files\8C431
2012-02-09 03:49 . 2012-02-09 03:49 -------- d--h--w- c:\users\Rick\AppData\Roaming\AVG2012
2012-02-09 03:46 . 2012-02-10 01:47 -------- d--h--w- c:\programdata\AVG2012
2012-02-08 08:44 . 2012-02-08 08:44 56200 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF33D93-5D95-428A-8C1A-48E799EA5184}\offreg.dll
2012-02-08 05:09 . 2012-01-06 04:19 6557240 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF33D93-5D95-428A-8C1A-48E799EA5184}\mpengine.dll
2012-02-06 02:51 . 2012-02-06 02:51 -------- d--h--w- c:\program files\Safari
2012-01-31 06:03 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-31 06:03 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-31 06:03 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-31 06:03 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-31 06:03 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-31 06:03 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-22 22:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-22 22:40 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-22 22:40 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-22 22:37 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-22 22:37 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-22 22:37 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-22 22:36 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-22 22:36 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 07:21 . 2009-10-19 16:36 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-01-06 18:51 . 2010-01-20 02:17 29696 ---ha-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 18:51 . 2010-01-20 02:17 11776 ---ha-w- c:\windows\system32\smrgdf.exe
2011-12-10 22:24 . 2010-01-30 01:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 20:26 . 2011-12-10 20:26 74703 ---ha-w- c:\windows\system32\mfc45.dll
2011-11-23 13:37 . 2011-12-15 00:59 2043904 ----a-w- c:\windows\system32\win32k.sys
2012-02-08 20:13 . 2012-02-12 03:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-12-31 23:35 2447360 ---ha-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-12-31 2844848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Agile1pAgent"="c:\program files\1Password\Agile1pAgent.exe" [2012-01-31 2188552]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:57293
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1PASSW~1\AGILE1~1.DLL
TCP: DhcpNameServer = 192.168.1.1
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\
FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/
FF - prefs.js: network.proxy.http - 173.208.51.246:12243
FF - prefs.js: network.proxy.http_port - 12243
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 16:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL51]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-18 17:09:07
ComboFix-quarantined-files.txt 2012-02-19 00:09
.
Pre-Run: 108,855,570,432 bytes free
Post-Run: 108,307,681,280 bytes free
.
- - End Of File - - A89500DDF6DC9575E27E1BBD2DB6DE54
 
Looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 2/18/2012 6:06:24 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.54% Memory free
6.06 Gb Paging File | 4.71 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 100.73 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: MANNCLANNLAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/18 18:02:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2012/01/31 16:39:22 | 002,188,552 | ---- | M] (AgileBits) -- C:\Program Files\1Password\Agile1pAgent.exe
PRC - [2012/01/31 16:39:16 | 000,768,776 | ---- | M] (AgileBits) -- C:\Program Files\1Password\Agile1pService.exe
PRC - [2011/11/29 19:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2010/12/31 16:36:50 | 002,844,848 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/21 10:18:00 | 000,115,008 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll
MOD - [2010/09/05 14:22:02 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/31 16:39:16 | 000,768,776 | ---- | M] (AgileBits) [Auto | Running] -- C:\Program Files\1Password\Agile1pService.exe -- (Agile1Password)
SRV - [2011/11/29 19:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/02/12 21:03:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120217.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/02/12 21:03:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120217.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/02/09 22:28:08 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/09 19:31:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/09 19:31:34 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/09 16:32:36 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSvix86.sys -- (IDSVix86)
DRV - [2012/02/07 06:18:36 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/23 19:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
DRV - [2011/11/23 19:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/11/23 18:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
DRV - [2011/11/23 18:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/16 20:37:59 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/11/16 20:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
DRV - [2011/11/04 16:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/06/22 19:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/15 20:04:24 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2008/10/03 02:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/29 07:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57293

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://digitalscrapbookpages.com/digitals/"
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.8
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.2
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: launchClipboard@alice:1.8
FF - prefs.js..extensions.enabledItems: hootsuite@hootsuite.com:0.6.1
FF - prefs.js..extensions.enabledItems: rapportive@rapportive.com:1.2
FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.1
FF - prefs.js..extensions.enabledItems: firefox@1passwd.com:1.0.4.173
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..network.proxy.http: "173.208.51.246:12243"
FF - prefs.js..network.proxy.http_port: 12243
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/03/24 10:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2010/12/31 16:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/12/31 16:36:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/09 19:55:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/18 14:07:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 20:58:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 06:03:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/04/03 14:43:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/03/24 10:14:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/12/31 16:37:01 | 000,000,000 | ---D | M]

[2010/11/07 08:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
[2010/11/07 08:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/18 15:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions
[2010/05/02 13:01:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/31 19:06:52 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/01/06 20:28:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/03/31 16:39:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\engine@conduit(80).com
[2010/11/19 10:40:03 | 000,000,000 | ---D | M] ("BlackSheep") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\jsobrier@zscaler.com
[2010/11/22 21:03:30 | 000,000,000 | ---D | M] (Launch Clipboard) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\launchClipboard@alice
[2010/02/24 20:26:40 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\noia2_option@kk.noia
[2011/12/18 19:33:54 | 000,000,000 | ---D | M] (Rapportive) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\rapportive@rapportive.com
[2012/02/11 20:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/04 09:16:32 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/31 20:21:06 | 000,000,000 | ---D | M] (1Password) -- C:\PROGRAM FILES\1PASSWORD\FIREFOX@1PASSWD.COM
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\HOOTSUITE@HOOTSUITE.COM.XPI
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\SEO4FIREFOX@SEOBOOK.COM.XPI
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\SEOTOOLBAR@SEOBOOK.COM.XPI
() (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/02/08 13:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/08 10:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 10:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Gloss Blue = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0\

O1 HOSTS File: ([2012/02/18 16:46:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files\1Password\Agile1pAgent.exe (AgileBits)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C07E7D7-601F-42E5-9888-EE5353F6A131}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 18:02:30 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/02/18 17:09:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/18 17:09:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/18 17:09:10 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\temp
[2012/02/18 16:46:38 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\CrashDumps
[2012/02/18 16:19:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/18 16:19:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/18 16:19:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/18 15:04:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/18 13:57:09 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/02/15 20:18:57 | 000,100,864 | ---- | C] (GMER) -- C:\pwacauoc.sys
[2012/02/15 16:27:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rick\Desktop\dds.scr
[2012/02/15 14:04:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/15 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\tdsskiller
[2012/02/14 20:57:24 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rick\Desktop\HousecallLauncher.exe
[2012/02/14 20:52:35 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/14 20:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/02/13 20:31:47 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/13 19:13:17 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2012/02/12 20:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/02/12 20:26:39 | 003,521,912 | ---- | C] (Piriform Ltd) -- C:\Users\Rick\Desktop\dfsetup209.exe
[2012/02/09 22:27:26 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symtdiv.sys
[2012/02/09 22:27:26 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symnets.sys
[2012/02/09 22:27:25 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.sys
[2012/02/09 22:27:24 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symds.sys
[2012/02/09 22:27:24 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.sys
[2012/02/09 22:27:23 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.sys
[2012/02/09 22:27:23 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ironx86.sys
[2012/02/09 22:27:23 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.sys
[2012/02/09 22:26:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1305000.091
[2012/02/09 19:22:01 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/09 19:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2012/02/09 19:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/02/09 18:55:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2012/02/09 18:55:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2012/02/09 18:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/02/09 18:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/02/09 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\8C431
[2012/02/09 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\2DF8C
[2012/02/09 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\8C431
[2012/02/08 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\AVG2012
[2012/02/08 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/05 19:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 18:03:58 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 18:03:58 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 18:02:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/02/18 17:32:59 | 002,244,175 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/18 16:46:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/18 16:40:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
[2012/02/18 15:40:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
[2012/02/18 14:13:23 | 000,000,512 | ---- | M] () -- C:\Users\Rick\Desktop\MBR.dat
[2012/02/18 14:04:45 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/02/18 14:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/18 14:03:53 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 13:58:20 | 000,568,832 | ---- | M] () -- C:\Users\Rick\Desktop\BTKR_RunBox.exe
[2012/02/18 13:57:49 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/02/18 07:42:55 | 000,002,087 | ---- | M] () -- C:\Users\Rick\Desktop\Google Chrome.lnk
[2012/02/16 21:26:34 | 436,426,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/15 20:18:57 | 000,100,864 | ---- | M] (GMER) -- C:\pwacauoc.sys
[2012/02/15 17:53:45 | 000,302,592 | ---- | M] () -- C:\Users\Rick\Desktop\kcndg3kud.exe
[2012/02/15 16:39:32 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 16:27:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rick\Desktop\dds.scr
[2012/02/15 16:23:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/15 14:02:42 | 002,042,462 | ---- | M] () -- C:\Users\Rick\Desktop\tdsskiller.zip
[2012/02/14 20:57:25 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rick\Desktop\HousecallLauncher.exe
[2012/02/14 20:55:45 | 000,002,521 | ---- | M] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
[2012/02/14 20:50:56 | 001,402,880 | ---- | M] () -- C:\Users\Rick\Desktop\HiJackThis.msi
[2012/02/13 20:37:46 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2012/02/12 20:29:05 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/02/12 20:27:47 | 003,521,912 | ---- | M] (Piriform Ltd) -- C:\Users\Rick\Desktop\dfsetup209.exe
[2012/02/12 19:50:22 | 000,015,822 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120212_195010.reg
[2012/02/12 19:34:56 | 000,012,962 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120212_193445.reg
[2012/02/11 20:58:49 | 000,000,920 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/11 20:58:48 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/10 21:50:09 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 21:42:21 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
[2012/02/09 22:28:09 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/09 22:28:09 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/09 22:28:08 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/02/09 19:40:45 | 000,000,679 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/09 18:57:38 | 000,000,655 | ---- | M] () -- C:\Users\Rick\Desktop\System Check.lnk
[2012/02/09 17:29:22 | 000,634,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/09 17:29:22 | 000,115,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/09 17:22:01 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini
[2012/02/07 22:50:23 | 000,008,098 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120207_225013.reg
[2012/02/05 17:14:22 | 000,001,686 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120205_171413.reg
[2012/01/31 20:46:44 | 000,000,966 | ---- | M] () -- C:\Users\Rick\Desktop\Dropbox.lnk
[2012/01/31 20:46:44 | 000,000,946 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/01/31 20:21:12 | 000,000,866 | ---- | M] () -- C:\Users\Rick\Desktop\1Password.lnk
[2012/01/30 22:19:21 | 000,000,600 | ---- | M] () -- C:\Users\Rick\AppData\Local\PUTTY.RND
[2012/01/29 14:11:53 | 000,005,774 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\mainhst.zgh
[2012/01/27 03:01:10 | 000,000,680 | ---- | M] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2012/01/26 21:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 16:19:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/18 16:19:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/18 16:19:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/18 16:19:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/18 16:19:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/18 14:13:23 | 000,000,512 | ---- | C] () -- C:\Users\Rick\Desktop\MBR.dat
[2012/02/18 13:58:09 | 000,568,832 | ---- | C] () -- C:\Users\Rick\Desktop\BTKR_RunBox.exe
[2012/02/15 17:53:31 | 000,302,592 | ---- | C] () -- C:\Users\Rick\Desktop\kcndg3kud.exe
[2012/02/15 16:39:32 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 14:02:36 | 002,042,462 | ---- | C] () -- C:\Users\Rick\Desktop\tdsskiller.zip
[2012/02/14 20:52:35 | 000,002,521 | ---- | C] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
[2012/02/14 20:50:54 | 001,402,880 | ---- | C] () -- C:\Users\Rick\Desktop\HiJackThis.msi
[2012/02/13 20:37:45 | 000,080,384 | ---- | C] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2012/02/12 20:29:05 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/02/12 19:50:15 | 000,015,822 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120212_195010.reg
[2012/02/12 19:34:49 | 000,012,962 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120212_193445.reg
[2012/02/11 20:58:49 | 000,000,920 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/11 20:58:48 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/11 20:58:47 | 000,000,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/10 21:50:09 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 21:42:21 | 002,244,175 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
[2012/02/10 21:42:21 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
[2012/02/09 22:27:26 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnetv.cat
[2012/02/09 22:27:26 | 000,001,469 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnetv.inf
[2012/02/09 22:27:25 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.cat
[2012/02/09 22:27:25 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.cat
[2012/02/09 22:27:25 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.inf
[2012/02/09 22:27:25 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.inf
[2012/02/09 22:27:24 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.cat
[2012/02/09 22:27:24 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.inf
[2012/02/09 22:27:23 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.cat
[2012/02/09 22:27:23 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.cat
[2012/02/09 22:27:23 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.cat
[2012/02/09 22:27:23 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.inf
[2012/02/09 22:27:23 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.inf
[2012/02/09 22:27:23 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.inf
[2012/02/09 22:27:22 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.cat
[2012/02/09 22:27:22 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.inf
[2012/02/09 22:26:10 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symvtcer.dat
[2012/02/09 22:26:10 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
[2012/02/09 19:40:40 | 000,000,679 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/02/09 19:22:01 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/02/09 19:22:01 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/02/09 19:16:32 | 436,426,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 18:57:38 | 000,000,655 | ---- | C] () -- C:\Users\Rick\Desktop\System Check.lnk
[2012/02/09 17:20:40 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/07 22:50:17 | 000,008,098 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120207_225013.reg
[2012/02/05 17:14:18 | 000,001,686 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120205_171413.reg
[2011/12/10 13:26:13 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/07/12 19:45:26 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini
[2011/05/07 17:09:36 | 000,000,600 | ---- | C] () -- C:\Users\Rick\AppData\Local\PUTTY.RND
[2011/01/22 07:30:41 | 000,000,036 | ---- | C] () -- C:\Users\Rick\AppData\Local\housecall.guid.cache
[2010/09/17 16:36:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2010/09/12 19:39:57 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
[2010/09/12 19:39:56 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
[2010/09/12 19:39:56 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
[2010/09/12 19:39:55 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/07/30 08:25:10 | 000,000,680 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
[2010/07/24 20:15:24 | 000,016,384 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/08 15:23:24 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/05/20 14:32:43 | 000,000,384 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
[2010/04/30 14:08:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2010/04/30 14:08:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2010/03/22 07:54:29 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/03/01 03:01:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx16_ic.ini
[2009/08/21 21:05:23 | 000,005,774 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\mainhst.zgh
[2009/07/19 18:56:47 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== LOP Check ==========

[2010/06/04 19:13:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\iolo
[2010/06/04 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TrueCrypt
[2012/02/09 19:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\2DF8C
[2012/02/09 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\8C431
[2011/01/01 09:11:01 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Agile Web Solutions
[2010/04/26 13:55:55 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AnvSoft
[2011/12/10 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AVG
[2012/02/08 20:49:21 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AVG2012
[2011/01/20 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\BitTorrent
[2010/05/22 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Canon
[2010/03/12 11:22:10 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\CoffeeCup Software
[2011/04/02 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\DeskAlerts_{0960BB44-2943-4e39-872A-29DC1636040A}
[2011/04/23 21:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\DoneEx
[2011/05/22 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Downloaded Installations
[2012/02/09 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Dropbox
[2010/11/13 19:08:52 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\EasyLeadFinderv2
[2012/02/12 19:48:45 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\FileZilla
[2010/09/03 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\IBP
[2011/07/12 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\iolo
[2010/02/22 09:18:56 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\KaDonk
[2010/09/14 19:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/30 10:01:36 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MySQL
[2011/12/10 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Nitro PDF
[2009/11/30 09:05:14 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\OpenOffice.org
[2012/02/18 15:05:25 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\QuickScan
[2010/11/30 19:31:49 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ScrapeBox Link Checker Free Edition
[2011/04/04 17:47:15 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\SERPAttacks
[2012/02/18 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\SoftGrid Client
[2010/06/10 22:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TeamViewer
[2010/05/20 14:32:46 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Template
[2011/04/23 21:27:30 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TP
[2010/11/24 12:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/06/13 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ZipGenius
[2011/07/23 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Stacey\AppData\Roaming\iolo
[2011/07/23 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Stacey\AppData\Roaming\SoftGrid Client
[2012/02/18 14:02:52 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/26 21:31:11 | 000,000,728 | ---- | M] () -- C:\blitzblank.log
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/08/12 16:43:30 | 001,906,680 | ---- | M] (Codejock Software) -- C:\Codejock.Controls.Unicode.v15.1.3.ocx
[2012/02/18 17:09:08 | 000,014,606 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/02/18 14:03:53 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/02/14 21:34:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/27 21:10:59 | 000,023,237 | ---- | M] () -- C:\JavaRa.log
[2011/04/08 18:43:53 | 000,000,024 | ---- | M] () -- C:\license.txt
[2012/02/15 17:28:14 | 000,003,740 | ---- | M] () -- C:\mbam-log-2012-02-15 (16-41-44).txt
[2011/02/14 21:34:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/18 14:03:51 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
[2012/02/15 20:18:57 | 000,100,864 | ---- | M] (GMER) -- C:\pwacauoc.sys
[2010/06/06 13:16:10 | 000,000,755 | ---- | M] () -- C:\Sys_LogWin.log
[2012/02/15 14:05:20 | 000,084,684 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_14.04.08_log.txt
[2012/02/15 16:32:26 | 000,082,048 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_16.31.36_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/03 08:24:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/04/30 19:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD92.DLL
[2007/04/30 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP92.DLL
[2010/09/02 15:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2008/08/12 09:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp082.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/02/10 14:41:46 | 000,001,658 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2006/11/17 22:24:06 | 000,066,046 | ---- | M] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/02/18 13:57:49 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/02/18 13:58:20 | 000,568,832 | ---- | M] () -- C:\Users\Rick\Desktop\BTKR_RunBox.exe
[2012/02/12 20:27:47 | 003,521,912 | ---- | M] (Piriform Ltd) -- C:\Users\Rick\Desktop\dfsetup209.exe
[2011/01/25 19:48:25 | 000,296,448 | ---- | M] () -- C:\Users\Rick\Desktop\GMERpipyxxhd.exe
[2012/02/14 20:57:25 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rick\Desktop\HousecallLauncher.exe
[2010/09/05 15:57:36 | 005,487,504 | ---- | M] () -- C:\Users\Rick\Desktop\HSS-1.49-install-webroot-225-conduit.exe
[2010/09/05 17:10:48 | 005,487,504 | ---- | M] () -- C:\Users\Rick\Desktop\HSS-1.49-install-webroot-225-conduit[1].exe
[2012/02/15 17:53:45 | 000,302,592 | ---- | M] () -- C:\Users\Rick\Desktop\kcndg3kud.exe
[2012/02/15 16:23:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.60.1.1000.exe
[2012/02/13 20:37:46 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
[2011/11/30 10:30:05 | 128,933,888 | ---- | M] () -- C:\Users\Rick\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
[2012/02/18 18:02:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2010/06/10 22:46:27 | 006,936,830 | ---- | M] ( ) -- C:\Users\Rick\Desktop\setup.exe
[2011/01/25 20:47:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/17 07:54:29 | 000,000,402 | -HS- | M] () -- C:\Users\Rick\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/18 14:04:45 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011/11/05 07:35:52 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
[2011/02/14 22:30:36 | 000,006,526 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/30 14:08:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2010/04/30 14:08:04 | 000,000,153 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
[2009/07/19 18:59:53 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/04/20 05:24:54 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/07/19 18:59:02 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/04/20 05:19:15 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/07/19 18:57:17 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/19 18:59:32 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/04/20 05:17:35 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/04/20 05:24:26 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/07/19 19:00:02 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 268 bytes -> C:\ProgramData\Temp:2B11E0DF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F35A93AD

< End of report >
 
OTL Extras logfile created on: 2/18/2012 6:06:24 PM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Rick\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.54% Memory free
6.06 Gb Paging File | 4.71 Gb Available in Paging File | 77.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.17 Gb Total Space | 100.73 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: MANNCLANNLAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15142F5F-7C3A-44D5-85E7-FD23921C5528}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{271E284E-1BB7-457B-9142-957B598C4FE8}" = rport=139 | protocol=6 | dir=out | app=system |
"{2928F4E0-A165-4E84-B224-471F2E0E7FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3EC535F2-BC1E-4BA0-BBEE-80CC5CD3B31C}" = lport=137 | protocol=17 | dir=in | app=system |
"{4523AFEF-E422-4475-8499-127CB3013A20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D3243ED-D8C1-4B73-8878-531AB806B0A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{4DBAE02F-C8C8-4D74-BF9E-C17CA24E3558}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{519CE014-B082-4FB7-B2A4-C0ADB76E142F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{61E792CF-13BC-4E0E-B2D5-3D99DB1E5B92}" = rport=137 | protocol=17 | dir=out | app=system |
"{7089D2BD-A2E4-4374-9DA9-5A19866ED0D3}" = lport=445 | protocol=6 | dir=in | app=system |
"{792A320F-1AED-4212-BB6F-8308B19CCE29}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F333E99-EDF8-473E-B86B-1AEE04AC0DCE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84C6B7E1-DBEB-475C-9AFA-76062A838C3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{AA63AD45-A1EC-46D4-B5AC-8A92987AA064}" = rport=445 | protocol=6 | dir=out | app=system |
"{B574F6C6-60ED-4E87-8D32-B54E2ABD6B23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B5B6F440-7A12-4DFF-9737-AB522544BD4B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C7D2F04B-30C4-433E-8921-EFC658A199E1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D0B03161-C333-4E45-8FE8-9AD273F6BE89}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D5D30B6C-09B7-42B7-B9F9-8B12BFE8F180}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{DC87CC94-B5E7-41D0-9781-A7828539C8C7}" = lport=139 | protocol=6 | dir=in | app=system |
"{F3A7161A-5488-4593-A7EC-6C140CD41A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FDC4452C-EB51-4AD5-A4BD-B70908FF28E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13740FFF-A484-498A-A20E-0F22441EDF7A}" = protocol=6 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
"{21A56D28-C3FE-4928-A916-3EA2034B54B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{2F06A6A2-BB56-4222-A42F-A7046614141A}" = dir=in | app=e:\setup\hpznui01.exe |
"{306CE2B3-375E-4A82-B95D-2403984C32DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41B45893-1D5C-4474-AAB5-A901917431E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{4A34CEA6-E59D-4765-B066-E74C34B4020C}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
"{4C606A07-0F90-4C5C-A254-714187AE2F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CC34291-90C7-4C4C-ACE7-DA899DE88156}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
"{4D7F516A-8B06-4CA2-B416-5823080BAE52}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{564CCE0F-DA65-4336-B266-9510A707094E}" = protocol=6 | dir=in | app=c:\users\rick\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{67BC386C-E4CB-4E43-AD68-7044042B3304}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6C90C03C-4D81-41C9-94FB-DDCEA4E205A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6E4BBC9D-AA60-4790-A2CB-FE22B7A65C03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{8D75A7F9-6E83-45E0-AD68-C52F97EB7B94}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{9317517A-E325-4FE8-8E65-1F780A0099EF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{97D24841-A589-4966-A98E-3FDC40C541C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A53A9578-4F19-4DD2-A5A4-280377D52B77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5D84A2C-070D-46E3-A637-E2109ADB700C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{A89B0245-F75E-4E66-BCC0-50A277E3629C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{ABAC187F-6940-4908-B437-5D511B8E2F78}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{B4AC5C31-A52E-4BAE-9250-3002230F3A40}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BA973A2C-8098-4F8C-BEB1-47A61B35A232}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{BC707160-3FBA-4CE4-AA07-D28E76056939}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D39D1015-DF82-442D-88FB-7208E158DD69}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E1BD6AD5-1400-4340-B5BA-BACD6F880A9A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E2B392C5-25B7-4397-A79E-F95C8CF93A35}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
"{E7CBB595-848B-433E-8342-9DD5EDD98329}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E9D0364B-20F2-437E-9DC3-9E9BE7271E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA51B807-3A5B-4FD2-8123-0BC69825E200}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
"{F1AB2F7A-209E-4071-9317-B365213E3B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F61C4FFE-AC6A-492D-9539-6C6FFEAD9AD7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{F76339C9-47B7-443F-AA7B-9AF35293D2F4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F9215783-162A-486F-8D2F-673D89B5BA65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{FB394EC6-CFDB-44BF-95B0-2FFAD4EA0E47}" = protocol=17 | dir=in | app=c:\users\rick\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FCF532A2-76CD-4FE3-9D5C-DDA5AD22C6F2}" = protocol=17 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{58955F7B-D670-4183-B872-8E13D3679301}C:\xampp1\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp1\xampp\mysql\bin\mysqld.exe |
"TCP Query User{88D7522A-C06D-4F0B-BEDB-F86D71497508}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"TCP Query User{C1B4590A-1A03-43B8-9797-CA088A90665E}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{E1C416AF-B3C3-4234-9EA1-201846AB22F6}C:\program files\coffeecup software\coffeecup free html editor\coffee.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\coffeecup free html editor\coffee.exe |
"UDP Query User{2D23F0B8-DBAB-4410-AE14-12D469CF4023}C:\program files\coffeecup software\coffeecup free html editor\coffee.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffeecup free html editor\coffee.exe |
"UDP Query User{7179FBDF-3F18-422E-9D79-7C4F37023E1C}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{A04B76B9-F447-4E6A-AE0B-3E308EAEEEB2}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{D8BED047-3864-46A6-845C-57AAD698C554}C:\xampp1\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp1\xampp\mysql\bin\mysqld.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{04B2B238-7763-45A8-96AD-458EA749466C}" = e-Sword
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EA0260A-CE18-A022-DF3A-0AF6136B226E}" = Market Samurai
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C3CDCA6-8B91-45A6-B704-522A1BFB67D9}" = MySQL Server 5.1
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}" = Mindjet MindManager Viewer 7
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3E09EC5-EB20-4667-83D0-FF61AC087434}" = TweetAttacks
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
"{F81BC54F-0272-42B4-8237-F5D091421B9B}" = SERPAssist
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1Password_is1" = 1Password 1.0.9.272
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVIGenerator V1.0.0.0_is1" = AVIGenerator V1.0.0.0
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"FileZilla Client" = FileZilla Client 3.5.3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hide My ***! Pro" = Hide My ***! Pro 1.8
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IBP11_is1" = IBP 11.7.4
"IIM5_is1" = iMacros V6.90
"iLuminaPremium" = iLumina Gold Premium
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"Mozilla Firefox 4.0b12 (x86 en-US)" = Mozilla Firefox 4.0b12 (x86 en-US)
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Playback_is1" = Playback 2.3.0.4
"seopowersuite" = Rank Tracker
"SERPAttacks_is1" = SERPAttacks
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TheBestSpinner" = TheBestSpinner
"VLC media player" = VLC media player 1.1.7
"WampServer 2_is1" = WampServer 2.0
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Everything seems to be doing well now except I still don't seen anything in the start menu. If I click "all programs" everything is there but nothing shows if I just click the start menu.

Thanks for everything you have done.

Rick
 
Cool :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
    [2012/02/09 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\8C431
    [2012/02/09 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\2DF8C
    [2012/02/09 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\8C431
    [2012/02/08 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\AVG2012
    [2012/02/08 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/02/09 19:40:45 | 000,000,679 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/09 18:57:38 | 000,000,655 | ---- | M] () -- C:\Users\Rick\Desktop\System Check.lnk
    @Alternate Data Stream - 268 bytes -> C:\ProgramData\Temp:2B11E0DF
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F35A93AD
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I don't seem to be able to update Java. I tried both installers, local and online and get the same error both times which is an installer error.

Should I remove the old java with the javara and try again?

Thanks

Rick
 
Back