Inactive [A] Response to 5-step removal instructions

Status
Not open for further replies.
OTL logfile created on: 12/24/2011 4:12:16 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\John\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 51.26% Memory free
6.70 Gb Paging File | 5.20 Gb Available in Paging File | 77.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.72 Gb Total Space | 103.66 Gb Free Space | 35.54% Space Free | Partition Type: NTFS
Drive D: | 6.37 Gb Total Space | 0.58 Gb Free Space | 9.17% Space Free | Partition Type: NTFS
Drive G: | 29.73 Mb Total Space | 2.15 Mb Free Space | 7.24% Space Free | Partition Type: FAT
Drive K: | 931.51 Gb Total Space | 618.13 Gb Free Space | 66.36% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC2 | User Name: Bart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/23 22:48:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\John\Documents\Desktop\OTL.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/02/21 20:39:28 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\John\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/04/11 00:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/28 07:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/05/17 18:00:58 | 000,278,528 | ---- | M] (Dell) -- C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe
PRC - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
PRC - [2002/09/20 10:37:28 | 000,036,864 | ---- | M] (Intuit) -- C:\Program Files\Quicken\QWDLLS.EXE


========== Modules (No Company Name) ==========

MOD - [2011/10/13 06:00:28 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll
MOD - [2011/10/13 06:00:16 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/13 05:58:07 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 05:57:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 05:57:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 05:54:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 05:54:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 05:54:03 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 05:53:42 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011/10/13 05:53:23 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 05:53:20 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 05:52:57 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 05:52:37 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 05:52:32 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 05:51:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/08/16 13:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/16 13:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/16 13:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/07/30 20:34:05 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
MOD - [2010/07/19 19:19:18 | 000,153,600 | ---- | M] () -- C:\Windows\System32\WS_ContextMenu.dll
MOD - [2009/08/05 10:26:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/08/05 10:26:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/08/05 10:26:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/08/05 10:26:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/08/05 10:26:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/08/05 10:26:04 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/08/05 10:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/08/05 10:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/04/18 11:35:02 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2009/03/29 22:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2002/09/20 10:37:52 | 000,106,496 | ---- | M] () -- C:\Program Files\Quicken\qcomutil.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/22 20:59:50 | 000,419,624 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/06/24 16:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011/11/14 13:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 01:54:31 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/09 01:54:31 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111223.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/03 19:19:39 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111223.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 19:19:39 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111223.035\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/02 17:08:33 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 21:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 18:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 20:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/07/09 16:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/21 15:42:50 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/28 10:46:16 | 000,391,296 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2009/04/10 22:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/22 14:02:22 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ssport.sys -- (SSPORT)
DRV - [2006/07/13 12:14:16 | 000,004,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2005/12/12 10:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011/10/12 15:29:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_4_3 [2011/12/24 12:17:13 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/12/23 18:32:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [DellNSCST] C:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe (Dell)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\>IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4E4D-9C54-AFB56EFCB312/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {91F71D75-A73B-4E3B-8A14-F03557B82B29} http://www.graalonline.com/downloads/plugin/graalplugin.cab (Cax3DPlugin Object)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.com/onlinegames/ghbabeldeluxe/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} http://aolsvc.aol.com/onlinegames/free-trial-sandscript/SandScript.1.0.0.21.cab (CPlayFirstSandScriptControl Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{625EC315-B42D-4352-9D70-50EE52C19254}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{625EC315-B42D-4352-9D70-50EE52C19254}: Domain = domain.invalid
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bart\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/15 10:10:48 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\Windows\System32\CFHD.dll (CineForm Inc.)
Drivers32: VIDC.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/23 23:06:58 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\MouseVerifierPolicy.dll
[2011/12/23 21:54:35 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011/12/23 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Local\temp
[2011/12/23 21:27:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/23 21:12:23 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/23 13:15:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/23 13:15:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/23 13:15:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/23 13:14:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/23 13:14:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/22 10:35:27 | 000,100,864 | ---- | C] (GMER) -- C:\kwdirfog.sys
[2011/12/22 09:40:45 | 000,000,000 | ---D | C] -- C:\Users\Bart\AppData\Roaming\Malwarebytes
[2011/12/22 09:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/22 09:40:31 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/22 09:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/22 08:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/12/22 08:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2011/12/21 22:37:31 | 000,169,472 | ---- | C] (CineForm) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineFormActiveMetadataStatusViewer.exe
[2011/12/21 18:31:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/21 17:13:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/24 16:18:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0E5265CB-FFF2-48B6-B37B-92B00DD1D364}.job
[2011/12/24 16:16:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 16:16:43 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 16:15:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8579A225-5DF0-46B9-8D1D-784429172A3E}.job
[2011/12/24 15:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/24 12:16:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/24 12:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 18:32:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/12/22 23:49:34 | 000,622,094 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/22 23:49:34 | 000,111,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/22 10:35:27 | 000,100,864 | ---- | M] (GMER) -- C:\kwdirfog.sys
[2011/12/22 09:52:17 | 000,002,832 | ---- | M] () -- C:\{CF793C22-80E3-4EE8-98A4-4F61870B589F}
[2011/12/22 09:40:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 09:10:18 | 016,331,540 | ---- | M] () -- C:\Users\Bart\AppData\Roaming\SMRBackup210.dat
[2011/12/21 18:34:24 | 000,131,157 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/21 18:34:23 | 000,131,157 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/21 18:21:26 | 356,360,776 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/21 13:24:31 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/19 20:00:00 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bart.job
[2011/12/15 07:15:50 | 000,307,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/23 13:15:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/23 13:15:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/23 13:15:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/23 13:15:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/23 13:15:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/22 09:52:17 | 000,002,832 | ---- | C] () -- C:\{CF793C22-80E3-4EE8-98A4-4F61870B589F}
[2011/12/22 09:40:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 09:09:48 | 016,331,540 | ---- | C] () -- C:\Users\Bart\AppData\Roaming\SMRBackup210.dat
[2011/12/21 22:37:31 | 000,002,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
[2011/12/21 22:37:31 | 000,001,777 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk
[2011/12/21 22:37:31 | 000,001,030 | ---- | C] () -- C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/12/21 22:37:31 | 000,000,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Startup.lnk
[2011/12/21 22:37:31 | 000,000,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
[2011/12/21 16:39:20 | 356,360,776 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/01 15:47:19 | 000,000,264 | ---- | C] () -- C:\Windows\game.ini
[2011/05/08 17:07:23 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/05/08 17:07:15 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/01/07 21:13:27 | 000,001,940 | ---- | C] () -- C:\Users\Bart\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/01 11:32:37 | 000,138,056 | ---- | C] () -- C:\Users\Bart\AppData\Roaming\PnkBstrK.sys
[2011/01/01 11:31:57 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/12/31 13:13:57 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/12/31 13:00:45 | 000,040,647 | ---- | C] () -- C:\Program Files\RMPly00.exe
[2010/12/30 16:25:34 | 000,153,600 | ---- | C] () -- C:\Windows\System32\WS_ContextMenu.dll
[2010/09/18 14:23:34 | 000,001,356 | ---- | C] () -- C:\Users\Bart\AppData\Local\d3d9caps.dat
[2009/12/04 23:09:07 | 000,131,157 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/04 23:08:57 | 000,131,157 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/08/18 14:37:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/18 14:37:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/17 19:24:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008/08/24 14:01:50 | 000,091,016 | ---- | C] () -- C:\Windows\wiainst.exe
[2008/08/24 14:01:09 | 000,217,088 | R--- | C] () -- C:\Windows\System32\ssminidriver.dll
[2008/08/24 14:01:09 | 000,027,136 | R--- | C] () -- C:\Windows\System32\ssimgfilter.dll
[2008/08/24 14:01:09 | 000,011,264 | R--- | C] () -- C:\Windows\System32\sssegfilter.dll
[2008/08/24 14:01:09 | 000,010,752 | R--- | C] () -- C:\Windows\System32\sserrhandler.dll
[2008/08/24 13:58:23 | 000,022,723 | ---- | C] () -- C:\Windows\System32\DELR1LM.DLL
[2008/08/24 13:58:22 | 000,022,723 | ---- | C] () -- C:\Windows\System32\DELR1L3.DLL
[2008/08/03 17:37:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/26 20:59:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/24 11:09:57 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/07/24 11:09:57 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/07/24 11:09:57 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/07/24 10:52:42 | 000,000,536 | ---- | C] () -- C:\Windows\sierra.ini
[2007/12/05 19:32:13 | 000,000,491 | ---- | C] () -- C:\Windows\EReg515.dat
[2007/12/05 19:30:12 | 000,001,375 | ---- | C] () -- C:\Windows\disney.ini
[2007/11/23 22:32:18 | 000,000,221 | ---- | C] () -- C:\Windows\PowerReg.dat
[2007/11/23 22:17:43 | 000,000,966 | ---- | C] () -- C:\Windows\wininit.ini
[2007/10/30 14:29:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\impborl.dll
[2007/10/13 10:55:02 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2007/09/08 13:52:11 | 000,027,503 | ---- | C] () -- C:\Users\Bart\AppData\Roaming\UserTile.png
[2007/07/01 16:43:29 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2007/06/06 16:52:46 | 000,000,192 | ---- | C] () -- C:\Windows\KA.INI
[2007/05/29 09:07:05 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2007/05/26 12:59:33 | 000,001,380 | ---- | C] () -- C:\Users\Bart\AppData\Roaming\wklnhst.dat
[2007/05/26 10:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
[2007/05/16 19:53:51 | 000,000,050 | ---- | C] () -- C:\Windows\qwimp.ini
[2007/04/28 16:31:22 | 000,035,328 | ---- | C] () -- C:\Users\Bart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/24 18:04:12 | 000,000,288 | ---- | C] () -- C:\Windows\spipcl4a.ini
[2007/04/24 18:04:12 | 000,000,046 | ---- | C] () -- C:\Windows\SHSFTSET.INI
[2007/03/16 06:14:14 | 000,000,919 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2007/03/16 06:14:14 | 000,000,052 | ---- | C] () -- C:\Windows\intuprof.ini
[2007/03/12 16:45:10 | 000,000,552 | ---- | C] () -- C:\Users\Bart\AppData\Local\d3d8caps.dat
[2007/03/11 19:08:20 | 000,001,019 | ---- | C] () -- C:\Windows\eReg.dat
[2006/12/15 10:04:10 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2006/12/15 10:03:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2006/12/15 09:59:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2006/12/15 09:59:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/09 08:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,307,344 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,622,094 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,111,648 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/11 01:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 01:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 12:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/09/16 14:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll

========== LOP Check ==========

[2011/07/07 23:13:16 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\.minecraft
[2009/01/10 14:16:42 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Amazon
[2010/12/30 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\AnvSoft
[2011/01/27 20:20:59 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Azureus
[2008/08/03 16:52:25 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/06/26 19:52:18 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\funkitron
[2007/08/22 15:38:15 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\IMVU
[2007/03/11 09:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Leadertech
[2008/09/06 19:18:57 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\MSNInstaller
[2009/09/27 10:29:11 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\muvee Technologies
[2009/11/14 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\OpenOffice.org
[2007/09/08 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\PeerNetworking
[2009/02/19 19:51:07 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Publish Providers
[2009/02/19 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Sony
[2010/09/01 14:01:48 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\ssorgatem productions
[2011/10/27 18:38:06 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\SYSTEMAX Software Development
[2007/05/26 12:59:35 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\Template
[2010/12/30 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\WeatherBug
[2007/03/10 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\WildTangent
[2007/06/18 11:55:38 | 000,000,000 | ---D | M] -- C:\Users\Bart\AppData\Roaming\WinBatch
[2011/12/24 12:13:02 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/24 16:18:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0E5265CB-FFF2-48B6-B37B-92B00DD1D364}.job
[2011/12/24 16:15:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8579A225-5DF0-46B9-8D1D-784429172A3E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/12/15 10:10:48 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/12/15 09:49:33 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/12/23 21:28:28 | 000,015,759 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/10/16 05:01:52 | 000,000,064 | ---- | M] () -- C:\FINIS_IT.TXT
[2007/03/18 09:10:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/02 15:11:38 | 000,000,067 | -H-- | M] () -- C:\IPH.PH
[2011/12/22 10:35:27 | 000,100,864 | ---- | M] (GMER) -- C:\kwdirfog.sys
[2007/03/18 09:10:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/24 12:16:34 | 3801,886,720 | -HS- | M] () -- C:\pagefile.sys
[2008/03/10 23:29:01 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log
[2010/09/26 11:41:02 | 000,000,235 | ---- | M] () -- C:\SSPPPoE.log
[2011/12/22 09:52:17 | 000,002,832 | ---- | M] () -- C:\{CF793C22-80E3-4EE8-98A4-4F61870B589F}

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/20 20:03:39 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 03:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006/09/18 09:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\d1600npc.dll
[2006/09/18 09:57:22 | 000,019,456 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\DELR1pc.dll
[2008/01/19 01:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
 
< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/11/09 17:42:33 | 000,001,674 | -H-- | M] () -- C:\Users\Bart\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2008/06/26 20:37:47 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2011/08/16 12:08:31 | 000,040,647 | ---- | M] () -- C:\Program Files\RMPly00.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/14 18:52:51 | 000,000,286 | -HS- | M] () -- C:\Users\Bart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/07/07 16:21:31 | 000,270,142 | ---- | M] () -- C:\Users\Bart\Desktop\Minecraft.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/05/14 18:57:16 | 000,001,964 | ---- | M] () -- C:\Users\Bart\Favorites\Blue Coat K9 Web Protection Admin.lnk
[2007/09/01 13:45:52 | 000,000,402 | -HS- | M] () -- C:\Users\Bart\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/23 23:06:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\MouseVerifierPolicy.dll
[2011/12/21 18:34:23 | 000,131,157 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[1998/09/02 02:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 517 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - [2011/06/24 16:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 517 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back