Solved Browser has been Hijacked - Get Re-Directed HijackThis Log Attached

OMD · Jun 16, 2011

2011/06/16 22:41:14.0172 3300 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/16 22:41:14.0670 3300 ================================================================================
2011/06/16 22:41:14.0671 3300 SystemInfo:
2011/06/16 22:41:14.0671 3300
2011/06/16 22:41:14.0671 3300 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/16 22:41:14.0671 3300 Product type: Workstation
2011/06/16 22:41:14.0671 3300 ComputerName: MATT-PC
2011/06/16 22:41:14.0671 3300 UserName: matt
2011/06/16 22:41:14.0671 3300 Windows directory: C:\Windows
2011/06/16 22:41:14.0671 3300 System windows directory: C:\Windows
2011/06/16 22:41:14.0671 3300 Processor architecture: Intel x86
2011/06/16 22:41:14.0671 3300 Number of processors: 1
2011/06/16 22:41:14.0671 3300 Page size: 0x1000
2011/06/16 22:41:14.0671 3300 Boot type: Normal boot
2011/06/16 22:41:14.0671 3300 ================================================================================
2011/06/16 22:41:15.0156 3300 Initialize success
2011/06/16 22:41:32.0797 7424 ================================================================================
2011/06/16 22:41:32.0797 7424 Scan started
2011/06/16 22:41:32.0797 7424 Mode: Manual;
2011/06/16 22:41:32.0797 7424 ================================================================================
2011/06/16 22:41:33.0296 7424 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/16 22:41:33.0398 7424 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/16 22:41:33.0468 7424 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/16 22:41:33.0578 7424 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/16 22:41:33.0660 7424 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/16 22:41:33.0750 7424 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/16 22:41:33.0912 7424 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/06/16 22:41:34.0002 7424 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/16 22:41:34.0072 7424 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/06/16 22:41:34.0202 7424 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/16 22:41:34.0314 7424 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/06/16 22:41:34.0374 7424 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/16 22:41:34.0484 7424 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/16 22:41:34.0534 7424 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/16 22:41:34.0594 7424 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
2011/06/16 22:41:34.0726 7424 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/16 22:41:34.0858 7424 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
2011/06/16 22:41:34.0948 7424 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/06/16 22:41:35.0078 7424 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/06/16 22:41:35.0178 7424 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/16 22:41:35.0238 7424 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/16 22:41:35.0298 7424 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/16 22:41:35.0418 7424 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/16 22:41:35.0540 7424 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/16 22:41:35.0610 7424 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/16 22:41:35.0670 7424 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/16 22:41:35.0760 7424 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/16 22:41:35.0800 7424 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/16 22:41:35.0945 7424 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys
2011/06/16 22:41:36.0116 7424 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/06/16 22:41:36.0214 7424 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/06/16 22:41:36.0296 7424 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/06/16 22:41:36.0366 7424 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/16 22:41:36.0466 7424 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/16 22:41:36.0556 7424 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/16 22:41:36.0627 7424 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/16 22:41:36.0688 7424 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/06/16 22:41:36.0738 7424 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/16 22:41:36.0778 7424 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/16 22:41:36.0818 7424 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/16 22:41:36.0878 7424 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/16 22:41:37.0152 7424 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/16 22:41:37.0222 7424 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/16 22:41:37.0310 7424 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/16 22:41:37.0384 7424 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/06/16 22:41:37.0534 7424 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/16 22:41:37.0604 7424 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/16 22:41:37.0727 7424 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/06/16 22:41:37.0768 7424 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/16 22:41:37.0888 7424 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/16 22:41:37.0968 7424 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/16 22:41:38.0070 7424 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/06/16 22:41:38.0240 7424 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/06/16 22:41:38.0302 7424 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/06/16 22:41:38.0404 7424 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
2011/06/16 22:41:38.0444 7424 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/06/16 22:41:38.0494 7424 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/06/16 22:41:38.0664 7424 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/06/16 22:41:38.0728 7424 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/16 22:41:38.0910 7424 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/06/16 22:41:39.0142 7424 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/16 22:41:39.0240 7424 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/16 22:41:39.0386 7424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/06/16 22:41:39.0426 7424 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/06/16 22:41:39.0496 7424 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/16 22:41:39.0608 7424 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/06/16 22:41:39.0690 7424 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/06/16 22:41:39.0740 7424 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/16 22:41:39.0830 7424 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/06/16 22:41:39.0900 7424 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/06/16 22:41:40.0010 7424 fssfltr (574cea4d3510ec905c0163c42d305ba5) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/06/16 22:41:40.0082 7424 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/16 22:41:40.0142 7424 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/16 22:41:40.0202 7424 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/16 22:41:40.0312 7424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/16 22:41:40.0424 7424 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/16 22:41:40.0544 7424 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/16 22:41:40.0584 7424 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/16 22:41:40.0634 7424 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/16 22:41:40.0704 7424 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/16 22:41:40.0794 7424 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/16 22:41:40.0896 7424 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/16 22:41:40.0986 7424 HSF_DP (0f5ed510a6c361420bc319e0cf96c1dc) C:\Windows\system32\DRIVERS\HSX_DP.sys
2011/06/16 22:41:41.0076 7424 HSXHWBS2 (186c11d0ca0e53b1ee266633b9d8b393) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
2011/06/16 22:41:41.0178 7424 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/06/16 22:41:41.0228 7424 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/16 22:41:41.0320 7424 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/16 22:41:41.0412 7424 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/06/16 22:41:41.0544 7424 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/16 22:41:41.0666 7424 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/16 22:41:41.0788 7424 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/16 22:41:41.0908 7424 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/16 22:41:42.0014 7424 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/16 22:41:42.0090 7424 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/06/16 22:41:42.0170 7424 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/06/16 22:41:42.0270 7424 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/16 22:41:42.0352 7424 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/16 22:41:42.0422 7424 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/16 22:41:42.0472 7424 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/16 22:41:42.0564 7424 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/16 22:41:42.0664 7424 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/16 22:41:42.0836 7424 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/16 22:41:42.0968 7424 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/16 22:41:43.0035 7424 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/16 22:41:43.0080 7424 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/16 22:41:43.0130 7424 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/16 22:41:43.0292 7424 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/06/16 22:41:43.0402 7424 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/16 22:41:43.0532 7424 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/16 22:41:43.0584 7424 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/16 22:41:43.0644 7424 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/16 22:41:43.0736 7424 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/06/16 22:41:43.0786 7424 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/16 22:41:43.0908 7424 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/16 22:41:43.0980 7424 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/16 22:41:44.0030 7424 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/06/16 22:41:44.0080 7424 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/16 22:41:44.0170 7424 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/16 22:41:44.0220 7424 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/16 22:41:44.0350 7424 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/16 22:41:44.0442 7424 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/16 22:41:44.0482 7424 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/16 22:41:44.0542 7424 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/16 22:41:44.0612 7424 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/16 22:41:44.0764 7424 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/06/16 22:41:44.0846 7424 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/16 22:41:44.0886 7424 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/16 22:41:44.0978 7424 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/16 22:41:45.0028 7424 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/16 22:41:45.0158 7424 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/06/16 22:41:45.0230 7424 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/06/16 22:41:45.0282 7424 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/16 22:41:45.0321 7424 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/06/16 22:41:45.0372 7424 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/16 22:41:45.0432 7424 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/06/16 22:41:45.0512 7424 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/16 22:41:45.0672 7424 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/06/16 22:41:45.0759 7424 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/16 22:41:45.0821 7424 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/16 22:41:45.0884 7424 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/16 22:41:45.0944 7424 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/16 22:41:46.0034 7424 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/06/16 22:41:46.0134 7424 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/16 22:41:46.0194 7424 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/16 22:41:46.0288 7424 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/16 22:41:46.0460 7424 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/06/16 22:41:46.0542 7424 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/16 22:41:46.0634 7424 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/06/16 22:41:46.0714 7424 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/06/16 22:41:46.0834 7424 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/06/16 22:41:47.0143 7424 nvlddmkm (8b75f652726a2ba3197860f300514e3f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/16 22:41:47.0420 7424 NVNET (5bf9c11586f4764446407f509f1beca8) C:\Windows\system32\DRIVERS\nvmf6232.sys
2011/06/16 22:41:47.0520 7424 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/06/16 22:41:47.0590 7424 nvrd32 (049e81b6fb41c73619ed3fe4df7d8638) C:\Windows\system32\DRIVERS\nvrd32.sys
2011/06/16 22:41:47.0630 7424 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/06/16 22:41:47.0690 7424 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/06/16 22:41:47.0760 7424 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/16 22:41:47.0810 7424 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/16 22:41:47.0959 7424 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/06/16 22:41:48.0074 7424 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/06/16 22:41:48.0124 7424 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/16 22:41:48.0184 7424 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/06/16 22:41:48.0234 7424 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/16 22:41:48.0274 7424 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/16 22:41:48.0334 7424 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/06/16 22:41:48.0414 7424 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/06/16 22:41:48.0668 7424 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/16 22:41:48.0760 7424 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/06/16 22:41:48.0882 7424 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
2011/06/16 22:41:48.0962 7424 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/16 22:41:49.0025 7424 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/16 22:41:49.0144 7424 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/16 22:41:49.0296 7424 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/16 22:41:49.0388 7424 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/16 22:41:49.0438 7424 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/16 22:41:49.0538 7424 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/16 22:41:49.0597 7424 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/16 22:41:49.0750 7424 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/16 22:41:49.0822 7424 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/16 22:41:49.0862 7424 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/16 22:41:49.0922 7424 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/16 22:41:49.0992 7424 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/16 22:41:50.0054 7424 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/16 22:41:50.0206 7424 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/16 22:41:50.0278 7424 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/06/16 22:41:50.0338 7424 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/06/16 22:41:50.0440 7424 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/16 22:41:50.0540 7424 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/16 22:41:50.0672 7424 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/16 22:41:50.0794 7424 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/16 22:41:50.0876 7424 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/16 22:41:50.0926 7424 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/06/16 22:41:50.0966 7424 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/16 22:41:51.0068 7424 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/16 22:41:51.0158 7424 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/16 22:41:51.0198 7424 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/16 22:41:51.0248 7424 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/16 22:41:51.0328 7424 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/06/16 22:41:51.0400 7424 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/16 22:41:51.0500 7424 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/16 22:41:51.0644 7424 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/06/16 22:41:51.0734 7424 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/06/16 22:41:51.0824 7424 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/06/16 22:41:51.0886 7424 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/16 22:41:51.0986 7424 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/16 22:41:52.0076 7424 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/16 22:41:52.0156 7424 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/16 22:41:52.0298 7424 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/06/16 22:41:52.0480 7424 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/16 22:41:52.0572 7424 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/16 22:41:52.0637 7424 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/06/16 22:41:52.0684 7424 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/06/16 22:41:52.0744 7424 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/16 22:41:52.0784 7424 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/16 22:41:52.0986 7424 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/16 22:41:53.0068 7424 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/16 22:41:53.0134 7424 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/16 22:41:53.0200 7424 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/16 22:41:53.0272 7424 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/16 22:41:53.0412 7424 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/16 22:41:53.0452 7424 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/16 22:41:53.0544 7424 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/16 22:41:53.0644 7424 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/06/16 22:41:53.0776 7424 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
2011/06/16 22:41:53.0826 7424 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/16 22:41:53.0876 7424 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/16 22:41:53.0939 7424 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/16 22:41:54.0010 7424 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/16 22:41:54.0130 7424 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/16 22:41:54.0242 7424 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/16 22:41:54.0302 7424 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/06/16 22:41:54.0372 7424 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/06/16 22:41:54.0504 7424 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/16 22:41:54.0584 7424 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/16 22:41:54.0663 7424 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/06/16 22:41:54.0706 7424 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/16 22:41:54.0788 7424 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/06/16 22:41:54.0838 7424 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/06/16 22:41:54.0898 7424 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/16 22:41:54.0968 7424 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/16 22:41:55.0050 7424 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/06/16 22:41:55.0090 7424 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/16 22:41:55.0100 7424 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/06/16 22:41:55.0110 7424 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/16 22:41:55.0212 7424 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/16 22:41:55.0334 7424 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/06/16 22:41:55.0404 7424 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/06/16 22:41:55.0534 7424 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/06/16 22:41:55.0634 7424 VX3000 (42870675b4d84acd81a9da69b83f14c5) C:\Windows\system32\DRIVERS\VX3000.sys
2011/06/16 22:41:55.0778 7424 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/16 22:41:55.0918 7424 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 22:41:55.0948 7424 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/16 22:41:56.0052 7424 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/06/16 22:41:56.0102 7424 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/16 22:41:56.0224 7424 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/16 22:41:56.0264 7424 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/06/16 22:41:56.0386 7424 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/16 22:41:56.0548 7424 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/06/16 22:41:56.0604 7424 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/16 22:41:56.0752 7424 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/16 22:41:56.0864 7424 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/06/16 22:41:56.0924 7424 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/16 22:41:56.0994 7424 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/06/16 22:41:57.0170 7424 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/16 22:41:57.0186 7424 ================================================================================
2011/06/16 22:41:57.0186 7424 Scan finished
2011/06/16 22:41:57.0186 7424 ================================================================================
2011/06/16 22:41:57.0216 7796 Detected object count: 1
2011/06/16 22:41:57.0216 7796 Actual detected object count: 1
2011/06/16 22:42:12.0764 7796 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/16 22:42:12.0764 7796 Suspicious file (Forged): C:\Windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/06/16 22:42:13.0101 7796 Backup copy found, using it..
2011/06/16 22:42:13.0112 7796 C:\Windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/06/16 22:42:13.0112 7796 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/16 22:42:21.0648 7244 Deinitialize success

Broni · Jun 16, 2011

Please, re-run RKUnhooker one more time.

How is IE issue?

OMD · Jun 16, 2011

Broni said:
Please, re-run RKUnhooker one more time.

How is IE issue?

I will run that right now. I did check and no instances of IE running. As for doing a search and being re-directed.....I'm scared lol. Haven't tried that one yet - hold on

Broni · Jun 16, 2011

Let me know.....

OMD · Jun 16, 2011

that one looks good

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #1
==============================================
>Drivers
==============================================
0x82023000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9506816 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 191.07 )
0x82E19000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82E19000 PnpManager 4259840 bytes
0x82E19000 RAW 4259840 bytes
0x82E19000 WMIxWDM 4259840 bytes
0x91626000 C:\Windows\system32\drivers\RTKVHDA.sys 2740224 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x978B0000 Win32k 2404352 bytes
0x978B0000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B222000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8AE19000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x82A83000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8C401000 C:\Windows\system32\DRIVERS\athrusb.sys 921600 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x82936000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B03D000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x91403000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x8386A000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9F000000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9195A000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8392A000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x90424000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8AF86000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x9056B000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9F126000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9F0D7000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82A03000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x90F44000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83A99000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90E8E000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x839A9000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x83B9C000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C586000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x914E4000 C:\Windows\system32\DRIVERS\nvmf6232.sys 282624 bytes (NVIDIA Corporation, NVIDIA MCP Networking Function Driver.)
0x82BAA000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83828000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x90E07000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B39C000 C:\Windows\system32\drivers\tsk939D.tmp 258048 bytes
0x8B0F4000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8B1B6000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x90F0B000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x8C521000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x83229000 ACPI_HAL 225280 bytes
0x83229000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x83A00000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x82A4F000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B184000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x90539000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B36B000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x918C3000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B157000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x90F8F000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8AF48000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83A43000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83B2E000 C:\Windows\system32\drivers\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B132000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x83B5C000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x90FBB000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x915A2000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9F0A1000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x90ED8000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x904AE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9F178000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B000000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x914C5000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x83B0F000 C:\Windows\system32\drivers\nvraid.sys 126976 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
0x905D1000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97B40000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9192C000 C:\Windows\System32\Drivers\dump_nvstor32.sys 118784 bytes
0x83B7F000 C:\Windows\system32\DRIVERS\nvstor32.sys 118784 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x8C506000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x90FDE000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8C55C000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x919DF000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x918F2000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x90E68000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x91529000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9157F000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x915C4000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x915DC000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x82B85000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x9050D000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x8C4ED000 C:\Windows\system32\drivers\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x83AF9000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x83915000 C:\Windows\system32\drivers\19168218.sys 86016 bytes
0x8AF73000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8C5DC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90400000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9156D000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x90EF9000 C:\Windows\system32\DRIVERS\amdk8.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x91600000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8B200000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x91949000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83BEC000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x82BEE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83A78000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8380F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8C576000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B3E3000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x8C5CC000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90413000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x83A89000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x82000000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x90E80000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x905F0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x904FF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x83AEB000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8AFE3000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x82B9C000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8399B000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x91560000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x91915000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91553000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x914B8000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x91541000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9F0C2000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x904CF000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x90E5C000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x904A2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x83804000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x8C4E2000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x904F4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91597000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x90524000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83A6D000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x9052F000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x91922000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x9190B000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x90E52000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x90E48000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x9F097000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x829ED000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x83BE3000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0xA9A97000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x83B53000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xA9AA0000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8AFF1000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8AE10000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x97B10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x839F1000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83820000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B3F3000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BAE000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x83A3B000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x904DC000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x904E4000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x904EC000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B3DB000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9F0CF000 C:\Windows\system32\DRIVERS\XAudio32.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9049B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90494000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x83AE4000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x905CA000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8200F000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x905C5000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x9154E000 C:\Windows\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)
0x8C5EF000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8C559000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x82934000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 191.07 )
0x915F3000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8C504000 C:\Windows\system32\drivers\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================

Broni · Jun 16, 2011

Perfect!

How is redirection, before I go to check your OTL logs?

OMD · Jun 16, 2011

ok I checked the processes - only have one instance of IE open, but it shows 2 - one using roughly 7,000k mem and the other 75,000k mem. So that still looks like an issue.

I did a search and am no longer (for now) being re directed. So that is a good thing.

What about the multiple instances?

OMD · Jun 16, 2011

after closing the IE window.....both instances went away. So not sure if that is normal or not, but never knew it to do that before. I will leave this be for a few and see if they mysteriously pop up....but the search is working fine now

Broni · Jun 16, 2011

Starting with IE8, when you open IE, it'll run two iexplore.exe processes from the get go.
It's normal. Each new tab will produce another iexplore.exe process.
As long, as they're not running with IE CLOSED, you're fine.

Good news!

Let me check your OTL logs now.
Hold on....

OMD · Jun 16, 2011

Broni said:
Starting with IE8, when you open IE, it'll run two iexplore.exe processes from the get go.
It's normal. Each new tab will produce another iexplore.exe process.
As long, as they're not running with IE CLOSED, you're fine.

Good news!

Let me check your OTL logs now.
Hold on....

yep I was thinking that it opened two in the processes because after I would close the one IE window, they both would shut down. I will check it a little later to make sure they don't fire up on their own.

So, if I am clear after this mess, is AVAST all I really need to be somewhat safe? Or should I have something else too or also?

Broni · Jun 16, 2011

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

===================================================================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4df42492&i=23&tp=ab&nt=1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-2834837877-3431995649-1172067647-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O15 - HKU\S-1-5-21-2834837877-3431995649-1172067647-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2011/06/05 06:26:13 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~24043256r
[2011/06/05 06:26:13 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~24043256
[2011/06/05 06:26:06 | 000,000,392 | -H-- | C] () -- C:\ProgramData\24043256


:Services

:Reg

:Files
C:\Program Files\AskTBar

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

OMD · Jun 16, 2011

can this step wait til tomorrow? It is 1130pm and need to really get to bed. If not, I will do it now but would rather do it tomorrow.

I totally appreciate you doing this. I know you do it because you love to combat this mess that goes on, but also because you are a very giving person. I realize I am not the first one with this issue and won't be the last. I also realize that you probably cut and paste most of the steps for me to follow. But the sheer fact that you take the time to look at the messed up files and get people out of these messes is a testament to your amazing character! I know you probably deal with many people that probably don't have a clue. I'm just thankful that I stumbled into you. You are a good man (well I am only assuming you are a male).

Broni · Jun 16, 2011

You're very welcome

Get some sleep

It looks like the worst is over...

OMD · Jun 17, 2011

It looks like I am still 'hacked'

otl did not reboot or create a log file?

Also when doing the java thing, I was not warned of any toolbars or extra software.

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 9.3.4
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
system32 AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

ESET

C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL Win32/Toolbar.AskSBar application
C:\Qoobox\Quarantine\C\Program Files\Fast Browser Search\IE\MTWB3SH.dll.vir a variant of Win32/BHO.OCS trojan
C:\Qoobox\Quarantine\C\Program Files\SGPSA\mtWB3sh.dll.vir a variant of Win32/BHO.OCS trojan

Broni · Jun 17, 2011

otl did not reboot or create a log file?

Retry.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

OMD · Jun 17, 2011

uninstalled Adobe Ready and Installed Foxit.

Ran the OTR again and it ran, said to reboot and clicked 'ok' but nothing happened. So I did a restart manually....but no log file?

Broni · Jun 17, 2011

Run "Quick scan", post the log and I'll see, if anything has been removed.

OMD · Jun 17, 2011

Broni said:
Run "Quick scan", post the log and I'll see, if anything has been removed.

do I paste anything in the box?

Broni · Jun 17, 2011

No, just straight scan.

OMD · Jun 17, 2011

OTL logfile created on: 6/17/2011 10:27:37 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 67.66% Memory free
5.75 Gb Paging File | 4.81 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 225.75 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.97% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 15:40:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/05/21 23:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/06/13 12:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2007/08/03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/08/03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/11/09 06:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2011/06/16 15:40:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/14 22:16:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/21 23:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 23:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 06:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 06:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/10/26 21:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2007/10/26 21:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4df42492&i=23&tp=ab&nt=1&q="
FF - prefs.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/14 23:48:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 22:10:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/11/24 15:25:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2009/10/31 20:51:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/17 16:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/17 16:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/15 23:24:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Weather] File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 21:55:29 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\terminology class
[2011/06/17 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/06/17 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/16 22:43:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/16 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\spyware tools
[2011/06/16 15:40:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/06/15 23:16:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/15 21:06:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/15 21:06:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/15 21:05:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/15 21:05:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/15 20:55:13 | 004,128,845 | R--- | C] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/06/14 23:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/14 23:49:09 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/06/14 23:49:09 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/06/14 23:49:04 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/06/14 23:49:04 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/06/14 23:49:04 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/06/14 23:49:04 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/06/14 23:48:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/06/14 23:48:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/06/14 23:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/14 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/12 01:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/12 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/11 22:29:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/11 22:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/11 22:17:58 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/11 21:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/11 21:47:42 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/11 21:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/11 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\CrashDumps
[2011/06/11 19:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/11 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\NPE
[2011/06/11 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2011/06/11 13:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/10 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/10 22:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/10 22:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 22:34:54 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2011/06/07 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Mozilla
[2011/06/07 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/07 17:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/07 17:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/07 17:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/24 21:56:18 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2010/09/24 21:56:18 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2010/09/24 21:56:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2010/09/24 21:56:18 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2010/09/24 21:56:16 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2010/09/24 21:56:14 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2010/09/24 21:56:13 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2010/09/24 21:56:12 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2010/09/24 21:56:09 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2010/09/24 21:56:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2010/09/24 21:56:05 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2010/09/24 21:56:05 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2010/09/24 21:56:05 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2010/09/24 21:56:04 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 21:49:41 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 21:49:41 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 21:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 21:41:34 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/16 15:40:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/06/16 03:04:45 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/16 03:04:45 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/15 23:24:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/15 21:04:52 | 004,128,845 | R--- | M] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/06/14 23:49:10 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/14 23:49:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/14 17:20:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/14 17:20:14 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/06/11 22:17:58 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/11 22:10:00 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/11 21:56:01 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/05 06:29:21 | 000,000,392 | -H-- | M] () -- C:\ProgramData\24043256
[2011/06/05 06:26:13 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~24043256r
[2011/06/05 06:26:13 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~24043256
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/15 21:06:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/15 21:06:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/15 21:06:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/15 21:06:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/15 21:06:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/14 23:49:10 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/14 17:20:14 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/14 17:20:14 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/11 22:10:00 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/11 21:56:01 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/05 06:26:13 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~24043256r
[2011/06/05 06:26:13 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~24043256
[2011/06/05 06:26:06 | 000,000,392 | -H-- | C] () -- C:\ProgramData\24043256
[2010/09/24 22:03:26 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxdxcoin.dll
[2010/09/24 22:02:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2010/09/24 22:00:25 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2010/09/24 22:00:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2010/09/24 22:00:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2010/09/24 21:59:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2010/09/24 21:59:38 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2010/09/24 21:59:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2010/09/24 21:59:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2010/09/24 21:56:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2010/09/24 21:56:20 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2010/09/24 21:56:07 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2010/08/20 10:50:41 | 000,035,423 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/03/05 07:50:35 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/12/10 12:27:20 | 000,163,153 | ---- | C] () -- C:\Windows\hpoins44.dat
[2009/11/24 15:31:11 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/12 13:06:31 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2009/08/07 20:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/07/17 20:27:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,352,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/27 15:01:55 | 000,000,338 | -H-- | C] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/06/26 07:39:13 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/06/25 19:44:56 | 000,024,206 | -H-- | C] () -- C:\Users\matt\AppData\Roaming\UserTile.png
[2009/06/11 05:30:02 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/01/10 22:38:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/10 22:32:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/10 22:32:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/09 10:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/08/11 03:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 03:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2011/06/11 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Audacity
[2011/04/21 08:37:44 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/01 21:28:22 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\Lexmark Productivity Studio
[2011/06/11 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2009/06/25 19:44:56 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\PeerNetworking
[2009/11/24 15:25:37 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\Template
[2009/11/24 15:25:37 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\vghd
[2009/07/14 00:53:46 | 000,027,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/17/2011 10:27:37 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 67.66% Memory free
5.75 Gb Paging File | 4.81 Gb Available in Paging File | 83.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 225.75 Gb Free Space | 77.36% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.97% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader 5.0
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2010 3:01:43 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 3:11:02 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 3:20:32 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 3:29:17 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 3:38:01 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 3:47:30 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 3:56:26 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 4:05:24 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 4:13:55 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/22/2010 4:22:25 AM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

[ System Events ]
Error - 6/16/2011 3:27:07 AM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/16/2011 10:42:26 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 6/16/2011 10:43:37 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService
service to connect.

Error - 6/16/2011 10:43:37 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/17/2011 5:41:39 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 6/17/2011 5:43:19 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService
service to connect.

Error - 6/17/2011 5:43:19 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 6/17/2011 9:40:56 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7016
Description = The NVIDIA Display Driver Service service has reported an invalid
current state 32.

Error - 6/17/2011 9:42:24 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService
service to connect.

Error - 6/17/2011 9:42:24 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

< End of report >

Broni · Jun 17, 2011

It didn't work.
Try to run the fix from Safe Mode.

OMD · Jun 17, 2011

ran in safe mode and it rebooted and produced a log (below). Then I ran a quick scan in normal mode because I figured you would ask (those two files also below)

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found.
File C:\Program Files\AVG\AVG10\Firefox4 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
File C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-2834837877-3431995649-1172067647-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403E-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}\ not found.
File C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL not found.
Registry value HKEY_USERS\S-1-5-21-2834837877-3431995649-1172067647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\System32\MultiLanguage.tmp deleted successfully.
C:\Windows\System32\WG511v2_OEM.tmp deleted successfully.
C:\ProgramData\SPL8526.tmp deleted successfully.
C:\ProgramData\~24043256r moved successfully.
C:\ProgramData\~24043256 moved successfully.
C:\ProgramData\24043256 moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\AskTBar\bar\1.bin folder moved successfully.
C:\Program Files\AskTBar\bar folder moved successfully.
C:\Program Files\AskTBar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: matt
->Temp folder emptied: 4915073 bytes
->Temporary Internet Files folder emptied: 64458908 bytes
->Java cache emptied: 61518337 bytes
->FireFox cache emptied: 34610919 bytes
->Google Chrome cache emptied: 6275816 bytes
->Flash cache emptied: 192280 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9695640 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 173.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: matt
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.24.0 log created on 06172011_225029

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 6/17/2011 10:54:12 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 72.42% Memory free
5.75 Gb Paging File | 4.93 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 225.97 Gb Free Space | 77.43% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.97% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/16 15:40:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
PRC - [2011/05/10 08:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/26 17:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/05/21 23:13:36 | 000,275,768 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/06/13 12:04:02 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmsdmon.exe
PRC - [2008/06/13 12:04:01 | 000,668,328 | ---- | M] () -- C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
PRC - [2007/08/03 13:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/08/03 13:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2006/12/08 11:16:56 | 000,065,536 | ---- | M] () -- C:\hp\KBD\KbdStub.exe
PRC - [2006/11/09 06:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (SafeList) ==========

MOD - [2011/06/16 15:40:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
MOD - [2011/05/10 08:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 08:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/14 22:16:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/21 23:13:36 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/05/21 23:03:06 | 000,133,120 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2009/04/29 04:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)

========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 08:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 08:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 08:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 07:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 07:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 07:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/28 00:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/26 17:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/04/29 04:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/02/13 06:58:30 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2009/02/13 06:56:32 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/07/29 04:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007/10/26 21:51:26 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2007/10/26 21:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2005/12/12 12:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.com/?d=4df42492&i=23&tp=ab&nt=1&q="
FF - prefs.js..keyword.enabled: true

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/14 23:48:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/11 22:10:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2009/11/24 15:25:36 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions
[2009/10/31 20:51:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\matt\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/06/17 16:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/17 16:16:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/15 23:24:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: () - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxdxamon] C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe ()
O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Weather] File not found
O4 - Startup: C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\awave.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/17 22:50:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/17 21:55:29 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\terminology class
[2011/06/17 21:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/06/17 17:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/16 22:43:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/16 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\matt\Desktop\spyware tools
[2011/06/16 15:40:26 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/06/15 23:16:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/15 21:06:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/15 21:06:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/15 21:05:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/15 21:05:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/15 20:55:13 | 004,128,845 | R--- | C] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/06/14 23:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/14 23:49:09 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/06/14 23:49:09 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/06/14 23:49:04 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/06/14 23:49:04 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/06/14 23:49:04 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/06/14 23:49:04 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/06/14 23:48:46 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/06/14 23:48:46 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/06/14 23:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/14 23:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/12 01:40:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/12 01:40:53 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/11 22:29:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/06/11 22:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/06/11 22:17:58 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/11 21:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/11 21:47:42 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/11 21:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/11 21:47:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/11 19:37:08 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\CrashDumps
[2011/06/11 19:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/11 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\NPE
[2011/06/11 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\Malwarebytes
[2011/06/11 13:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/10 22:40:17 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Roaming\SUPERAntiSpyware.com
[2011/06/10 22:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/10 22:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/10 22:34:54 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2011/06/07 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\matt\AppData\Local\Mozilla
[2011/06/07 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/06/07 17:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/06/07 17:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/06/07 17:18:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/24 21:56:18 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\lxdxusb1.dll
[2010/09/24 21:56:18 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDXhcp.dll
[2010/09/24 21:56:18 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdxinpa.dll
[2010/09/24 21:56:18 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxiesc.dll
[2010/09/24 21:56:16 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\lxdxserv.dll
[2010/09/24 21:56:14 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdxprox.dll
[2010/09/24 21:56:13 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxpmui.dll
[2010/09/24 21:56:12 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdxlmpm.dll
[2010/09/24 21:56:09 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdxih.exe
[2010/09/24 21:56:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdxhbn3.dll
[2010/09/24 21:56:05 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomc.dll
[2010/09/24 21:56:05 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdxcoms.exe
[2010/09/24 21:56:05 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdxcomm.dll
[2010/09/24 21:56:04 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdxcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/06/17 22:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/17 22:51:37 | 2314,117,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/17 21:49:41 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/17 21:49:41 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/16 15:40:35 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\matt\Desktop\OTL.exe
[2011/06/16 03:04:45 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/16 03:04:45 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/15 23:24:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/15 21:04:52 | 004,128,845 | R--- | M] (Swearware) -- C:\Users\matt\Desktop\ComboFix.exe
[2011/06/14 23:49:10 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/14 23:49:04 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/14 17:20:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011/06/14 17:20:14 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011/06/11 22:17:58 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/06/11 22:10:00 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/11 21:56:01 | 000,017,480 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

========== Files Created - No Company Name ==========

[2011/06/15 21:06:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/15 21:06:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/15 21:06:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/15 21:06:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/15 21:06:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/14 23:49:10 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/14 17:20:14 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/06/14 17:20:14 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/11 22:10:00 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/11 21:56:01 | 000,017,480 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/24 22:03:26 | 000,360,448 | ---- | C] () -- C:\Windows\System32\lxdxcoin.dll
[2010/09/24 22:02:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdxvs.dll
[2010/09/24 22:00:25 | 000,782,336 | ---- | C] () -- C:\Windows\System32\lxdxdrs.dll
[2010/09/24 22:00:25 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdxcaps.dll
[2010/09/24 22:00:25 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdxcnv4.dll
[2010/09/24 21:59:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2010/09/24 21:59:38 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2010/09/24 21:59:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2010/09/24 21:59:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2010/09/24 21:56:39 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxdxrwrd.ini
[2010/09/24 21:56:20 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDXinst.dll
[2010/09/24 21:56:07 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdxgrd.dll
[2010/08/20 10:50:41 | 000,035,423 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/03/05 07:50:35 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/12/10 12:27:20 | 000,163,153 | ---- | C] () -- C:\Windows\hpoins44.dat
[2009/11/24 15:31:11 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/10/12 13:06:31 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2009/08/07 20:06:05 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/07/17 20:27:24 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,352,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/27 15:01:55 | 000,000,338 | -H-- | C] () -- C:\Users\matt\AppData\Roaming\wklnhst.dat
[2009/06/26 17:21:02 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2009/06/26 07:39:13 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/06/25 19:44:56 | 000,024,206 | -H-- | C] () -- C:\Users\matt\AppData\Roaming\UserTile.png
[2009/06/11 05:30:02 | 000,000,586 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/01/10 22:38:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2007/01/10 22:32:36 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/01/10 22:32:36 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2006/11/09 10:19:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/08/11 03:00:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 03:00:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/09/16 16:24:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2011/06/11 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\Audacity
[2011/04/21 08:37:44 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/01/01 21:28:22 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\Lexmark Productivity Studio
[2011/06/11 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\matt\AppData\Roaming\OpenOffice.org
[2009/06/25 19:44:56 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\PeerNetworking
[2009/11/24 15:25:37 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\Template
[2009/11/24 15:25:37 | 000,000,000 | -H-D | M] -- C:\Users\matt\AppData\Roaming\vghd
[2009/07/14 00:53:46 | 000,028,168 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OMD · Jun 17, 2011

OTL Extras logfile created on: 6/17/2011 10:54:13 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Users\matt\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.08 Gb Available Physical Memory | 72.42% Memory free
5.75 Gb Paging File | 4.93 Gb Available in Paging File | 85.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.83 Gb Total Space | 225.97 Gb Free Space | 77.43% Space Free | Partition Type: NTFS
Drive D: | 6.26 Gb Total Space | 0.87 Gb Free Space | 13.97% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B83A15A7-2BD5-4416-BC43-AF5F9A4B08A9}" = muvee autoProducer 5.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader 5.0
"HitmanPro35" = Hitman Pro 3.5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2010 7:55:09 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 8:09:05 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 8:24:56 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 8:39:53 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 8:55:30 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 9:12:11 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 9:26:38 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 9:42:14 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 9:57:24 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 7/21/2010 10:12:30 PM | Computer Name = matt-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

[ System Events ]
Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = DCOM | ID = 10005
Description =

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = DCOM | ID = 10005
Description =

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/17/2011 10:49:54 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 6/17/2011 10:52:12 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxdxCATSCustConnectService
service to connect.

Error - 6/17/2011 10:52:12 PM | Computer Name = matt-PC | Source = Service Control Manager | ID = 7000
Description = The lxdxCATSCustConnectService service failed to start due to the
following error: %%1053

< End of report >

Broni · Jun 17, 2011

Good job

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

OMD · Jun 17, 2011

SWEEEEET! Can we tomorrow?

Solved Browser has been Hijacked - Get Re-Directed HijackThis Log Attached

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Posts: 37 +0

Posts: 56,041 +516

Posts: 37 +0

Similar threads