[A] Security Center problems

Inactive
By frogpelt
Jan 5, 2012
Topic Status:
Not open for further replies.
  1. This computer is having problems with Security Center--Windows Firewall won't stay on and such--logs below.
    ==========================================

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.03.05

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Gregory :: GREGORY-PC [administrator]

    1/3/2012 7:11:38 PM
    mbam-log-2012-01-03 (19-11-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 167240
    Time elapsed: 5 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Gregory\Downloads\IWON.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
    C:\Users\Gregory\Downloads\MyFunCards.exe (Adware.FunWeb) -> Quarantined and deleted successfully.

    (end)


    ================================================


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-03 21:34:23
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2 WDC_WD32 rev.01.0
    Running: 6ih6etp7.exe; Driver: C:\Users\Gregory\AppData\Local\Temp\uftirfod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\tdx \Device\Ip pctgntdi.sys

    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\tdx \Device\Tcp pctgntdi.sys

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\tdx \Device\Udp pctgntdi.sys

    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\tdx \Device\RawIp pctgntdi.sys

    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----


    ================================================


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Gregory at 21:49:56 on 2012-01-03
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1885 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
    SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\AERTSrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\PC Tools Firewall Plus\FWService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = Preserve
    uWindow Title = Internet Explorer provided by Dell
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 66.0.32.14 66.0.60.9
    TCP: Interfaces\{991D29E9-7AB4-4AC9-B62E-766F8E352A3B} : DhcpNameServer = 66.0.32.14 66.0.60.9
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    AppInit_DLLs: avgrsstx.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\gregory\appdata\roaming\mozilla\firefox\profiles\an480fdj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\gregory\appdata\local\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
    FF - plugin: c:\users\gregory\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\gregory\appdata\roaming\move networks\plugins\npqmp071705000014.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-3 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-3 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-3 108552]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-1-3 251560]
    R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-3-31 81920]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-12-11 43912]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-3 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-3 297752]
    R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
    R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-1-3 160576]
    R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2012-1-3 286000]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-3-31 27648]
    R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-1-3 89472]
    R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2012-1-3 57536]
    R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-1-3 125248]
    S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2012-1-3 57536]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-04 02:58:29 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-01-04 02:58:29 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-01-04 02:58:27 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-01-04 02:58:27 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-01-04 02:57:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2012-01-04 02:57:36 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2012-01-04 02:57:36 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2012-01-04 02:57:36 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2012-01-04 02:43:21 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc530d8-de6d-4590-be2e-f7f68be75344}\offreg.dll
    2012-01-04 01:08:35 -------- d-----w- c:\users\gregory\appdata\roaming\Malwarebytes
    2012-01-04 01:08:04 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-04 01:08:04 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-04 01:08:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-03 08:25:02 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{edc530d8-de6d-4590-be2e-f7f68be75344}\mpengine.dll
    2012-01-03 01:45:38 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-03 01:45:38 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-03 01:45:38 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-03 01:45:38 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    2011-12-19 23:50:57 -------- d-----w- c:\program files\iPod
    2011-12-19 23:50:56 -------- d-----w- c:\program files\iTunes
    2011-12-15 02:24:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 02:24:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-15 02:24:10 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 02:24:09 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-12-15 02:24:09 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 02:23:49 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 02:23:47 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2011-11-10 11:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 21:50:12.41 ===============



    ================================================


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/31/2009 3:45:24 PM
    System Uptime: 1/3/2012 8:43:05 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0P301D
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 2662/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 185.514 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.577 GiB free.
    E: is CDROM ()
    F: is CDROM (UDF)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP823: 12/2/2011 1:53:05 AM - Windows Update
    RP824: 12/6/2011 1:52:38 AM - Windows Update
    RP825: 12/8/2011 1:07:17 AM - Windows Update
    RP826: 12/9/2011 1:52:31 AM - Windows Update
    RP827: 12/11/2011 1:56:58 AM - Scheduled Checkpoint
    RP828: 12/13/2011 1:34:35 AM - Windows Update
    RP829: 12/15/2011 3:00:14 AM - Windows Update
    RP830: 12/16/2011 2:20:00 AM - Windows Update
    RP831: 12/17/2011 5:06:58 PM - Scheduled Checkpoint
    RP832: 12/20/2011 7:06:22 PM - Windows Update
    RP833: 12/22/2011 12:42:54 AM - Scheduled Checkpoint
    RP834: 12/23/2011 1:37:46 AM - Windows Update
    RP835: 12/27/2011 2:28:33 AM - Windows Update
    RP836: 12/30/2011 2:28:43 AM - Windows Update
    RP837: 1/2/2012 7:38:02 PM - Installed Java(TM) 6 Update 30
    RP838: 1/2/2012 8:02:02 PM - Windows Update
    RP839: 1/3/2012 2:24:38 AM - Windows Update
    RP840: 1/3/2012 8:57:46 PM - Device Driver Package Install: PC Tools Network Service
    RP841: 1/3/2012 8:58:41 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.7
    Amazon MP3 Downloader 1.0.10
    Amazon Unbox Video
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    AVG 8.5
    BearShare
    Bing Bar
    Bonjour
    Business Tools Launcher
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CCleaner (remove only)
    Choice Guard
    Cisco Connect
    Clifford Phonics
    Compatibility Pack for the 2007 Office system
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center
    Dragon Tales
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    JumpStart Animal Adventures
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.0.1800
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MotoHelper 2.0.24 Driver 4.7.1
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 4.7.1
    Move Media Player
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nancy Drew: The Phantom of Venice
    OGA Notifier 2.0.0048.0
    OLYMPUS Master 2
    PC Tools Firewall Plus 7.0
    Personal Entertainment Launcher
    PowerDVD
    Product Support Launcher
    QuickTime
    Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scholastic's I SPY Junior
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Skins
    Sonic CinePlayer Decoder Pack
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    VZAccess Manager
    WebEx
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WModem Driver Installer
    Yahoo! BrowserPlus 2.6.0
    Yahoo! Install Manager
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/31/2011 9:58:15 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.120 for the Network Card with network address 0024E8020F90 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    12/31/2011 9:48:48 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    12/31/2011 11:56:08 PM, Error: EventLog [6008] - The previous system shutdown at 11:54:32 PM on 12/31/2011 was unexpected.
    12/31/2011 10:51:42 PM, Error: EventLog [6008] - The previous system shutdown at 10:49:27 PM on 12/31/2011 was unexpected.
    12/31/2011 10:45:39 PM, Error: EventLog [6008] - The previous system shutdown at 10:41:22 PM on 12/31/2011 was unexpected.
    1/3/2012 8:55:38 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
    1/3/2012 8:44:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    1/3/2012 8:12:47 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    1/3/2012 1:28:14 PM, Error: EventLog [6008] - The previous system shutdown at 1:21:34 PM on 1/3/2012 was unexpected.
    1/3/2012 1:22:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service.
    1/1/2012 2:43:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/1/2012 2:43:32 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/1/2012 2:43:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    aswMBR & ComboFix

    aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-05 21:32:02
    -----------------------------
    21:32:02.672 OS Version: Windows 6.0.6002 Service Pack 2
    21:32:02.672 Number of processors: 2 586 0x170A
    21:32:02.672 ComputerName: GREGORY-PC UserName: Gregory
    21:32:52.391 Initialize success
    21:42:13.561 AVAST engine defs: 12010501
    21:44:09.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
    21:44:09.672 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    21:44:09.672 Disk 0 MBR read successfully
    21:44:09.688 Disk 0 MBR scan
    21:44:09.688 Disk 0 Windows VISTA default MBR code
    21:44:09.688 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    21:44:09.688 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
    21:44:09.719 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294941 MB offset 21100544
    21:44:09.719 Disk 0 scanning sectors +625139712
    21:44:09.859 Disk 0 scanning C:\Windows\system32\drivers
    21:44:25.631 Service scanning
    21:44:26.707 Modules scanning
    21:44:31.325 Disk 0 trace - called modules:
    21:44:31.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    21:44:31.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862dfac8]
    21:44:31.840 3 CLASSPNP.SYS[8a7a08b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8513a028]
    21:44:33.088 AVAST engine scan C:\Windows
    21:44:35.225 AVAST engine scan C:\Windows\system32
    21:47:46.715 AVAST engine scan C:\Windows\system32\drivers
    21:47:57.887 AVAST engine scan C:\Users\Gregory
    21:49:08.165 Disk 0 MBR has been saved successfully to "C:\Users\Gregory\Documents\MBR.dat"
    21:49:08.165 The log file has been saved successfully to "C:\Users\Gregory\Documents\aswMBR.txt"






    ==========================================


    ComboFix 12-01-05.04 - Gregory 01/05/2012 22:02:53.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2172 [GMT -6:00]
    Running from: c:\users\Gregory\Desktop\ComboFix.exe
    FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-06 04:07 . 2012-01-06 04:07 -------- d-----w- c:\users\Gregory\AppData\Local\temp
    2012-01-06 04:07 . 2012-01-06 04:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-06 03:57 . 2012-01-06 03:57 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC530D8-DE6D-4590-BE2E-F7F68BE75344}\offreg.dll
    2012-01-04 02:58 . 2011-03-02 18:40 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-01-04 02:58 . 2010-03-29 17:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-01-04 02:58 . 2011-03-24 18:39 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
    2012-01-04 02:58 . 2011-01-17 15:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-01-04 02:57 . 2011-01-17 14:11 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
    2012-01-04 02:57 . 2011-01-12 16:36 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
    2012-01-04 02:57 . 2010-07-08 14:49 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
    2012-01-04 02:57 . 2010-02-05 14:26 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
    2012-01-04 02:52 . 2012-01-06 04:00 -------- d-----w- c:\users\Admin
    2012-01-04 01:08 . 2012-01-04 01:08 -------- d-----w- c:\users\Gregory\AppData\Roaming\Malwarebytes
    2012-01-04 01:08 . 2012-01-04 01:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-04 01:08 . 2012-01-04 01:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-04 01:08 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-03 08:25 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDC530D8-DE6D-4590-BE2E-F7F68BE75344}\mpengine.dll
    2012-01-03 01:45 . 2012-01-03 01:45 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-01-03 01:45 . 2012-01-03 01:45 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-01-03 01:45 . 2012-01-03 01:45 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-01-03 01:45 . 2012-01-03 01:45 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-01-03 01:39 . 2012-01-03 01:39 -------- d-----w- c:\program files\Common Files\Java
    2011-12-19 23:50 . 2011-12-19 23:50 -------- d-----w- c:\program files\iPod
    2011-12-19 23:50 . 2011-12-19 23:51 -------- d-----w- c:\program files\iTunes
    2011-12-15 02:24 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-15 02:24 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-15 02:24 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 02:24 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 02:24 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-12-15 02:23 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 02:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-10 11:54 . 2011-05-14 19:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-24 20:29 . 2011-10-24 20:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 20:29 . 2011-10-24 20:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-01-03 01:45 . 2011-05-07 16:04 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-26 95632]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-11-26 54672]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-06 c:\windows\Tasks\RtlNICDiagVistaStart.job
    - c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-01 07:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 66.0.32.14 66.0.60.9
    FF - ProfilePath - c:\users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-UnityWebPlayer - c:\users\Gregory\AppData\Local\Unity\WebPlayer\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-05 22:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{96f71649-e994-4483-a123-fe39ce76101f}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:10020054
    "Dhcpv6State"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{991d29e9-7ab4-4ac9-b62e-766f8e352a3b}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0f0024e8
    "Dhcpv6State"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:07001422
    "Dhcpv6State"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0c001422
    "Dhcpv6State"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dfe5ca46-dcf3-475f-86ba-7dc883c9435c}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0f001372
    "Dhcpv6State"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:06001422
    "Dhcpv6State"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0e001422
    "Dhcpv6State"=dword:00000000
    .
    Completion time: 2012-01-05 22:08:41
    ComboFix-quarantined-files.txt 2012-01-06 04:08
    .
    Pre-Run: 198,760,480,768 bytes free
    Post-Run: 199,566,893,056 bytes free
    .
    - - End Of File - - 9B515F38032490C29021886EF33322E3
  4. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    NOTE: I installed avast in place of AVG since I had to uninstall AVG for ComboFix to run.
  5. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    All looks clean.

    What are the current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  6. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    OTL logfile created on: 1/5/2012 10:53:06 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gregory\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.63% Memory free
    6.20 Gb Paging File | 5.12 Gb Available in Paging File | 82.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.03 Gb Total Space | 185.50 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.56 Gb Free Space | 45.65% Space Free | Partition Type: NTFS

    Computer Name: GREGORY-PC | User Name: Gregory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/05 22:51:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe
    PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/04/07 14:23:34 | 002,672,600 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    PRC - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
    PRC - [2010/12/11 18:24:33 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    PRC - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    PRC - [2010/03/04 12:00:56 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/08/19 00:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/08/19 00:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
    PRC - [2008/07/20 15:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/07/20 15:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/05/23 12:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2008/01/20 20:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/02 20:39:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/02 20:39:55 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
    MOD - [2011/10/12 13:09:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/12 13:07:59 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/12 13:07:46 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/10/12 13:07:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/10/12 13:06:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/12 13:06:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/09/07 10:47:08 | 000,664,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    MOD - [2009/03/31 18:56:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3054.18645__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
    MOD - [2009/03/31 18:56:57 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3054.18653__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
    MOD - [2009/03/31 18:56:57 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3054.18924__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
    MOD - [2009/03/31 18:56:57 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3054.18608__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:57 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3054.18668__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
    MOD - [2009/03/31 18:56:57 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3054.18882__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:57 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3054.18837__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3054.18782__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3054.18630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:51 | 000,442,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:51 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3054.18848__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3054.18932__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:51 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3054.18855__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
    MOD - [2009/03/31 18:56:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3054.18623__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:51 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3054.18846__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3054.18793__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3054.18683__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3054.18785__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3054.18777__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3054.18632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3054.18871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
    MOD - [2009/03/31 18:56:50 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3054.18676__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3054.18814__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MOD - [2009/03/31 18:56:50 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3054.18792__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3054.18783__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3054.18690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3054.18791__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3054.18812__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3054.18827__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MOD - [2009/03/31 18:56:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3005.17490__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
    MOD - [2009/03/31 18:56:50 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3005.17473__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
    MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3005.17516__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
    MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3005.17562__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
    MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3005.17512__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
    MOD - [2009/03/31 18:56:50 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3005.17563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
    MOD - [2009/03/31 18:56:50 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
    MOD - [2009/03/31 18:56:49 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3005.17541__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3005.17468__90ba9c70f846762e\CLI.Foundation.dll
    MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3005.17493__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3005.17540__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3005.17536__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
    MOD - [2009/03/31 18:56:49 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3005.17535__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3005.17539__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3005.17465__90ba9c70f846762e\LOG.Foundation.dll
    MOD - [2009/03/31 18:56:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3005.17506__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3005.17466__90ba9c70f846762e\NEWAEM.Foundation.dll
    MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3005.17608__90ba9c70f846762e\CLI.Foundation.XManifest.dll
    MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3005.17531__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3005.17537__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3005.17514__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3005.17518__90ba9c70f846762e\DEM.OS.I0602.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3005.17496__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3005.17491__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3005.17479__90ba9c70f846762e\CLI.Component.Client.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3005.17522__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3005.17511__90ba9c70f846762e\APM.Foundation.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3005.17510__90ba9c70f846762e\MOM.Foundation.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3005.17517__90ba9c70f846762e\DEM.OS.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3005.17519__90ba9c70f846762e\DEM.Graphics.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3005.17488__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3005.17530__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3005.17521__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
    MOD - [2009/03/31 18:56:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3005.17489__90ba9c70f846762e\AEM.Server.Shared.dll
    MOD - [2009/03/31 18:56:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3054.18949__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
    MOD - [2009/03/31 18:56:47 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3054.18964__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
    MOD - [2009/03/31 18:56:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
    MOD - [2009/03/31 18:56:46 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3054.18617__90ba9c70f846762e\CLI.Component.Dashboard.dll
    MOD - [2009/03/31 18:56:46 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3054.18639__90ba9c70f846762e\CLI.Component.Wizard.dll
    MOD - [2009/03/31 18:56:46 | 000,417,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3054.18900__90ba9c70f846762e\CLI.Component.Systemtray.dll
    MOD - [2009/03/31 18:56:46 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3054.18910__90ba9c70f846762e\MOM.Implementation.dll
    MOD - [2009/03/31 18:56:46 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3054.18907__90ba9c70f846762e\LOG.Foundation.Implementation.dll
    MOD - [2009/03/31 18:56:46 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3054.18597__90ba9c70f846762e\CLI.Component.Runtime.dll
    MOD - [2009/03/31 18:56:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3005.17514__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3005.17475__90ba9c70f846762e\CLI.Foundation.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3005.17499__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3005.17484__90ba9c70f846762e\LOG.Foundation.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3005.17513__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3005.17511__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3005.17508__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
    MOD - [2009/03/31 18:56:46 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3005.17481__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
    MOD - [2009/03/31 18:56:45 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3054.18598__90ba9c70f846762e\ATIDEMOS.dll
    MOD - [2009/03/31 18:56:45 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3054.18594__90ba9c70f846762e\APM.Server.dll
    MOD - [2009/03/31 18:56:45 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3054.18596__90ba9c70f846762e\AEM.Server.dll
    MOD - [2009/03/31 18:56:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3054.18909__90ba9c70f846762e\CCC.Implementation.dll
    MOD - [2009/03/31 18:56:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
    MOD - [2009/03/31 18:56:45 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3005.17542__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MOD - [2008/05/23 00:00:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/01/24 13:23:14 | 000,286,000 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
    SRV - [2010/12/11 18:24:33 | 000,043,912 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
    SRV - [2010/03/04 12:00:56 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
    SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2008/08/19 00:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
    SRV - [2008/07/20 15:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 11:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2011/03/02 12:40:54 | 000,160,576 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
    DRV - [2011/01/17 09:10:26 | 000,251,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2011/01/17 08:11:12 | 000,125,248 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
    DRV - [2011/01/12 10:36:22 | 000,089,472 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
    DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdisMP)
    DRV - [2010/07/08 08:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctNdis.sys -- (pctNdis)
    DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/11/05 14:35:25 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2009/05/25 15:43:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
    DRV - [2008/08/19 01:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
    DRV - [2008/08/19 01:02:56 | 000,027,648 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV - [2008/05/23 00:00:48 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2008/05/23 00:00:48 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
    FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: vshareus@toolbar:1.0.0
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Gregory\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Gregory\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Gregory\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/05 22:11:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 19:45:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/28 17:17:58 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Gregory\AppData\Roaming\Move Networks [2010/01/10 15:22:20 | 000,000,000 | ---D | M]

    [2009/04/03 19:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Extensions
    [2012/01/05 20:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions
    [2010/04/26 21:57:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/12/12 22:04:59 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/10/18 21:04:22 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\extensions\vshareus@toolbar
    [2010/10/18 21:04:30 | 000,001,599 | ---- | M] () -- C:\Users\Gregory\AppData\Roaming\Mozilla\Firefox\Profiles\an480fdj.default\searchplugins\web-search.xml
    [2012/01/02 19:45:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/05 22:11:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    () (No name found) -- C:\USERS\GREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AN480FDJ.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
    () (No name found) -- C:\USERS\GREGORY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AN480FDJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/01/02 19:45:38 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/13 20:22:50 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.0.32.14 66.0.60.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{991D29E9-7AB4-4AC9-B62E-766F8E352A3B}: DhcpNameServer = 66.0.32.14 66.0.60.9
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Gregory\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Gregory\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/05 22:51:28 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe
    [2012/01/05 22:11:28 | 000,314,456 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/01/05 22:11:28 | 000,052,952 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/01/05 22:11:28 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/01/05 22:11:28 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/01/05 22:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/01/05 22:11:27 | 000,435,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/01/05 22:11:27 | 000,055,128 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/01/05 22:11:01 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/01/05 22:11:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/01/05 22:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/05 22:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/05 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\Gregory\AppData\Local\temp
    [2012/01/05 22:08:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/05 21:59:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/05 21:59:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/05 21:59:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/05 21:59:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/05 21:58:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/05 21:50:45 | 004,372,321 | R--- | C] (Swearware) -- C:\Users\Gregory\Desktop\ComboFix.exe
    [2012/01/05 21:39:45 | 000,000,000 | ---D | C] -- C:\Users\Gregory\Desktop\TechSpot
    [2012/01/05 21:30:45 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Gregory\Desktop\aswMBR.exe
    [2012/01/03 20:58:29 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
    [2012/01/03 20:58:29 | 000,160,576 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
    [2012/01/03 20:58:27 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
    [2012/01/03 20:58:27 | 000,105,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
    [2012/01/03 20:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Firewall Plus
    [2012/01/03 20:57:36 | 000,125,248 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
    [2012/01/03 20:57:36 | 000,089,472 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
    [2012/01/03 20:57:36 | 000,057,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis.sys
    [2012/01/03 20:57:36 | 000,032,808 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
    [2012/01/03 19:08:35 | 000,000,000 | ---D | C] -- C:\Users\Gregory\AppData\Roaming\Malwarebytes
    [2012/01/03 19:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/03 19:08:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/03 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/03 19:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/02 19:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2011/12/19 17:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/19 17:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/19 17:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

    ========== Files - Modified Within 30 Days ==========

    [2012/01/05 22:51:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe
    [2012/01/05 22:11:28 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/05 22:11:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/01/05 22:03:39 | 004,819,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/05 22:03:39 | 001,569,324 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/05 21:57:34 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
    [2012/01/05 21:57:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2012/01/05 21:57:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/05 21:57:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/05 21:57:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/05 21:57:16 | 3220,164,608 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/05 21:51:30 | 004,372,321 | R--- | M] (Swearware) -- C:\Users\Gregory\Desktop\ComboFix.exe
    [2012/01/05 21:49:08 | 000,000,512 | ---- | M] () -- C:\Users\Gregory\Desktop\MBR.dat
    [2012/01/05 21:31:35 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Gregory\Desktop\aswMBR.exe
    [2012/01/03 20:43:28 | 000,006,836 | ---- | M] () -- C:\Users\Gregory\AppData\Local\d3d9caps.dat
    [2012/01/01 14:43:34 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/12/31 23:12:53 | 000,073,216 | ---- | M] () -- C:\Users\Gregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/19 17:51:37 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/19 17:40:56 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011/12/19 17:40:56 | 000,001,854 | ---- | M] () -- C:\Users\Gregory\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/12/15 03:21:30 | 000,282,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========
  7. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Otl 1

    ...double post
  8. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Otl 2

    [2012/01/05 22:11:28 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/05 21:59:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/05 21:59:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/05 21:59:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/05 21:59:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/05 21:59:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/05 21:49:08 | 000,000,512 | ---- | C] () -- C:\Users\Gregory\Desktop\MBR.dat
    [2011/12/19 17:51:37 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/06 14:59:38 | 000,000,129 | ---- | C] () -- C:\Windows\ka.ini
    [2011/11/05 15:04:40 | 000,000,000 | ---- | C] () -- C:\Windows\PhantomOfVenice.INI
    [2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/09/17 17:58:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/09/17 17:58:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/06 21:52:56 | 000,005,456 | ---- | C] () -- C:\Users\Gregory\AppData\Roaming\wklnhst.dat
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/05/16 16:11:15 | 000,073,216 | ---- | C] () -- C:\Users\Gregory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/03 19:01:23 | 000,006,836 | ---- | C] () -- C:\Users\Gregory\AppData\Local\d3d9caps.dat
    [2009/03/31 22:39:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2009/03/31 22:39:49 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2009/03/31 22:39:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2009/03/31 22:39:49 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2009/03/31 22:39:49 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
    [2009/03/31 22:39:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
    [2009/03/31 22:39:43 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
    [2009/03/31 22:37:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2009/03/31 14:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,282,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 004,819,310 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 001,569,324 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2012/01/04 09:56:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCToolsFirewallPlus
    [2010/11/13 20:42:28 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\Amazon
    [2012/01/03 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\PCToolsFirewallPlus
    [2011/05/07 14:38:58 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\School Zone Preferences
    [2009/08/06 21:53:15 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\Template
    [2010/01/07 12:02:39 | 000,000,000 | ---D | M] -- C:\Users\Gregory\AppData\Roaming\Unity
    [2012/01/05 21:57:34 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
    [2012/01/05 21:56:07 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/07/19 20:58:57 | 000,006,129 | ---- | M] () -- C:\0x0409.ini
    [2010/07/19 20:59:00 | 001,896,960 | ---- | M] () -- C:\Amazon Unbox Video.msi
    [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2012/01/05 22:08:41 | 000,009,460 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2009/03/31 22:39:56 | 000,005,066 | RH-- | M] () -- C:\dell.sdr
    [2012/01/05 21:57:16 | 3220,164,608 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/19 16:14:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/08/21 09:43:48 | 000,000,279 | -H-- | M] () -- C:\IPH.PH
    [2010/08/19 16:14:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/01/05 21:57:15 | 3533,774,848 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/07 17:05:20 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 03:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
    [2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 12:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2008/12/04 20:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >
    [2010/07/19 21:14:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\IsolatedStorage\spirpqbp.50k\h3ab2slg.lue\Url.baos234cgu3y3glozyjwicytydpaxc2n\Url.x3upfl5pwc2qpjifbyrh04mtwz3rn4cm\Files\bak

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/17 19:10:59 | 000,000,286 | -HS- | M] () -- C:\Users\Gregory\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/11/16 09:31:21 | 000,173,247 | ---- | M] () -- C:\Users\Gregory\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Trio1.png

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/05 21:31:35 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Gregory\Desktop\aswMBR.exe
    [2012/01/05 21:51:30 | 004,372,321 | R--- | M] (Swearware) -- C:\Users\Gregory\Desktop\ComboFix.exe
    [2012/01/05 22:51:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gregory\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/10/07 22:29:58 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2009/10/07 22:29:28 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2009/10/07 22:29:28 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/02 18:14:18 | 000,000,402 | -HS- | M] () -- C:\Users\Gregory\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2009/09/14 20:58:11 | 000,000,000 | ---D | M](C:\Users\Gregory\Favorites\?Usorted Bookmarks) -- C:\Users\Gregory\Favorites\臸Ǔsorted Bookmarks

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29

    < End of report >
  9. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Extras

    OTL Extras logfile created on: 1/5/2012 10:53:06 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gregory\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.63% Memory free
    6.20 Gb Paging File | 5.12 Gb Available in Paging File | 82.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 288.03 Gb Total Space | 185.50 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 4.56 Gb Free Space | 45.65% Space Free | Partition Type: NTFS

    Computer Name: GREGORY-PC | User Name: Gregory | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{03B25762-461B-22C8-9AF0-170F3D749061}" = Catalyst Control Center Graphics Previews Vista
    "{03BF49A6-A643-A836-0732-2467E9A6B911}" = Catalyst Control Center Localization Korean
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0AC7F464-85E9-337D-B100-DC178C14A699}" = Catalyst Control Center Core Implementation
    "{0BC1B842-C298-99E6-D0A8-FA3B33A07C5C}" = Catalyst Control Center Localization German
    "{0BF215E3-C97F-7BF3-96D0-9C7D3F5FF9B4}" = Catalyst Control Center Localization Chinese Traditional
    "{0D1303D7-3918-3014-E119-33DBB649BE86}" = Catalyst Control Center Localization Spanish
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{138BF761-BFAA-29BB-B755-91262DE91A19}" = ccc-core-static
    "{1505D9B1-6037-4310-815A-4D8A212C5075}" = Nancy Drew: The Phantom of Venice
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{162981A5-050A-3DDA-2477-49724E334DEF}" = CCC Help Spanish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 30
    "{276B965A-AC01-955C-E678-C8D25C58A42B}" = Catalyst Control Center Graphics Previews Common
    "{2B83C858-A352-1E5D-0052-C326C815F3C4}" = CCC Help Japanese
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
    "{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
    "{5370D92F-CF5A-4A38-DE84-151F9F58BCB2}" = Catalyst Control Center Localization Italian
    "{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
    "{56CDA83B-BC0B-A4A7-BD48-1176A6C97033}" = Catalyst Control Center Graphics Light
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{63EB4545-0CB5-35FE-D20C-F8E6995703F3}" = Catalyst Control Center Localization French
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{712A51A2-68F2-17D2-E3EB-C199DA0E0BE0}" = Catalyst Control Center Localization Portuguese
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
    "{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{88477E65-A679-2CAE-645A-5073ED86715B}" = CCC Help Portuguese
    "{88DCB080-7A56-5697-4407-21BD03DCE401}" = Catalyst Control Center Graphics Full New
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8AC7ACAD-10E5-E7F4-481A-29C4C8B19990}" = Catalyst Control Center Graphics Full Existing
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{99D8CE0E-20C7-3761-5F90-0E1329A55824}" = CCC Help Hungarian
    "{9C2F79E2-4B21-E840-CF5B-FF1EE52E5B9F}" = Catalyst Control Center Localization Chinese Standard
    "{A029AD64-F8F2-09AD-E29B-623B4BBF872C}" = CCC Help French
    "{A09B8374-BD00-63EB-9616-E624A44EF877}" = CCC Help German
    "{A28D08AE-3FBD-EBDB-BA28-CE719F699E48}" = CCC Help Chinese Standard
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3111537-BA7A-C129-1E6B-E2C77DCA3AD2}" = CCC Help Italian
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.7
    "{B2050314-D2DF-6589-E155-5E4E8F8AB3D4}" = Catalyst Control Center Localization Turkish
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C2112C02-1BCA-A86F-F6E1-264CCE43F451}" = CCC Help Chinese Traditional
    "{C2D541C2-B516-B049-EC3F-41B7A8E1C72D}" = ccc-utility
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CDA2EBE1-999C-48FB-DF9A-81C789900BFF}" = CCC Help Turkish
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D68F16A7-9447-8A92-7EF3-A4E26B2A95EE}" = CCC Help English
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DE27264D-7CA0-3317-7192-C64F0B7D9AB3}" = Catalyst Control Center Localization Japanese
    "{E044161D-75F5-3EC5-2BDA-42D106E602D2}" = CCC Help Korean
    "{E112EC9E-B411-F3E0-EF02-C0D21C09F329}" = Catalyst Control Center Localization Hungarian
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
    "{EA778E78-0B7B-05AE-A72F-AF484D201DFB}" = Skins
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "avast" = avast! Free Antivirus
    "BearShare" = BearShare
    "CCleaner" = CCleaner (remove only)
    "Cisco Connect" = Cisco Connect
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dragon Tales" = Dragon Tales
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
    "JumpStart Animal Adventures" = JumpStart Animal Adventures
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MotoHelper" = MotoHelper 2.0.24 Driver 4.7.1
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
    "Scholastic's I SPY Junior" = Scholastic's I SPY Junior
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-148765549-2298540005-3797498417-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/1/2012 1:58:06 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2012 1:58:06 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2012 1:58:07 AM | Computer Name = Gregory-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/1/2012 2:00:45 AM | Computer Name = Gregory-PC | Source = LoadPerf | ID = 3012
    Description =

    Error - 1/1/2012 2:00:45 AM | Computer Name = Gregory-PC | Source = LoadPerf | ID = 3011
    Description =

    Error - 1/2/2012 5:54:08 PM | Computer Name = Gregory-PC | Source = Application Hang | ID = 1002
    Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 7b0 Start Time: 01ccc84a100304fb Termination Time: 16

    Error - 1/2/2012 8:35:26 PM | Computer Name = Gregory-PC | Source = RasClient | ID = 20227
    Description =

    [ Media Center Events ]
    Error - 4/28/2010 1:44:45 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/2/2010 1:43:45 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/2/2010 3:40:49 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/3/2010 1:44:37 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/6/2010 1:30:42 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/6/2010 3:36:23 PM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/7/2010 1:44:50 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/12/2010 1:41:12 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/12/2010 3:48:36 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 8/10/2011 1:15:19 AM | Computer Name = Gregory-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 1/4/2012 12:02:26 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 1/4/2012 8:16:44 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 1/4/2012 8:16:44 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/5/2012 11:55:52 PM | Computer Name = Gregory-PC | Source = DCOM | ID = 10010
    Description =

    Error - 1/5/2012 11:57:30 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 1/5/2012 11:57:31 PM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 1/6/2012 12:01:33 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/6/2012 12:05:53 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/6/2012 12:07:29 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 1/6/2012 12:20:39 AM | Computer Name = Gregory-PC | Source = Service Control Manager | ID = 7024
    Description =


    < End of report >
  10. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    I can't proceed.
    You didn't say:
  11. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Sry. Everything appears to be good to me.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-148765549-2298540005-3797498417-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  13. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    The issues were with the firewall getting turned off by itself and the internet was responding slowly.

    Thought it might have been one of the fake Windows security viruses.

    If you think its clean, I trust you.
  14. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Please read my previous reply.

    Does Windows firewall stay on now?
  15. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    OTL

    The firewall appears to operating correctly.



    ================================================


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_USERS\S-1-5-21-148765549-2298540005-3797498417-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
    ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 3134615 bytes
    ->FireFox cache emptied: 42209330 bytes
    ->Flash cache emptied: 42235 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Gregory
    ->Temp folder emptied: 2289342 bytes
    ->Temporary Internet Files folder emptied: 42647042 bytes
    ->Java cache emptied: 9035256 bytes
    ->FireFox cache emptied: 244830937 bytes
    ->Apple Safari cache emptied: 16384 bytes
    ->Flash cache emptied: 2096 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6485728 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1008141 bytes

    Total Files Cleaned = 335.00 mb


    [EMPTYFLASH]

    User: Admin
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Gregory
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01052012_231804

    Files\Folders moved on Reboot...
    C:\Users\Gregory\AppData\Local\Temp\RarSFX0\h\explorer.exe moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
    C:\Windows\temp\wbxtra_01052012_215729.wbt moved successfully.

    Registry entries deleted on Reboot...
  16. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Checkup

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    avast! Free Antivirus
    PC Tools Firewall Plus 7.0
    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Scholastic's I SPY Junior
    CCleaner (remove only)
    Java(TM) 6 Update 30
    Adobe Flash Player ( 10.3.181.34) Flash Player Out of Date!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    PC Tools Firewall Plus FWService.exe
    PC Tools Firewall Plus FirewallGUI.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
  17. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    FSS

    Farbar Service Scanner
    Ran by Gregory (administrator) on 05-01-2012 at 23:28:50
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll
    [2009-09-17 17:57] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

    C:\Windows\system32\cryptsvc.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  18. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Uninstall McAfee Security Scan Plus, typical foistware.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===============================================================

    You installed PC Tools firewall, so you don't need Windows firewall, but I can see some issues there.
    Also, does system restore work fine?
  19. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Haven't used System Restore. Do you have a suggestion for checking it?

    I have no problem removing Pc Tools and using the default firewall if you think that is safer.
  20. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    Removed McAfee.
    Updated Flash.

    ESET Scan results will have to wait until tomorrow.

    Thanks for all your help, Broni. It's a big help!
  21. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    No problem....

    ....
  22. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    ESET No threats found

    The ESET scan revealed no threats.

    I installed the Pc Tools Firewall because the Windows Firewall seemed to be having issues.

    I'm not sure about System Restore.

    Do you think the weird problems might have been related to having too many AV and firewall tools on the computer?
  23. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    No.

    Please check if you can create new restore point manually.

    Then we'll try to fix your Windows firewall (just in case you need it in the future).

    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.
    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    You'll find several files inside.
    Double-click mpssvc.reg and confirm the prompt.
    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer, post new FSS log.
  24. frogpelt

    frogpelt Newcomer, in training Topic Starter Posts: 33

    I WAS able to create a new system restore point.

    ==================================


    Farbar Service Scanner
    Ran by Gregory (administrator) on 06-01-2012 at 21:46:43
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll
    [2009-09-17 17:57] - [2009-04-11 00:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

    C:\Windows\system32\es.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

    C:\Windows\system32\cryptsvc.dll
    [2009-09-17 17:58] - [2009-04-11 00:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.

    Download following registry key: http://www.filedropper.com/legacympssvc
    Double-click legacy_mpssvc.reg and confirm the prompt.

    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

    Restart computer, post new FSS log.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.