Inactive [A] Security Center problems

Status
Not open for further replies.
F

frogpelt

Posts: 33   +0
This computer is having problems with Security Center--Windows Firewall won't stay on and such--logs below.
==========================================

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Gregory :: GREGORY-PC [administrator]

1/3/2012 7:11:38 PM
mbam-log-2012-01-03 (19-11-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 167240
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Gregory\Downloads\IWON.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\Users\Gregory\Downloads\MyFunCards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

(end)


================================================


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-03 21:34:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 WDC_WD32 rev.01.0
Running: 6ih6etp7.exe; Driver: C:\Users\Gregory\AppData\Local\Temp\uftirfod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\tdx \Device\Ip pctgntdi.sys

AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\tdx \Device\Tcp pctgntdi.sys

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\tdx \Device\Udp pctgntdi.sys

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\tdx \Device\RawIp pctgntdi.sys

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


================================================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Gregory at 21:49:56 on 2012-01-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1885 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 66.0.32.14 66.0.60.9
TCP: Interfaces\{991D29E9-7AB4-4AC9-B62E-766F8E352A3B} : DhcpNameServer = 66.0.32.14 66.0.60.9
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gregory\appdata\roaming\mozilla\firefox\profiles\an480fdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gregory\appdata\local\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\users\gregory\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\gregory\appdata\roaming\move networks\plugins\npqmp071705000014.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-3 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-3 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-3 251560]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-3-31 81920]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-12-11 43912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-3 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-3 297752]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-1-3 160576]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2012-1-3 286000]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-3-31 27648]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-1-3 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-1-3 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-1-3 125248]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-1-3 57536]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-04 02:58:29 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-04 02:58:29 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-04 02:58:27 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-04 02:58:27 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-01-04 02:57:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-01-04 02:57:36 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-01-04 02:57:36 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-01-04 02:57:36 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-01-04 02:43:21 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc530d8-de6d-4590-be2e-f7f68be75344}\offreg.dll
2012-01-04 01:08:35 -------- d-----w- c:\users\gregory\appdata\roaming\Malwarebytes
2012-01-04 01:08:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-04 01:08:04 -------- d-----w- c:\programdata\Malwarebytes
2012-01-04 01:08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 08:25:02 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc530d8-de6d-4590-be2e-f7f68be75344}\mpengine.dll
2012-01-03 01:45:38 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-03 01:45:38 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-03 01:45:38 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-03 01:45:38 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2011-12-19 23:50:57 -------- d-----w- c:\program files\iPod
2011-12-19 23:50:56 -------- d-----w- c:\program files\iTunes
2011-12-15 02:24:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 02:24:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 02:24:10 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:24:09 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 02:24:09 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:23:49 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:23:47 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 21:50:12.41 ===============



================================================


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 3/31/2009 3:45:24 PM
System Uptime: 1/3/2012 8:43:05 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 2662/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 185.514 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.577 GiB free.
E: is CDROM ()
F: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP823: 12/2/2011 1:53:05 AM - Windows Update
RP824: 12/6/2011 1:52:38 AM - Windows Update
RP825: 12/8/2011 1:07:17 AM - Windows Update
RP826: 12/9/2011 1:52:31 AM - Windows Update
RP827: 12/11/2011 1:56:58 AM - Scheduled Checkpoint
RP828: 12/13/2011 1:34:35 AM - Windows Update
RP829: 12/15/2011 3:00:14 AM - Windows Update
RP830: 12/16/2011 2:20:00 AM - Windows Update
RP831: 12/17/2011 5:06:58 PM - Scheduled Checkpoint
RP832: 12/20/2011 7:06:22 PM - Windows Update
RP833: 12/22/2011 12:42:54 AM - Scheduled Checkpoint
RP834: 12/23/2011 1:37:46 AM - Windows Update
RP835: 12/27/2011 2:28:33 AM - Windows Update
RP836: 12/30/2011 2:28:43 AM - Windows Update
RP837: 1/2/2012 7:38:02 PM - Installed Java(TM) 6 Update 30
RP838: 1/2/2012 8:02:02 PM - Windows Update
RP839: 1/3/2012 2:24:38 AM - Windows Update
RP840: 1/3/2012 8:57:46 PM - Device Driver Package Install: PC Tools Network Service
RP841: 1/3/2012 8:58:41 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.7
Amazon MP3 Downloader 1.0.10
Amazon Unbox Video
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
AVG 8.5
BearShare
Bing Bar
Bonjour
Business Tools Launcher
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CCleaner (remove only)
Choice Guard
Cisco Connect
Clifford Phonics
Compatibility Pack for the 2007 Office system
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dragon Tales
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 30
JumpStart Animal Adventures
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MotoHelper 2.0.24 Driver 4.7.1
MotoHelper MergeModules
Motorola Mobile Drivers Installation 4.7.1
Move Media Player
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nancy Drew: The Phantom of Venice
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
PC Tools Firewall Plus 7.0
Personal Entertainment Launcher
PowerDVD
Product Support Launcher
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scholastic's I SPY Junior
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skins
Sonic CinePlayer Decoder Pack
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VZAccess Manager
WebEx
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WModem Driver Installer
Yahoo! BrowserPlus 2.6.0
Yahoo! Install Manager
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 9:58:15 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 0024E8020F90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/31/2011 9:48:48 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
12/31/2011 11:56:08 PM, Error: EventLog [6008] - The previous system shutdown at 11:54:32 PM on 12/31/2011 was unexpected.
12/31/2011 10:51:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:49:27 PM on 12/31/2011 was unexpected.
12/31/2011 10:45:39 PM, Error: EventLog [6008] - The previous system shutdown at 10:41:22 PM on 12/31/2011 was unexpected.
1/3/2012 8:55:38 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
1/3/2012 8:44:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
1/3/2012 8:12:47 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
1/3/2012 1:28:14 PM, Error: EventLog [6008] - The previous system shutdown at 1:21:34 PM on 1/3/2012 was unexpected.
1/3/2012 1:22:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service.
1/1/2012 2:43:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
1/1/2012 2:43:32 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/1/2012 2:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR & ComboFix

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-05 21:32:02
-----------------------------
21:32:02.672 OS Version: Windows 6.0.6002 Service Pack 2
21:32:02.672 Number of processors: 2 586 0x170A
21:32:02.672 ComputerName: GREGORY-PC UserName: Gregory
21:32:52.391 Initialize success
21:42:13.561 AVAST engine defs: 12010501
21:44:09.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
21:44:09.672 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
21:44:09.672 Disk 0 MBR read successfully
21:44:09.688 Disk 0 MBR scan
21:44:09.688 Disk 0 Windows VISTA default MBR code
21:44:09.688 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
21:44:09.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
21:44:09.719 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294941 MB offset 21100544
21:44:09.719 Disk 0 scanning sectors +625139712
21:44:09.859 Disk 0 scanning C:\Windows\system32\drivers
21:44:25.631 Service scanning
21:44:26.707 Modules scanning
21:44:31.325 Disk 0 trace - called modules:
21:44:31.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:44:31.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862dfac8]
21:44:31.840 3 CLASSPNP.SYS[8a7a08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8513a028]
21:44:33.088 AVAST engine scan C:\Windows
21:44:35.225 AVAST engine scan C:\Windows\system32
21:47:46.715 AVAST engine scan C:\Windows\system32\drivers
21:47:57.887 AVAST engine scan C:\Users\Gregory
21:49:08.165 Disk 0 MBR has been saved successfully to "C:\Users\Gregory\Documents\MBR.dat"
21:49:08.165 The log file has been saved successfully to "C:\Users\Gregory\Documents\aswMBR.txt"






==========================================


ComboFix 12-01-05.04 - Gregory 01/05/2012 22:02:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2172 [GMT -6:00]
Running from: c:\users\Gregory\Desktop\ComboFix.exe
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 04:07 . 2012-01-06 04:07 -------- d-----w- c:\users\Gregory\AppData\Local\temp
2012-01-06 04:07 . 2012-01-06 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-06 03:57 . 2012-01-06 03:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC530D8-DE6D-4590-BE2E-F7F68BE75344}\offreg.dll
2012-01-04 02:58 . 2011-03-02 18:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-01-04 02:58 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-01-04 02:58 . 2011-03-24 18:39 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-01-04 02:58 . 2011-01-17 15:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-01-04 02:57 . 2011-01-17 14:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-01-04 02:57 . 2011-01-12 16:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-01-04 02:57 . 2010-07-08 14:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2012-01-04 02:57 . 2010-02-05 14:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-01-04 02:52 . 2012-01-06 04:00 -------- d-----w- c:\users\Admin
2012-01-04 01:08 . 2012-01-04 01:08 -------- d-----w- c:\users\Gregory\AppData\Roaming\Malwarebytes
2012-01-04 01:08 . 2012-01-04 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-04 01:08 . 2012-01-04 01:08 -------- d-----w- c:\programdata\Malwarebytes
2012-01-04 01:08 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 08:25 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC530D8-DE6D-4590-BE2E-F7F68BE75344}\mpengine.dll
2012-01-03 01:45 . 2012-01-03 01:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-03 01:45 . 2012-01-03 01:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-03 01:45 . 2012-01-03 01:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-03 01:45 . 2012-01-03 01:45 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-03 01:39 . 2012-01-03 01:39 -------- d-----w- c:\program files\Common Files\Java
2011-12-19 23:50 . 2011-12-19 23:50 -------- d-----w- c:\program files\iPod
2011-12-19 23:50 . 2011-12-19 23:51 -------- d-----w- c:\program files\iTunes
2011-12-15 02:24 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 02:24 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 02:24 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:24 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:24 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 02:23 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 11:54 . 2011-05-14 19:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-01-03 01:45 . 2011-05-07 16:04 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-06 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-01 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 66.0.32.14 66.0.60.9
FF - ProfilePath - c:\users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UnityWebPlayer - c:\users\Gregory\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 22:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{96f71649-e994-4483-a123-fe39ce76101f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10020054
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{991d29e9-7ab4-4ac9-b62e-766f8e352a3b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0024e8
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dfe5ca46-dcf3-475f-86ba-7dc883c9435c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001372
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Completion time: 2012-01-05 22:08:41
ComboFix-quarantined-files.txt 2012-01-06 04:08
.
Pre-Run: 198,760,480,768 bytes free
Post-Run: 199,566,893,056 bytes free
.
- - End Of File - - 9B515F38032490C29021886EF33322E3
 
All looks clean.

What are the current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 1/5/2012 10:53:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gregory\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.63% Memory free
6.20 Gb Paging File | 5.12 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 185.50 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.56 Gb Free Space | 45.65% Space Free | Partition Type: NTFS

Computer Name: GREGORY-PC | User Name: Gregory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/05 22:51:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2010/12/11 18:24:33 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/03/04 12:00:56 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/19 00:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/08/19 00:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2008/07/20 15:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 15:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 20:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/02 20:39:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2012/01/02 20:39:55 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2011/10/12 13:09:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/12 13:07:59 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/12 13:07:46 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/12 13:07:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/12 13:06:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/12 13:06:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2009/03/31 18:56:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/03/31 18:56:57 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/03/31 18:56:57 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/03/31 18:56:57 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:57 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/03/31 18:56:57 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:57 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:51 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:51 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:51 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/03/31 18:56:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/03/31 18:56:50 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/03/31 18:56:50 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/03/31 18:56:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/03/31 18:56:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/03/31 18:56:50 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/03/31 18:56:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/03/31 18:56:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/03/31 18:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/03/31 18:56:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/03/31 18:56:47 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009/03/31 18:56:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/03/31 18:56:46 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/03/31 18:56:46 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/03/31 18:56:46 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/03/31 18:56:46 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/03/31 18:56:46 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/03/31 18:56:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/03/31 18:56:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/03/31 18:56:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/03/31 18:56:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/03/31 18:56:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/03/31 18:56:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/03/31 18:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/03/31 18:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/03/31 18:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009/03/31 18:56:45 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/03/31 18:56:45 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll
MOD - [2009/03/31 18:56:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/03/31 18:56:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/03/31 18:56:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/03/31 18:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/05/23 00:00:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2010/12/11 18:24:33 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/03/04 12:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/08/19 00:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008/07/20 15:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/05 14:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/08/19 01:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/19 01:02:56 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/05/23 00:00:48 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/05/23 00:00:48 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gregory\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gregory\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Gregory\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/05 22:11:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 19:45:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/28 17:17:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Gregory\AppData\Roaming\Move Networks [2010/01/10 15:22:20 | 000,000,000 | ---D | M]

[2009/04/03 19:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Extensions
[2012/01/05 20:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions
[2010/04/26 21:57:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/12 22:04:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/18 21:04:22 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions\vshareus@toolbar
[2010/10/18 21:04:30 | 000,001,599 | ---- | M] () -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\searchplugins\web-search.xml
[2012/01/02 19:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/05 22:11:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\GREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AN480FDJ.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\GREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AN480FDJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/02 19:45:38 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 20:22:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.0.32.14 66.0.60.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{991D29E9-7AB4-4AC9-B62E-766F8E352A3B}: DhcpNameServer = 66.0.32.14 66.0.60.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gregory\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gregory\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 22:51:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe
[2012/01/05 22:11:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/01/05 22:11:28 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/01/05 22:11:28 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/01/05 22:11:28 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/01/05 22:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/05 22:11:27 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/01/05 22:11:27 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/01/05 22:11:01 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/01/05 22:11:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/05 22:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/05 22:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/05 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\Gregory\AppData\Local\temp
[2012/01/05 22:08:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/05 21:59:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/05 21:59:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/05 21:59:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/05 21:59:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/05 21:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/05 21:50:45 | 004,372,321 | R--- | C] (Swearware) -- C:\Users\Gregory\Desktop\ComboFix.exe
[2012/01/05 21:39:45 | 000,000,000 | ---D | C] -- C:\Users\Gregory\Desktop\TechSpot
[2012/01/05 21:30:45 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Gregory\Desktop\aswMBR.exe
[2012/01/03 20:58:29 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/01/03 20:58:29 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/01/03 20:58:27 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/01/03 20:58:27 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/01/03 20:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Firewall Plus
[2012/01/03 20:57:36 | 000,125,248 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/01/03 20:57:36 | 000,089,472 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/01/03 20:57:36 | 000,057,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis.sys
[2012/01/03 20:57:36 | 000,032,808 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/01/03 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Gregory\AppData\Roaming\Malwarebytes
[2012/01/03 19:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/03 19:08:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/03 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/03 19:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/02 19:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/19 17:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/19 17:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/19 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/01/05 22:51:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe
[2012/01/05 22:11:28 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/05 22:11:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/05 22:03:39 | 004,819,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/05 22:03:39 | 001,569,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/05 21:57:34 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2012/01/05 21:57:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/01/05 21:57:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 21:57:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 21:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 21:57:16 | 3220,164,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 21:51:30 | 004,372,321 | R--- | M] (Swearware) -- C:\Users\Gregory\Desktop\ComboFix.exe
[2012/01/05 21:49:08 | 000,000,512 | ---- | M] () -- C:\Users\Gregory\Desktop\MBR.dat
[2012/01/05 21:31:35 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Gregory\Desktop\aswMBR.exe
[2012/01/03 20:43:28 | 000,006,836 | ---- | M] () -- C:\Users\Gregory\AppData\Local\d3d9caps.dat
[2012/01/01 14:43:34 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/31 23:12:53 | 000,073,216 | ---- | M] () -- C:\Users\Gregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 17:51:37 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/19 17:40:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/19 17:40:56 | 000,001,854 | ---- | M] () -- C:\Users\Gregory\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/15 03:21:30 | 000,282,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========
 
Otl 2

[2012/01/05 22:11:28 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/05 21:59:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/05 21:59:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/05 21:59:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/05 21:59:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/05 21:59:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/05 21:49:08 | 000,000,512 | ---- | C] () -- C:\Users\Gregory\Desktop\MBR.dat
[2011/12/19 17:51:37 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/06 14:59:38 | 000,000,129 | ---- | C] () -- C:\Windows\ka.ini
[2011/11/05 15:04:40 | 000,000,000 | ---- | C] () -- C:\Windows\PhantomOfVenice.INI
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/17 17:58:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 17:58:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/06 21:52:56 | 000,005,456 | ---- | C] () -- C:\Users\Gregory\AppData\Roaming\wklnhst.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/16 16:11:15 | 000,073,216 | ---- | C] () -- C:\Users\Gregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/03 19:01:23 | 000,006,836 | ---- | C] () -- C:\Users\Gregory\AppData\Local\d3d9caps.dat
[2009/03/31 22:39:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/03/31 22:39:49 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/31 22:39:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/31 22:39:49 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/03/31 22:39:49 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/03/31 22:39:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/03/31 22:39:43 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2009/03/31 22:37:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/31 14:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,282,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 004,819,310 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 001,569,324 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/04 09:56:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCToolsFirewallPlus
[2010/11/13 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\Amazon
[2012/01/03 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\PCToolsFirewallPlus
[2011/05/07 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\School Zone Preferences
[2009/08/06 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\Template
[2010/01/07 12:02:39 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\Unity
[2012/01/05 21:57:34 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2012/01/05 21:56:07 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/07/19 20:58:57 | 000,006,129 | ---- | M] () -- C:\0x0409.ini
[2010/07/19 20:59:00 | 001,896,960 | ---- | M] () -- C:\Amazon Unbox Video.msi
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/01/05 22:08:41 | 000,009,460 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/03/31 22:39:56 | 000,005,066 | RH-- | M] () -- C:\dell.sdr
[2012/01/05 21:57:16 | 3220,164,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 16:14:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/21 09:43:48 | 000,000,279 | -H-- | M] () -- C:\IPH.PH
[2010/08/19 16:14:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/05 21:57:15 | 3533,774,848 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/07 17:05:20 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 03:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2008/12/04 20:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >
[2010/07/19 21:14:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\IsolatedStorage\spirpqbp.50k\h3ab2slg.lue\Url.baos234cgu3y3glozyjwicytydpaxc2n\Url.x3upfl5pwc2qpjifbyrh04mtwz3rn4cm\Files\bak

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/17 19:10:59 | 000,000,286 | -HS- | M] () -- C:\Users\Gregory\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/11/16 09:31:21 | 000,173,247 | ---- | M] () -- C:\Users\Gregory\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Trio1.png

< %USERPROFILE%\Desktop\*.exe >
[2012/01/05 21:31:35 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Gregory\Desktop\aswMBR.exe
[2012/01/05 21:51:30 | 004,372,321 | R--- | M] (Swearware) -- C:\Users\Gregory\Desktop\ComboFix.exe
[2012/01/05 22:51:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/10/07 22:29:58 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2009/10/07 22:29:28 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/04/02 18:14:18 | 000,000,402 | -HS- | M] () -- C:\Users\Gregory\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2009/09/14 20:58:11 | 000,000,000 | ---D | M](C:\Users\Gregory\Favorites\?Usorted Bookmarks) -- C:\Users\Gregory\Favorites\臸Ǔsorted Bookmarks

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >
 
Extras

OTL Extras logfile created on: 1/5/2012 10:53:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gregory\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.63% Memory free
6.20 Gb Paging File | 5.12 Gb Available in Paging File | 82.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.03 Gb Total Space | 185.50 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.56 Gb Free Space | 45.65% Space Free | Partition Type: NTFS

Computer Name: GREGORY-PC | User Name: Gregory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03B25762-461B-22C8-9AF0-170F3D749061}" = Catalyst Control Center Graphics Previews Vista
"{03BF49A6-A643-A836-0732-2467E9A6B911}" = Catalyst Control Center Localization Korean
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AC7F464-85E9-337D-B100-DC178C14A699}" = Catalyst Control Center Core Implementation
"{0BC1B842-C298-99E6-D0A8-FA3B33A07C5C}" = Catalyst Control Center Localization German
"{0BF215E3-C97F-7BF3-96D0-9C7D3F5FF9B4}" = Catalyst Control Center Localization Chinese Traditional
"{0D1303D7-3918-3014-E119-33DBB649BE86}" = Catalyst Control Center Localization Spanish
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{138BF761-BFAA-29BB-B755-91262DE91A19}" = ccc-core-static
"{1505D9B1-6037-4310-815A-4D8A212C5075}" = Nancy Drew: The Phantom of Venice
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{162981A5-050A-3DDA-2477-49724E334DEF}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
"{276B965A-AC01-955C-E678-C8D25C58A42B}" = Catalyst Control Center Graphics Previews Common
"{2B83C858-A352-1E5D-0052-C326C815F3C4}" = CCC Help Japanese
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{5370D92F-CF5A-4A38-DE84-151F9F58BCB2}" = Catalyst Control Center Localization Italian
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{56CDA83B-BC0B-A4A7-BD48-1176A6C97033}" = Catalyst Control Center Graphics Light
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63EB4545-0CB5-35FE-D20C-F8E6995703F3}" = Catalyst Control Center Localization French
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712A51A2-68F2-17D2-E3EB-C199DA0E0BE0}" = Catalyst Control Center Localization Portuguese
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88477E65-A679-2CAE-645A-5073ED86715B}" = CCC Help Portuguese
"{88DCB080-7A56-5697-4407-21BD03DCE401}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AC7ACAD-10E5-E7F4-481A-29C4C8B19990}" = Catalyst Control Center Graphics Full Existing
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99D8CE0E-20C7-3761-5F90-0E1329A55824}" = CCC Help Hungarian
"{9C2F79E2-4B21-E840-CF5B-FF1EE52E5B9F}" = Catalyst Control Center Localization Chinese Standard
"{A029AD64-F8F2-09AD-E29B-623B4BBF872C}" = CCC Help French
"{A09B8374-BD00-63EB-9616-E624A44EF877}" = CCC Help German
"{A28D08AE-3FBD-EBDB-BA28-CE719F699E48}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3111537-BA7A-C129-1E6B-E2C77DCA3AD2}" = CCC Help Italian
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
"{B2050314-D2DF-6589-E155-5E4E8F8AB3D4}" = Catalyst Control Center Localization Turkish
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2112C02-1BCA-A86F-F6E1-264CCE43F451}" = CCC Help Chinese Traditional
"{C2D541C2-B516-B049-EC3F-41B7A8E1C72D}" = ccc-utility
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CDA2EBE1-999C-48FB-DF9A-81C789900BFF}" = CCC Help Turkish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D68F16A7-9447-8A92-7EF3-A4E26B2A95EE}" = CCC Help English
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE27264D-7CA0-3317-7192-C64F0B7D9AB3}" = Catalyst Control Center Localization Japanese
"{E044161D-75F5-3EC5-2BDA-42D106E602D2}" = CCC Help Korean
"{E112EC9E-B411-F3E0-EF02-C0D21C09F329}" = Catalyst Control Center Localization Hungarian
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EA778E78-0B7B-05AE-A72F-AF484D201DFB}" = Skins
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast" = avast! Free Antivirus
"BearShare" = BearShare
"CCleaner" = CCleaner (remove only)
"Cisco Connect" = Cisco Connect
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dragon Tales" = Dragon Tales
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"JumpStart Animal Adventures" = JumpStart Animal Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 1:58:06 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 1:58:06 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 2:00:45 AM | Computer Name = Gregory-PC | Source = LoadPerf | ID = 3012
Description =

Error - 1/1/2012 2:00:45 AM | Computer Name = Gregory-PC | Source = LoadPerf | ID = 3011
Description =

Error - 1/2/2012 5:54:08 PM | Computer Name = Gregory-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7b0 Start Time: 01ccc84a100304fb Termination Time: 16

Error - 1/2/2012 8:35:26 PM | Computer Name = Gregory-PC | Source = RasClient | ID = 20227
Description =

[ Media Center Events ]
Error - 4/28/2010 1:44:45 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/2/2010 1:43:45 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/2/2010 3:40:49 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/3/2010 1:44:37 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/6/2010 1:30:42 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/6/2010 3:36:23 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/7/2010 1:44:50 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/12/2010 1:41:12 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/12/2010 3:48:36 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/10/2011 1:15:19 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 1/4/2012 12:02:26 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 1/4/2012 8:16:44 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 1/4/2012 8:16:44 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/5/2012 11:55:52 PM | Computer Name = Gregory-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2012 11:57:30 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 1/5/2012 11:57:31 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 1/6/2012 12:01:33 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/6/2012 12:05:53 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/6/2012 12:07:29 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/6/2012 12:20:39 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
The issues were with the firewall getting turned off by itself and the internet was responding slowly.

Thought it might have been one of the fake Windows security viruses.

If you think its clean, I trust you.
 
OTL

The firewall appears to operating correctly.



================================================


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3134615 bytes
->FireFox cache emptied: 42209330 bytes
->Flash cache emptied: 42235 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gregory
->Temp folder emptied: 2289342 bytes
->Temporary Internet Files folder emptied: 42647042 bytes
->Java cache emptied: 9035256 bytes
->FireFox cache emptied: 244830937 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 2096 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6485728 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1008141 bytes

Total Files Cleaned = 335.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gregory
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_231804

Files\Folders moved on Reboot...
C:\Users\Gregory\AppData\Local\Temp\RarSFX0\h\explorer.exe moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
C:\Windows\temp\wbxtra_01052012_215729.wbt moved successfully.

Registry entries deleted on Reboot...
 
Checkup

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
PC Tools Firewall Plus 7.0
McAfee Security Scan Plus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Scholastic's I SPY Junior
CCleaner (remove only)
Java(TM) 6 Update 30
Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
PC Tools Firewall Plus FWService.exe
PC Tools Firewall Plus FirewallGUI.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
 
FSS

Farbar Service Scanner
Ran by Gregory (administrator) on 05-01-2012 at 23:28:50
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2009-09-17 17:57] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-17 17:58] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-09-17 17:58] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-09-17 17:58] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Broni said:
Uninstall McAfee Security Scan Plus, typical foistware.

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

===============================================================

You installed PC Tools firewall, so you don't need Windows firewall, but I can see some issues there.
Also, does system restore work fine?
Click to expand...

Haven't used System Restore. Do you have a suggestion for checking it?

I have no problem removing Pc Tools and using the default firewall if you think that is safer.
 
Removed McAfee.
Updated Flash.

ESET Scan results will have to wait until tomorrow.

Thanks for all your help, Broni. It's a big help!
 
No problem....

You installed PC Tools firewall, so you don't need Windows firewall, but I can see some issues there.
Also, does system restore work fine?
Click to expand...
....
 
ESET No threats found

The ESET scan revealed no threats.

I installed the Pc Tools Firewall because the Windows Firewall seemed to be having issues.

I'm not sure about System Restore.

Do you think the weird problems might have been related to having too many AV and firewall tools on the computer?
 
No.

Please check if you can create new restore point manually.

Then we'll try to fix your Windows firewall (just in case you need it in the future).

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.
Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
You'll find several files inside.
Double-click mpssvc.reg and confirm the prompt.
Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer, post new FSS log.
 
I WAS able to create a new system restore point.

==================================


Farbar Service Scanner
Ran by Gregory (administrator) on 06-01-2012 at 21:46:43
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2009-09-17 17:57] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-17 17:58] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-09-17 17:58] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-09-17 17:58] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 
Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download following registry key: http://www.filedropper.com/legacympssvc
Double-click legacy_mpssvc.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer, post new FSS log.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back