TechSpot

Can't see files on hard drive

Solved
By mannclann
Feb 14, 2012
  1. Hi,

    Looks like I have been hit by a mean little virus on my laptop even though I am pretty careful about where I go and what I do.

    I have tried to do the steps outlined in the "5-Step" plan but could not complete most of them.

    I was unable to install malwarebytes and run it and dds would not run either.

    I was able to install and run gmer, see below:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-13 22:15:07
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
    Running: pz0q85wn.exe; Driver: C:\Users\Rick\AppData\Local\Temp\pwacauoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- EOF - GMER 1.0.15 ----

    Thanks in advance for your help in resolving this issue.

    Rick
     
  2. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  3. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    14:04:08.0321 6112 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
    14:04:10.0344 6112 ============================================================
    14:04:10.0344 6112 Current date / time: 2012/02/15 14:04:10.0344
    14:04:10.0344 6112 SystemInfo:
    14:04:10.0344 6112
    14:04:10.0345 6112 OS Version: 6.0.6002 ServicePack: 2.0
    14:04:10.0345 6112 Product type: Workstation
    14:04:10.0345 6112 ComputerName: MANNCLANNLAPTOP
    14:04:10.0345 6112 UserName: Rick
    14:04:10.0345 6112 Windows directory: C:\Windows
    14:04:10.0345 6112 System windows directory: C:\Windows
    14:04:10.0345 6112 Processor architecture: Intel x86
    14:04:10.0345 6112 Number of processors: 2
    14:04:10.0345 6112 Page size: 0x1000
    14:04:10.0345 6112 Boot type: Normal boot
    14:04:10.0346 6112 ============================================================
    14:04:14.0331 6112 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    14:04:14.0337 6112 \Device\Harddisk0\DR0:
    14:04:14.0337 6112 MBR used
    14:04:14.0337 6112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x23E55000
    14:04:14.0337 6112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23E55800, BlocksNum 0x15D7800
    14:04:14.0843 6112 Initialize success
    14:04:14.0843 6112 ============================================================
    14:04:23.0981 0156 ============================================================
    14:04:23.0981 0156 Scan started
    14:04:23.0981 0156 Mode: Manual;
    14:04:23.0981 0156 ============================================================
    14:04:25.0879 0156 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    14:04:25.0886 0156 ACPI - ok
    14:04:26.0181 0156 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    14:04:26.0213 0156 adp94xx - ok
    14:04:26.0258 0156 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    14:04:26.0281 0156 adpahci - ok
    14:04:26.0324 0156 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    14:04:26.0329 0156 adpu160m - ok
    14:04:26.0364 0156 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    14:04:26.0375 0156 adpu320 - ok
    14:04:26.0441 0156 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    14:04:26.0447 0156 AFD - ok
    14:04:26.0561 0156 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    14:04:26.0588 0156 agp440 - ok
    14:04:26.0621 0156 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    14:04:26.0652 0156 aic78xx - ok
    14:04:26.0709 0156 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    14:04:26.0712 0156 aliide - ok
    14:04:26.0764 0156 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    14:04:26.0806 0156 amdagp - ok
    14:04:26.0836 0156 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    14:04:26.0840 0156 amdide - ok
    14:04:26.0871 0156 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    14:04:26.0876 0156 AmdK7 - ok
    14:04:26.0898 0156 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    14:04:26.0902 0156 AmdK8 - ok
    14:04:26.0980 0156 AMP (a7634ad081a97dd792ab261d80eafd84) C:\Windows\system32\DRIVERS\amp.sys
    14:04:27.0004 0156 AMP - ok
    14:04:27.0121 0156 AMPSE (839c3a79cb536a2412b4f39e50015e59) C:\Windows\system32\DRIVERS\ampse.sys
    14:04:27.0156 0156 AMPSE - ok
    14:04:27.0240 0156 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    14:04:27.0244 0156 arc - ok
    14:04:27.0269 0156 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    14:04:27.0276 0156 arcsas - ok
    14:04:27.0325 0156 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:04:27.0328 0156 AsyncMac - ok
    14:04:27.0365 0156 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    14:04:27.0368 0156 atapi - ok
    14:04:27.0482 0156 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
    14:04:27.0518 0156 athr - ok
    14:04:27.0600 0156 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    14:04:27.0604 0156 Beep - ok
    14:04:27.0924 0156 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
    14:04:27.0938 0156 BHDrvx86 - ok
    14:04:28.0071 0156 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    14:04:28.0097 0156 blbdrive - ok
    14:04:28.0183 0156 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    14:04:28.0187 0156 bowser - ok
    14:04:28.0239 0156 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    14:04:28.0243 0156 BrFiltLo - ok
    14:04:28.0273 0156 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    14:04:28.0278 0156 BrFiltUp - ok
    14:04:28.0328 0156 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    14:04:28.0336 0156 Brserid - ok
    14:04:28.0359 0156 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    14:04:28.0365 0156 BrSerWdm - ok
    14:04:28.0384 0156 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    14:04:28.0389 0156 BrUsbMdm - ok
    14:04:28.0409 0156 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    14:04:28.0414 0156 BrUsbSer - ok
    14:04:28.0441 0156 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    14:04:28.0447 0156 BTHMODEM - ok
    14:04:28.0585 0156 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys
    14:04:28.0592 0156 ccSet_NIS - ok
    14:04:28.0629 0156 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:04:28.0633 0156 cdfs - ok
    14:04:28.0719 0156 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    14:04:28.0725 0156 cdrom - ok
    14:04:28.0761 0156 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    14:04:28.0767 0156 circlass - ok
    14:04:28.0831 0156 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    14:04:28.0837 0156 CLFS - ok
    14:04:28.0898 0156 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:04:28.0901 0156 CmBatt - ok
    14:04:28.0919 0156 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    14:04:28.0924 0156 cmdide - ok
    14:04:28.0981 0156 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
    14:04:28.0991 0156 CnxtHdAudService - ok
    14:04:29.0062 0156 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    14:04:29.0066 0156 Compbatt - ok
    14:04:29.0104 0156 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    14:04:29.0125 0156 crcdisk - ok
    14:04:29.0158 0156 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    14:04:29.0165 0156 Crusoe - ok
    14:04:29.0273 0156 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    14:04:29.0279 0156 DfsC - ok
    14:04:29.0342 0156 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    14:04:29.0368 0156 disk - ok
    14:04:29.0415 0156 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    14:04:29.0420 0156 Dot4 - ok
    14:04:29.0476 0156 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    14:04:29.0479 0156 Dot4Print - ok
    14:04:29.0515 0156 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    14:04:29.0519 0156 dot4usb - ok
    14:04:29.0567 0156 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    14:04:29.0571 0156 drmkaud - ok
    14:04:29.0646 0156 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    14:04:29.0700 0156 DXGKrnl - ok
    14:04:29.0731 0156 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    14:04:29.0743 0156 E1G60 - ok
    14:04:29.0811 0156 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    14:04:29.0817 0156 Ecache - ok
    14:04:29.0906 0156 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    14:04:30.0410 0156 eeCtrl - ok
    14:04:30.0496 0156 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
    14:04:30.0500 0156 ElRawDisk - ok
    14:04:30.0542 0156 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    14:04:30.0566 0156 elxstor - ok
    14:04:30.0666 0156 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    14:04:30.0672 0156 EraserUtilRebootDrv - ok
    14:04:30.0773 0156 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    14:04:30.0778 0156 ErrDev - ok
    14:04:30.0951 0156 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    14:04:31.0133 0156 exfat - ok
    14:04:31.0270 0156 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    14:04:31.0309 0156 fastfat - ok
    14:04:31.0342 0156 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    14:04:31.0346 0156 fdc - ok
    14:04:31.0424 0156 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\Windows\system32\drivers\FileDisk.sys
    14:04:31.0428 0156 FileDisk - ok
    14:04:31.0475 0156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    14:04:31.0480 0156 FileInfo - ok
    14:04:31.0509 0156 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    14:04:31.0512 0156 Filetrace - ok
    14:04:31.0534 0156 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:04:31.0538 0156 flpydisk - ok
    14:04:31.0583 0156 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    14:04:31.0589 0156 FltMgr - ok
    14:04:31.0684 0156 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
    14:04:31.0689 0156 fssfltr - ok
    14:04:31.0745 0156 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    14:04:31.0749 0156 Fs_Rec - ok
    14:04:31.0774 0156 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    14:04:31.0780 0156 gagp30kx - ok
    14:04:31.0831 0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:04:31.0834 0156 GEARAspiWDM - ok
    14:04:31.0880 0156 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    14:04:31.0889 0156 HdAudAddService - ok
    14:04:31.0989 0156 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:04:32.0013 0156 HDAudBus - ok
    14:04:32.0049 0156 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    14:04:32.0053 0156 HidBth - ok
    14:04:32.0108 0156 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    14:04:32.0111 0156 HidIr - ok
    14:04:32.0227 0156 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    14:04:32.0230 0156 HidUsb - ok
    14:04:32.0500 0156 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    14:04:32.0533 0156 HpCISSs - ok
    14:04:32.0639 0156 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    14:04:32.0643 0156 HpqKbFiltr - ok
    14:04:32.0749 0156 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    14:04:32.0793 0156 HSF_DPV - ok
    14:04:32.0867 0156 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    14:04:32.0874 0156 HSXHWAZL - ok
    14:04:32.0956 0156 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    14:04:32.0989 0156 HTTP - ok
    14:04:33.0030 0156 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    14:04:33.0051 0156 i2omp - ok
    14:04:33.0087 0156 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:04:33.0093 0156 i8042prt - ok
    14:04:33.0135 0156 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    14:04:33.0151 0156 iaStorV - ok
    14:04:33.0557 0156 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120214.003\IDSvix86.sys
    14:04:33.0581 0156 IDSVix86 - ok
    14:04:33.0950 0156 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
    14:04:34.0240 0156 igfx - ok
    14:04:34.0321 0156 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    14:04:34.0328 0156 iirsp - ok
    14:04:34.0399 0156 IntcHdmiAddService (c7e7e43cbd34d3b0a0156b51b917dfcc) C:\Windows\system32\drivers\IntcHdmi.sys
    14:04:34.0404 0156 IntcHdmiAddService - ok
    14:04:34.0451 0156 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    14:04:34.0458 0156 intelide - ok
    14:04:34.0492 0156 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    14:04:34.0519 0156 intelppm - ok
    14:04:34.0844 0156 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:04:34.0848 0156 IpFilterDriver - ok
    14:04:34.0902 0156 IpInIp - ok
    14:04:34.0945 0156 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    14:04:34.0972 0156 IPMIDRV - ok
    14:04:34.0996 0156 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    14:04:35.0002 0156 IPNAT - ok
    14:04:35.0059 0156 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    14:04:35.0061 0156 IRENUM - ok
    14:04:35.0097 0156 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    14:04:35.0101 0156 isapnp - ok
    14:04:35.0158 0156 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    14:04:35.0164 0156 iScsiPrt - ok
    14:04:35.0195 0156 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    14:04:35.0200 0156 iteatapi - ok
    14:04:35.0217 0156 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    14:04:35.0221 0156 iteraid - ok
    14:04:35.0251 0156 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:04:35.0256 0156 kbdclass - ok
    14:04:35.0294 0156 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    14:04:35.0298 0156 kbdhid - ok
    14:04:35.0411 0156 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    14:04:35.0420 0156 KSecDD - ok
    14:04:35.0506 0156 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    14:04:35.0509 0156 lltdio - ok
    14:04:35.0550 0156 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    14:04:35.0556 0156 LSI_FC - ok
    14:04:35.0596 0156 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    14:04:35.0602 0156 LSI_SAS - ok
    14:04:35.0631 0156 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    14:04:35.0657 0156 LSI_SCSI - ok
    14:04:35.0718 0156 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    14:04:35.0722 0156 luafv - ok
    14:04:35.0787 0156 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
    14:04:35.0791 0156 MBAMSwissArmy - ok
    14:04:35.0838 0156 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    14:04:35.0852 0156 mdmxsdk - ok
    14:04:35.0914 0156 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    14:04:35.0918 0156 megasas - ok
    14:04:35.0954 0156 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    14:04:35.0978 0156 MegaSR - ok
    14:04:36.0013 0156 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    14:04:36.0034 0156 Modem - ok
    14:04:36.0064 0156 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    14:04:36.0069 0156 monitor - ok
    14:04:36.0128 0156 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    14:04:36.0132 0156 mouclass - ok
    14:04:36.0201 0156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    14:04:36.0205 0156 mouhid - ok
    14:04:36.0253 0156 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    14:04:36.0256 0156 MountMgr - ok
    14:04:36.0279 0156 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    14:04:36.0285 0156 mpio - ok
    14:04:36.0319 0156 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    14:04:36.0323 0156 mpsdrv - ok
    14:04:36.0362 0156 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    14:04:36.0389 0156 Mraid35x - ok
    14:04:36.0440 0156 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    14:04:36.0446 0156 MRxDAV - ok
    14:04:36.0487 0156 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:04:36.0493 0156 mrxsmb - ok
    14:04:36.0553 0156 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:04:36.0562 0156 mrxsmb10 - ok
    14:04:36.0627 0156 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:04:36.0630 0156 mrxsmb20 - ok
    14:04:36.0670 0156 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
    14:04:36.0674 0156 msahci - ok
    14:04:36.0720 0156 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    14:04:36.0725 0156 msdsm - ok
    14:04:36.0768 0156 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    14:04:36.0772 0156 Msfs - ok
    14:04:36.0831 0156 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    14:04:36.0834 0156 msisadrv - ok
    14:04:36.0891 0156 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    14:04:36.0894 0156 MSKSSRV - ok
    14:04:36.0915 0156 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:04:36.0918 0156 MSPCLOCK - ok
    14:04:37.0071 0156 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    14:04:37.0075 0156 MSPQM - ok
    14:04:37.0142 0156 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    14:04:37.0178 0156 MsRPC - ok
    14:04:37.0251 0156 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    14:04:37.0255 0156 mssmbios - ok
    14:04:37.0291 0156 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    14:04:37.0294 0156 MSTEE - ok
    14:04:37.0327 0156 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    14:04:37.0332 0156 Mup - ok
    14:04:37.0386 0156 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    14:04:37.0391 0156 NativeWifiP - ok
    14:04:37.0730 0156 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120215.004\NAVENG.SYS
    14:04:37.0736 0156 NAVENG - ok
    14:04:37.0806 0156 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120215.004\NAVEX15.SYS
    14:04:37.0865 0156 NAVEX15 - ok
    14:04:37.0993 0156 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    14:04:38.0090 0156 NDIS - ok
    14:04:38.0152 0156 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:04:38.0155 0156 NdisTapi - ok
    14:04:38.0182 0156 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:04:38.0186 0156 Ndisuio - ok
    14:04:38.0226 0156 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:04:38.0232 0156 NdisWan - ok
    14:04:38.0273 0156 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    14:04:38.0295 0156 NDProxy - ok
    14:04:38.0335 0156 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    14:04:38.0339 0156 NetBIOS - ok
    14:04:38.0382 0156 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    14:04:38.0390 0156 netbt - ok
    14:04:38.0531 0156 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    14:04:38.0571 0156 NETw3v32 - ok
    14:04:38.0646 0156 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    14:04:38.0663 0156 nfrd960 - ok
    14:04:38.0723 0156 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    14:04:38.0747 0156 Npfs - ok
    14:04:38.0788 0156 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    14:04:38.0792 0156 nsiproxy - ok
    14:04:38.0879 0156 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    14:04:38.0971 0156 Ntfs - ok
    14:04:39.0017 0156 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    14:04:39.0020 0156 ntrigdigi - ok
    14:04:39.0061 0156 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    14:04:39.0067 0156 Null - ok
    14:04:39.0119 0156 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    14:04:39.0123 0156 nvraid - ok
    14:04:39.0153 0156 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    14:04:39.0157 0156 nvstor - ok
    14:04:39.0205 0156 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    14:04:39.0210 0156 nv_agp - ok
    14:04:39.0230 0156 NwlnkFlt - ok
    14:04:39.0255 0156 NwlnkFwd - ok
    14:04:39.0286 0156 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    14:04:39.0291 0156 ohci1394 - ok
    14:04:39.0365 0156 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    14:04:39.0369 0156 Parport - ok
    14:04:39.0423 0156 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    14:04:39.0426 0156 partmgr - ok
    14:04:39.0465 0156 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    14:04:39.0469 0156 Parvdm - ok
    14:04:39.0522 0156 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    14:04:39.0527 0156 pci - ok
    14:04:39.0550 0156 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
    14:04:39.0555 0156 pciide - ok
    14:04:39.0629 0156 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    14:04:39.0636 0156 pcmcia - ok
    14:04:39.0709 0156 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    14:04:39.0726 0156 PEAUTH - ok
    14:04:39.0851 0156 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    14:04:39.0855 0156 PptpMiniport - ok
    14:04:39.0883 0156 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    14:04:39.0889 0156 Processor - ok
    14:04:39.0972 0156 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    14:04:39.0976 0156 PSched - ok
    14:04:40.0011 0156 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
    14:04:40.0017 0156 PxHelp20 - ok
    14:04:40.0102 0156 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    14:04:40.0148 0156 ql2300 - ok
    14:04:40.0197 0156 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    14:04:40.0202 0156 ql40xx - ok
    14:04:40.0242 0156 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    14:04:40.0245 0156 QWAVEdrv - ok
    14:04:40.0280 0156 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    14:04:40.0283 0156 RasAcd - ok
    14:04:40.0331 0156 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:04:40.0337 0156 Rasl2tp - ok
    14:04:40.0397 0156 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:04:40.0401 0156 RasPppoe - ok
    14:04:40.0436 0156 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    14:04:40.0440 0156 RasSstp - ok
    14:04:40.0480 0156 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    14:04:40.0504 0156 rdbss - ok
    14:04:40.0541 0156 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:04:40.0544 0156 RDPCDD - ok
    14:04:40.0640 0156 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    14:04:40.0658 0156 rdpdr - ok
    14:04:40.0690 0156 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    14:04:40.0693 0156 RDPENCDD - ok
    14:04:40.0766 0156 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    14:04:40.0792 0156 RDPWD - ok
    14:04:40.0841 0156 RimUsb - ok
    14:04:40.0965 0156 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    14:04:40.0968 0156 RimVSerPort - ok
    14:04:41.0016 0156 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    14:04:41.0027 0156 ROOTMODEM - ok
    14:04:41.0112 0156 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    14:04:41.0117 0156 rspndr - ok
    14:04:41.0170 0156 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys
    14:04:41.0180 0156 RTL8169 - ok
    14:04:41.0220 0156 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
    14:04:41.0261 0156 RTSTOR - ok
    14:04:41.0299 0156 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    14:04:41.0305 0156 sbp2port - ok
    14:04:41.0372 0156 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    14:04:41.0376 0156 sdbus - ok
    14:04:41.0441 0156 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    14:04:41.0462 0156 secdrv - ok
    14:04:41.0509 0156 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    14:04:41.0514 0156 Serenum - ok
    14:04:41.0554 0156 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    14:04:41.0560 0156 Serial - ok
    14:04:41.0631 0156 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    14:04:41.0653 0156 sermouse - ok
    14:04:41.0898 0156 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    14:04:41.0903 0156 sffdisk - ok
    14:04:41.0946 0156 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    14:04:41.0949 0156 sffp_mmc - ok
    14:04:41.0968 0156 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    14:04:41.0972 0156 sffp_sd - ok
    14:04:42.0020 0156 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    14:04:42.0024 0156 sfloppy - ok
    14:04:42.0114 0156 Sftfs (8f00cc8cacf83dce5b35079f615b0f12) C:\Windows\system32\DRIVERS\Sftfslh.sys
    14:04:42.0130 0156 Sftfs - ok
    14:04:42.0226 0156 Sftplay (afdb934586c4c8b2be39ae7eea6f52be) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    14:04:42.0231 0156 Sftplay - ok
    14:04:42.0289 0156 Sftredir (6b1865d82e0290729ed7496c24275592) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    14:04:42.0292 0156 Sftredir - ok
    14:04:42.0333 0156 Sftvol (621eccb1265a01ce2bdf6f2c5e727e2b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    14:04:42.0337 0156 Sftvol - ok
    14:04:42.0445 0156 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    14:04:42.0449 0156 sisagp - ok
    14:04:42.0522 0156 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    14:04:42.0527 0156 SiSRaid2 - ok
    14:04:42.0559 0156 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    14:04:42.0611 0156 SiSRaid4 - ok
    14:04:42.0675 0156 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    14:04:42.0702 0156 Smb - ok
    14:04:42.0760 0156 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    14:04:42.0765 0156 spldr - ok
    14:04:42.0882 0156 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS
    14:04:42.0951 0156 SRTSP - ok
    14:04:42.0989 0156 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS
    14:04:43.0019 0156 SRTSPX - ok
    14:04:43.0075 0156 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    14:04:43.0099 0156 srv - ok
    14:04:43.0138 0156 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    14:04:43.0146 0156 srv2 - ok
    14:04:43.0211 0156 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    14:04:43.0236 0156 srvnet - ok
    14:04:43.0303 0156 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    14:04:43.0307 0156 swenum - ok
    14:04:43.0409 0156 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    14:04:43.0443 0156 Symc8xx - ok
    14:04:43.0546 0156 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS
    14:04:43.0575 0156 SymDS - ok
    14:04:43.0721 0156 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS
    14:04:43.0758 0156 SymEFA - ok
    14:04:43.0800 0156 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
    14:04:43.0807 0156 SymEvent - ok
    14:04:43.0865 0156 SymIM (6e3ad51710cb4a27ea70adf685fca4ca) C:\Windows\system32\DRIVERS\SymIMv.sys
    14:04:43.0869 0156 SymIM - ok
    14:04:43.0958 0156 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS
    14:04:43.0967 0156 SymIRON - ok
    14:04:44.0003 0156 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS
    14:04:44.0026 0156 SYMTDIv - ok
    14:04:44.0089 0156 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    14:04:44.0095 0156 Sym_hi - ok
    14:04:44.0170 0156 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    14:04:44.0175 0156 Sym_u3 - ok
    14:04:44.0230 0156 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    14:04:44.0236 0156 SynTP - ok
    14:04:44.0363 0156 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
    14:04:44.0402 0156 tap0901 - ok
    14:04:44.0445 0156 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
    14:04:44.0449 0156 taphss - ok
    14:04:44.0560 0156 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
    14:04:44.0577 0156 Tcpip - ok
    14:04:44.0680 0156 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
    14:04:44.0696 0156 Tcpip6 - ok
    14:04:44.0738 0156 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    14:04:44.0756 0156 tcpipreg - ok
    14:04:44.0800 0156 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    14:04:44.0803 0156 TDPIPE - ok
    14:04:44.0867 0156 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    14:04:44.0877 0156 TDTCP - ok
    14:04:44.0931 0156 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    14:04:44.0936 0156 tdx - ok
    14:04:45.0064 0156 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    14:04:45.0068 0156 TermDD - ok
    14:04:45.0222 0156 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:04:45.0225 0156 tssecsrv - ok
    14:04:45.0524 0156 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    14:04:45.0528 0156 tunmp - ok
    14:04:45.0645 0156 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    14:04:45.0649 0156 tunnel - ok
    14:04:45.0682 0156 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    14:04:45.0688 0156 uagp35 - ok
    14:04:45.0746 0156 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    14:04:45.0756 0156 udfs - ok
    14:04:45.0811 0156 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    14:04:45.0844 0156 uliagpkx - ok
    14:04:45.0897 0156 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    14:04:45.0905 0156 uliahci - ok
    14:04:45.0939 0156 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    14:04:45.0946 0156 UlSata - ok
    14:04:45.0993 0156 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    14:04:46.0001 0156 ulsata2 - ok
    14:04:46.0046 0156 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    14:04:46.0050 0156 umbus - ok
    14:04:46.0235 0156 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
    14:04:46.0280 0156 USBAAPL - ok
    14:04:46.0363 0156 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:04:46.0368 0156 usbccgp - ok
    14:04:46.0401 0156 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    14:04:46.0407 0156 usbcir - ok
    14:04:46.0464 0156 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    14:04:46.0486 0156 usbehci - ok
    14:04:46.0514 0156 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    14:04:46.0523 0156 usbhub - ok
    14:04:46.0566 0156 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    14:04:46.0570 0156 usbohci - ok
    14:04:46.0628 0156 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    14:04:46.0654 0156 usbprint - ok
    14:04:46.0695 0156 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    14:04:46.0700 0156 usbscan - ok
    14:04:46.0726 0156 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:04:46.0732 0156 USBSTOR - ok
    14:04:46.0766 0156 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:04:46.0770 0156 usbuhci - ok
    14:04:46.0871 0156 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    14:04:46.0879 0156 usbvideo - ok
    14:04:46.0923 0156 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:04:46.0932 0156 vga - ok
    14:04:46.0959 0156 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    14:04:46.0963 0156 VgaSave - ok
    14:04:46.0996 0156 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    14:04:47.0001 0156 viaagp - ok
    14:04:47.0037 0156 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    14:04:47.0041 0156 ViaC7 - ok
    14:04:47.0106 0156 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
    14:04:47.0109 0156 viaide - ok
    14:04:47.0171 0156 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    14:04:47.0175 0156 volmgr - ok
    14:04:47.0255 0156 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    14:04:47.0285 0156 volmgrx - ok
    14:04:47.0346 0156 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    14:04:47.0361 0156 volsnap - ok
    14:04:47.0419 0156 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    14:04:47.0430 0156 vsmraid - ok
    14:04:47.0488 0156 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    14:04:47.0496 0156 WacomPen - ok
    14:04:47.0559 0156 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    14:04:47.0565 0156 Wanarp - ok
    14:04:47.0641 0156 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    14:04:47.0645 0156 Wanarpv6 - ok
    14:04:47.0698 0156 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    14:04:47.0718 0156 Wd - ok
    14:04:47.0756 0156 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    14:04:47.0812 0156 Wdf01000 - ok
    14:04:47.0940 0156 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    14:04:47.0974 0156 winachsf - ok
    14:04:48.0131 0156 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:04:48.0135 0156 WmiAcpi - ok
    14:04:48.0242 0156 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    14:04:48.0247 0156 WpdUsb - ok
    14:04:48.0283 0156 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    14:04:48.0287 0156 ws2ifsl - ok
    14:04:48.0351 0156 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:04:48.0416 0156 WUDFRd - ok
    14:04:48.0483 0156 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    14:04:48.0488 0156 XAudio - ok
    14:04:48.0542 0156 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    14:04:48.0550 0156 yukonwlh - ok
    14:04:48.0638 0156 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
    14:04:48.0663 0156 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    14:04:48.0663 0156 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    14:04:48.0697 0156 Boot (0x1200) (9f6828b81b5b5c38467da487c976c956) \Device\Harddisk0\DR0\Partition0
    14:04:48.0700 0156 \Device\Harddisk0\DR0\Partition0 - ok
    14:04:48.0733 0156 Boot (0x1200) (65cd1f299bae1fea6f78153a0b0cc66a) \Device\Harddisk0\DR0\Partition1
    14:04:48.0735 0156 \Device\Harddisk0\DR0\Partition1 - ok
    14:04:48.0737 0156 ============================================================
    14:04:48.0737 0156 Scan finished
    14:04:48.0737 0156 ============================================================
    14:04:48.0772 3352 Detected object count: 1
    14:04:48.0772 3352 Actual detected object count: 1
    14:04:59.0377 3352 \Device\Harddisk0\DR0\# - copied to quarantine
    14:04:59.0390 3352 \Device\Harddisk0\DR0 - copied to quarantine
    14:04:59.0485 3352 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    14:04:59.0523 3352 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    14:04:59.0608 3352 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    14:04:59.0629 3352 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    14:04:59.0676 3352 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    14:04:59.0937 3352 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    14:04:59.0963 3352 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    14:04:59.0984 3352 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    14:05:00.0552 3352 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    14:05:00.0608 3352 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    14:05:00.0645 3352 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    14:05:00.0750 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    14:05:00.0752 3352 \Device\Harddisk0\DR0 - ok
    14:05:01.0746 3352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    14:05:20.0581 4092 Deinitialize success
     
  4. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Good job :)

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.
     
  5. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    I am trying hard to get through the GMER run. Having trouble getting it completed. Hopefully will have everything up tomorrow.

    Posting this so that you do not delete this thread.

    Thanks

    Rick
     
  6. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    Malwarebytes:

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.15.04

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19170
    Stacey :: MANNCLANNLAPTOP [administrator]

    2/15/2012 4:41:44 PM
    mbam-log-2012-02-15 (16-41-44).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 298968
    Time elapsed: 44 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Users\Rick\AppData\Roaming\java.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\451A.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\5F11.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\F6DC.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Users\Rick\AppData\Roaming\Microsoft\3CD2\FED8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
    C:\Windows\System32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.

    (end)


    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-17 23:21:03
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60ZCT1 rev.13.01A13
    Running: kcndg3kud.exe; Driver: C:\Users\Rick\AppData\Local\Temp\pwacauoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 88553400 ZwAlertResumeThread
    SSDT 885534E0 ZwAlertThread
    SSDT 88553DF0 ZwAllocateVirtualMemory
    SSDT 87419718 ZwAlpcConnectPort
    SSDT 88554BA8 ZwAssignProcessToJobObject
    SSDT 88553150 ZwCreateMutant
    SSDT 885548C8 ZwCreateSymbolicLinkObject
    SSDT 88552688 ZwCreateThread
    SSDT 88554C88 ZwDebugActiveProcess
    SSDT 88553FC0 ZwDuplicateObject
    SSDT 88553C10 ZwFreeVirtualMemory
    SSDT 88553240 ZwImpersonateAnonymousToken
    SSDT 88553320 ZwImpersonateThread
    SSDT 874196A0 ZwLoadDriver
    SSDT 88553B10 ZwMapViewOfSection
    SSDT 88553070 ZwOpenEvent
    SSDT 88552570 ZwOpenProcess
    SSDT 88553EE0 ZwOpenProcessToken
    SSDT 88554EB0 ZwOpenSection
    SSDT 885524A0 ZwOpenThread
    SSDT 88554AB8 ZwProtectVirtualMemory
    SSDT 885535C0 ZwResumeThread
    SSDT 88553860 ZwSetContextThread
    SSDT 88553940 ZwSetInformationProcess
    SSDT 88554D68 ZwSetSystemInformation
    SSDT 88554F90 ZwSuspendProcess
    SSDT 885536A0 ZwSuspendThread
    SSDT 88552768 ZwTerminateProcess
    SSDT 88553780 ZwTerminateThread
    SSDT 88553A30 ZwUnmapViewOfSection
    SSDT 88553D00 ZwWriteVirtualMemory
    SSDT 885549B8 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 820F48A0 8 Bytes [00, 34, 55, 88, E0, 34, 55, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 820F48B4 4 Bytes [F0, 3D, 55, 88]
    .text ntkrnlpa.exe!KeSetEvent + 13D 820F48C0 4 Bytes [18, 97, 41, 87]
    .text ntkrnlpa.exe!KeSetEvent + 191 820F4914 4 Bytes [A8, 4B, 55, 88]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 820F4978 4 Bytes [50, 31, 55, 88] {PUSH EAX; XOR [EBP-0x78], EDX}
    .text ...

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74907817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7495A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7490BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74938395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7490DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7498CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7492C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2704] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74902AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS Text

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_25
    Run by Rick at 23:22:39 on 2012-02-17
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1494 [GMT -7:00]
    .
    AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\1Password\Agile1pService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Dwm.exe
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\1Password\Agile1pAgent.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:57293
    uWinlogon: Shell=explorer.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.5.0.145\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: 1Password: {cb1a24da-7416-4921-a0cf-5aa1160aae2a} - c:\progra~1\1passw~1\AGILE1~1.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
    BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\toolbar\grabber.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.5.0.145\coIEPlg.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Google Update] "c:\users\rick\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
    uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Agile1pAgent] c:\program files\1password\Agile1pAgent.exe
    dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
    StartupFolder: c:\users\rick\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\rick\appdata\roaming\dropbox\bin\Dropbox.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1passw~1\AGILE1~1.DLL
    IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\imacros\imacros.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\iavlsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3C07E7D7-601F-42E5-9888-EE5353F6A131} : DhcpNameServer = 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
    Notify: igfxcui - igfxdev.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 94.63.147.16 www.google.com
    Hosts: 94.63.147.17 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\
    FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/
    FF - prefs.js: network.proxy.http - 173.208.51.246:12243
    FF - prefs.js: network.proxy.http_port - 12243
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\rick\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\users\rick\appdata\roaming\mozilla\firefox\profiles\pnvm8p76.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\users\rick\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\rick\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1305000.091\symds.sys [2012-2-9 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1305000.091\symefa.sys [2012-2-9 905336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys [2012-2-9 132744]
    R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2011-2-12 20392]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20120215.002\IDSvix86.sys [2012-2-15 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1305000.091\ironx86.sys [2012-2-9 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys [2012-2-9 345208]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 Agile1Password;1Password;c:\program files\1password\Agile1pService.exe [2011-4-24 768776]
    R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2011-9-28 138048]
    R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2011-2-12 1189184]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-10-20 821664]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2011-2-12 722616]
    R2 MySQL51;MySQL51;"c:\program files\mysql\mysql server 5.1\bin\mysqld" --defaults-file="c:\program files\mysql\mysql server 5.1\my.ini" mysql51 --> c:\program files\mysql\mysql server 5.1\bin\mysqld [?]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.5.0.145\ccsvchst.exe [2012-2-9 138248]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2011-3-21 196928]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-3-21 68928]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-6-26 1153368]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-9-14 508264]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
    R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2011-9-28 97088]
    R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2011-9-28 97088]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-9 106104]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-9-14 577384]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-9-14 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-9-14 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-9-14 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-9-14 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-31 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2011-9-28 142144]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2012-02-16 03:18:57 100864 ----a-w- C:\pwacauoc.sys
    2012-02-15 21:04:57 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-15 03:52:35 388096 ----a-r- c:\users\rick\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-02-15 03:52:34 -------- d-----w- c:\program files\Trend Micro
    2012-02-14 02:13:17 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2012-02-13 03:29:00 -------- d-----w- c:\program files\Defraggler
    2012-02-10 05:27:26 345208 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symtdiv.sys
    2012-02-10 05:27:26 318584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symnets.sys
    2012-02-10 05:27:25 905336 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symefa.sys
    2012-02-10 05:27:24 340088 ----a-r- c:\windows\system32\drivers\nis\1305000.091\symds.sys
    2012-02-10 05:27:24 32888 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtspx.sys
    2012-02-10 05:27:23 574584 ----a-w- c:\windows\system32\drivers\nis\1305000.091\srtsp.sys
    2012-02-10 05:27:23 149624 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ironx86.sys
    2012-02-10 05:27:23 132744 ----a-w- c:\windows\system32\drivers\nis\1305000.091\ccsetx86.sys
    2012-02-10 05:26:10 4782 ----a-w- c:\windows\system32\drivers\nis\1305000.091\symvtcer.dat
    2012-02-10 05:26:10 -------- d-----w- c:\windows\system32\drivers\nis\1305000.091
    2012-02-10 02:22:01 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-10 02:21:59 -------- d-----w- c:\program files\Symantec
    2012-02-10 02:21:59 -------- d-----w- c:\program files\common files\Symantec Shared
    2012-02-10 01:56:20 764654 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-10 01:55:33 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-02-10 01:55:21 -------- d-----w- c:\program files\Norton Internet Security
    2012-02-10 01:55:02 -------- d-----w- c:\program files\NortonInstaller
    2012-02-10 01:52:55 -------- d--h--w- c:\users\rick\appdata\roaming\8C431
    2012-02-10 01:51:29 -------- d--h--w- c:\users\rick\appdata\roaming\2DF8C
    2012-02-10 00:48:07 -------- d--h--w- c:\program files\8C431
    2012-02-10 00:47:56 -------- d--h--w- c:\program files\LP
    2012-02-09 03:49:21 -------- d--h--w- c:\users\rick\appdata\roaming\AVG2012
    2012-02-09 03:46:33 -------- d--h--w- c:\programdata\AVG2012
    2012-02-08 08:44:52 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{2bf33d93-5d95-428a-8c1a-48e799ea5184}\offreg.dll
    2012-02-08 05:09:37 6557240 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{2bf33d93-5d95-428a-8c1a-48e799ea5184}\mpengine.dll
    2012-01-31 06:03:09 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-31 06:03:09 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-31 06:03:09 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-31 06:03:08 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-31 06:03:08 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-31 06:03:08 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-22 22:40:43 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-22 22:40:31 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-22 22:40:31 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-22 22:37:26 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-22 22:37:22 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-22 22:37:22 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-22 22:36:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-22 22:36:22 376320 ----a-w- c:\windows\system32\winsrv.dll
    .
    ==================== Find3M ====================
    .
    2012-01-27 07:21:24 237072 ---h--w- c:\windows\system32\MpSigStub.exe
    2012-01-06 18:51:24 29696 ---ha-w- c:\windows\system32\iolobtdfg.exe
    2012-01-06 18:51:16 11776 ---ha-w- c:\windows\system32\smrgdf.exe
    2012-01-06 18:29:06 2083464 ---ha-w- c:\windows\system32\Incinerator32.dll
    2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-10 20:26:13 74703 ---ha-w- c:\windows\system32\mfc45.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 23:24:44.30 ===============
     
  7. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    ATTACH Text

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/19/2009 7:20:46 PM
    System Uptime: 2/16/2012 9:26:17 PM (26 hours ago)
    .
    Motherboard: Wistron | | 360C
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 1044/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 105.835 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.821 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: USB Composite Device
    Device ID: USB\VID_0C45&PID_62C0\SN0001
    Manufacturer: (Standard USB Host Controller)
    Name: USB Composite Device
    PNP Device ID: USB\VID_0C45&PID_62C0\SN0001
    Service: usbccgp
    .
    ==== System Restore Points ===================
    .
    RP1168: 2/15/2012 2:16:13 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    1Password 1.0.9.272
    32 Bit HP CIO Components Installer
    3ivx MPEG-4 5.0.3 (remove only)
    7-Zip 4.65
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player
    Amazon Kindle
    AoA Audio Extractor
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    AVIGenerator V1.0.0.0
    AVS Audio Converter version 6.2
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS Video Editor 4
    AVS Video Recorder 2.4
    AVS YouTube Uploader version 2.1
    AVS4YOU Software Navigator 1.4
    AVSDK5
    Bonjour
    Canon ScanGear Starter
    CCleaner
    Click to Call with Skype
    CoffeeCup Free HTML Editor
    CoffeeCup HTML Editor
    Conexant HD Audio
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    Defraggler
    Destination Component
    DeviceDiscovery
    DHTML Editing Component
    DocMgr
    DocProc
    Download Accelerator Plus (DAP)
    Dropbox
    DupeFree Pro
    e-Sword
    ESU for Microsoft Vista
    Fax
    FileZilla Client 3.5.3
    FlipShare
    Google Chrome
    Google Talk Plugin
    GPBaseService2
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hide My ***! Pro 1.8
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 12.0
    HP Doc Viewer
    HP Document Manager 2.0
    HP DVD Play 3.7
    HP Help and Support
    HP Imaging Device Functions 12.0
    HP Quick Launch Buttons 6.40 H2
    HP Smart Web Printing
    HP Solution Center 12.0
    HP Total Care Advisor
    HP Total Care Setup
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPProductAssistant
    IBP 11.7.4
    iCloud
    iLumina Gold Premium
    iMacros V6.90
    Intel(R) Graphics Media Accelerator Driver
    iolo technologies' System Mechanic Professional
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Jing
    Junk Mail filter update
    Juno Preloader
    Korean Fonts Support For Adobe Reader 9
    LabelPrint
    LightScribe System Software 1.14.17.1
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Market Samurai
    MarketResearch
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Live Search Toolbar
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Business 2010 - English
    Microsoft Office Outlook Connector
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mindjet MindManager Viewer 7
    Mozilla Firefox 10.0.1 (x86 en-US)
    Mozilla Firefox 4.0b12 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    muvee Reveal
    My HP Games
    MySQL Connector/ODBC 5.1
    MySQL Server 5.1
    MySQL Tools for 5.0
    NetWaiting
    NetZero Preloader
    Nitro PDF Professional
    Norton Internet Security
    OCR Software by I.R.I.S. 12.0
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.2
    Playback 2.3.0.4
    Power2Go
    PowerDirector
    PxMergeModule
    QuickTime
    Rank Tracker
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    S3 Ripper 1.3
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Segoe UI
    SERPAssist
    SERPAttacks
    Skype™ 5.3
    SmartWebPrinting
    SolutionCenter
    SpeedBit Video Downloader
    Spybot - Search & Destroy
    Status
    SupportSoft Assisted Service
    Synaptics Pointing Device Driver
    TeamViewer 5
    TheBestSpinner
    TrayApp
    TweetAttacks
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Visual C++ Runtime for Dragon NaturallySpeaking
    Visual Studio 2005 Tools for Office Second Edition Runtime
    VLC media player 1.1.7
    WampServer 2.0
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinMerge 2.12.4
    WinRAR archiver
    ZipGenius 6 (6.0.3.1150)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/16/2012 9:29:06 PM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80040154'. If possible, reinstall Windows Media Player.
    2/16/2012 9:27:30 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/16/2012 9:26:50 PM, Error: EventLog [6008] - The previous system shutdown at 5:17:30 PM on 2/16/2012 was unexpected.
    2/16/2012 5:11:47 PM, Error: EventLog [6008] - The previous system shutdown at 1:01:50 AM on 2/16/2012 was unexpected.
    2/15/2012 8:23:45 PM, Error: EventLog [6008] - The previous system shutdown at 8:21:53 PM on 2/15/2012 was unexpected.
    2/15/2012 8:16:08 PM, Error: EventLog [6008] - The previous system shutdown at 7:47:00 PM on 2/15/2012 was unexpected.
    2/15/2012 5:46:10 PM, Error: EventLog [6008] - The previous system shutdown at 5:44:04 PM on 2/15/2012 was unexpected.
    2/15/2012 2:09:24 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:32 PM on 2/15/2012 was unexpected.
    2/15/2012 2:07:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    2/15/2012 2:06:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    2/15/2012 2:06:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    2/15/2012 2:02:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/14/2012 9:03:16 PM, Error: EventLog [6008] - The previous system shutdown at 8:59:29 PM on 2/14/2012 was unexpected.
    2/14/2012 7:40:24 PM, Error: Service Control Manager [7023] - The WMI Performance Adapter service terminated with the following error: Unspecified error
    2/14/2012 5:25:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
    2/14/2012 5:25:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    2/14/2012 5:24:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    2/14/2012 5:24:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    2/14/2012 5:23:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    2/14/2012 3:14:07 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367).
    2/14/2012 3:08:31 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
    2/14/2012 3:07:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
    2/14/2012 3:07:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
    2/13/2012 8:23:14 PM, Error: Service Control Manager [7022] - The Windows Audio service hung on starting.
    2/13/2012 3:17:18 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2487367).
    2/13/2012 3:11:17 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2468871).
    2/13/2012 3:09:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
    2/13/2012 3:09:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2518870).
    2/13/2012 10:20:57 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    2/12/2012 7:54:28 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    2/10/2012 9:56:35 PM, Error: EventLog [6008] - The previous system shutdown at 9:51:56 PM on 2/10/2012 was unexpected.
    2/10/2012 10:02:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    2/10/2012 10:02:01 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Uninstall iolo technologies' System Mechanic Professional
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    It also includes an AV program and you're already running Norton.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
     
  9. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-18 14:08:38
    -----------------------------
    14:08:38.312 OS Version: Windows 6.0.6002 Service Pack 2
    14:08:38.312 Number of processors: 2 586 0x170A
    14:08:38.316 ComputerName: MANNCLANNLAPTOP UserName: Rick
    14:09:11.997 Initialize success
    14:09:20.259 AVAST engine download error: 0
    14:09:46.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
    14:09:46.201 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
    14:09:46.214 Disk 0 MBR read successfully
    14:09:46.220 Disk 0 MBR scan
    14:09:46.224 Disk 0 Windows XP default MBR code
    14:09:46.294 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294058 MB offset 2048
    14:09:46.351 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11183 MB offset 602232832
    14:09:46.360 Disk 0 scanning sectors +625135616
    14:09:46.563 Disk 0 scanning C:\Windows\system32\drivers
    14:09:57.589 Service scanning
    14:10:21.863 Modules scanning
    14:10:55.195 Disk 0 trace - called modules:
    14:10:55.230 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS partmgr.sys volmgr.sys ecache.sys volsnap.sys Ntfs.sys dxgkrnl.sys igdkmd32.sys
    14:10:55.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86beeac8]
    14:10:55.242 3 CLASSPNP.SYS[807d38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x86122b98]
    14:10:55.247 Scan finished successfully
    14:13:23.071 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
    14:13:23.077 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"



    CreateFile() ERROR 6
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;



    Press any key to quit...
     
  10. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    When trying to run combofix I am getting a screen that says something about an expired date and then it wants to know if I want to run it in a reduced function mode.

    Is that normal?

    Thanks

    Rick
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    You have to delete your Combofix file and download fresh one.
     
  13. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    ComboFix 12-02-17.02 - Rick 02/18/2012 16:22:12.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1697 [GMT -7:00]
    Running from: c:\users\Rick\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\LP
    c:\program files\LP\3CD2\F16.exe
    c:\programdata\~letYrmvezEAY0F
    c:\programdata\~letYrmvezEAY0Fr
    c:\programdata\letYrmvezEAY0F
    c:\users\Rick\AppData\Roaming\EurekaLog
    c:\users\Rick\AppData\Roaming\EurekaLog\firefox\Agile1pFF.elf
    c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Rick\AppData\Roaming\ubot
    c:\windows\Temp\tmp3.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Rick\AppData\Local\CrashDumps
    2012-02-18 23:46 . 2012-02-18 23:47 -------- d-----w- c:\users\Rick\AppData\Local\temp
    2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Stacey\AppData\Local\temp
    2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-02-18 23:46 . 2012-02-18 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-16 03:18 . 2012-02-16 03:18 100864 ----a-w- C:\pwacauoc.sys
    2012-02-15 23:39 . 2012-02-15 23:39 -------- d-----w- c:\users\Stacey\AppData\Roaming\Malwarebytes
    2012-02-15 21:04 . 2012-02-15 21:04 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-15 03:52 . 2012-02-15 03:52 388096 ----a-r- c:\users\Rick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-02-15 03:52 . 2012-02-15 03:52 -------- d-----w- c:\program files\Trend Micro
    2012-02-14 02:13 . 2011-11-24 02:23 35960 ----a-r- c:\windows\system32\drivers\SymIMV.sys
    2012-02-13 03:29 . 2012-02-13 03:29 -------- d-----w- c:\program files\Defraggler
    2012-02-10 02:22 . 2012-02-10 05:28 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-02-10 02:21 . 2012-02-10 05:28 -------- d-----w- c:\program files\Symantec
    2012-02-10 02:21 . 2012-02-10 02:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-02-10 01:56 . 2012-02-18 21:10 764654 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-10 01:55 . 2012-02-11 04:52 -------- d-----w- c:\windows\system32\drivers\NIS
    2012-02-10 01:55 . 2012-02-10 01:55 -------- d-----w- c:\program files\Norton Internet Security
    2012-02-10 01:55 . 2012-02-10 01:55 -------- d-----w- c:\program files\NortonInstaller
    2012-02-10 01:52 . 2012-02-10 02:31 -------- d--h--w- c:\users\Rick\AppData\Roaming\8C431
    2012-02-10 01:51 . 2012-02-10 02:30 -------- d--h--w- c:\users\Rick\AppData\Roaming\2DF8C
    2012-02-10 00:48 . 2012-02-10 00:54 -------- d--h--w- c:\program files\8C431
    2012-02-09 03:49 . 2012-02-09 03:49 -------- d--h--w- c:\users\Rick\AppData\Roaming\AVG2012
    2012-02-09 03:46 . 2012-02-10 01:47 -------- d--h--w- c:\programdata\AVG2012
    2012-02-08 08:44 . 2012-02-08 08:44 56200 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF33D93-5D95-428A-8C1A-48E799EA5184}\offreg.dll
    2012-02-08 05:09 . 2012-01-06 04:19 6557240 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF33D93-5D95-428A-8C1A-48E799EA5184}\mpengine.dll
    2012-02-06 02:51 . 2012-02-06 02:51 -------- d--h--w- c:\program files\Safari
    2012-01-31 06:03 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-31 06:03 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-31 06:03 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-31 06:03 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-31 06:03 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-31 06:03 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-22 22:40 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-22 22:40 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-22 22:40 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-22 22:37 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-22 22:37 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-22 22:37 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-22 22:36 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2012-01-22 22:36 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-27 07:21 . 2009-10-19 16:36 237072 ---h--w- c:\windows\system32\MpSigStub.exe
    2012-01-06 18:51 . 2010-01-20 02:17 29696 ---ha-w- c:\windows\system32\iolobtdfg.exe
    2012-01-06 18:51 . 2010-01-20 02:17 11776 ---ha-w- c:\windows\system32\smrgdf.exe
    2011-12-10 22:24 . 2010-01-30 01:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-10 20:26 . 2011-12-10 20:26 74703 ---ha-w- c:\windows\system32\mfc45.dll
    2011-11-23 13:37 . 2011-12-15 00:59 2043904 ----a-w- c:\windows\system32\win32k.sys
    2012-02-08 20:13 . 2012-02-12 03:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
    2010-12-31 23:35 2447360 ---ha-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ---ha-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
    "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2010-12-31 2844848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
    "Agile1pAgent"="c:\program files\1Password\Agile1pAgent.exe" [2012-01-31 2188552]
    .
    c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 ---ha-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
    - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
    .
    2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
    - c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-01 16:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:57293
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {{00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - {5D7B119E-062F-476B-A5E7-797FAF554BA2} - c:\progra~1\1PASSW~1\AGILE1~1.DLL
    TCP: DhcpNameServer = 192.168.1.1
    Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
    FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\
    FF - prefs.js: browser.startup.homepage - hxxp://digitalscrapbookpages.com/digitals/
    FF - prefs.js: network.proxy.http - 173.208.51.246:12243
    FF - prefs.js: network.proxy.http_port - 12243
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-18 16:46
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL51]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL51"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-02-18 17:09:07
    ComboFix-quarantined-files.txt 2012-02-19 00:09
    .
    Pre-Run: 108,855,570,432 bytes free
    Post-Run: 108,307,681,280 bytes free
    .
    - - End Of File - - A89500DDF6DC9575E27E1BBD2DB6DE54
     
  14. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    OTL logfile created on: 2/18/2012 6:06:24 PM - Run 1
    OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Rick\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.54% Memory free
    6.06 Gb Paging File | 4.71 Gb Available in Paging File | 77.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.17 Gb Total Space | 100.73 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

    Computer Name: MANNCLANNLAPTOP | User Name: Rick | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/18 18:02:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
    PRC - [2012/01/31 16:39:22 | 002,188,552 | ---- | M] (AgileBits) -- C:\Program Files\1Password\Agile1pAgent.exe
    PRC - [2012/01/31 16:39:16 | 000,768,776 | ---- | M] (AgileBits) -- C:\Program Files\1Password\Agile1pService.exe
    PRC - [2011/11/29 19:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    PRC - [2010/12/31 16:36:50 | 002,844,848 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
    PRC - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    PRC - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/03/21 10:18:00 | 000,115,008 | ---- | M] () -- C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll
    MOD - [2010/09/05 14:22:02 | 000,053,248 | ---- | M] () -- C:\Program Files\DAP\zlib.dll
    MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/31 16:39:16 | 000,768,776 | ---- | M] (AgileBits) [Auto | Running] -- C:\Program Files\1Password\Agile1pService.exe -- (Agile1Password)
    SRV - [2011/11/29 19:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2011/03/21 10:17:44 | 000,196,928 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
    SRV - [2010/09/14 04:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/09/14 04:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/05/21 04:27:04 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
    SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
    SRV - [2008/10/06 09:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/02/12 21:03:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120217.036\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/02/12 21:03:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120217.036\NAVENG.SYS -- (NAVENG)
    DRV - [2012/02/09 22:28:08 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/02/09 19:31:34 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/02/09 19:31:34 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/02/09 16:32:36 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120217.003\IDSvix86.sys -- (IDSVix86)
    DRV - [2012/02/07 06:18:36 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/11/23 19:23:47 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/11/23 19:23:20 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
    DRV - [2011/11/23 18:50:26 | 000,574,584 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SRTSP.SYS -- (SRTSP)
    DRV - [2011/11/23 18:50:26 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/11/16 20:37:59 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1305000.091\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/11/16 20:17:48 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\Ironx86.SYS -- (SymIRON)
    DRV - [2011/11/04 16:59:35 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\ccSetx86.sys -- (ccSet_NIS)
    DRV - [2011/07/25 19:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1305000.091\SYMDS.SYS -- (SymDS)
    DRV - [2010/09/14 04:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
    DRV - [2010/09/14 04:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
    DRV - [2010/09/14 04:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
    DRV - [2010/09/14 04:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
    DRV - [2010/06/22 19:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
    DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/12/20 00:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/12/15 20:04:24 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV - [2008/10/03 02:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/06/29 07:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2008/01/20 19:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2007/10/17 16:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57293

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://digitalscrapbookpages.com/digitals/"
    FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
    FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.8
    FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.4.2
    FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.1.3
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
    FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.77
    FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
    FF - prefs.js..extensions.enabledItems: launchClipboard@alice:1.8
    FF - prefs.js..extensions.enabledItems: hootsuite@hootsuite.com:0.6.1
    FF - prefs.js..extensions.enabledItems: rapportive@rapportive.com:1.2
    FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0
    FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.3.1
    FF - prefs.js..extensions.enabledItems: firefox@1passwd.com:1.0.4.173
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.1
    FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
    FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
    FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
    FF - prefs.js..network.proxy.http: "173.208.51.246:12243"
    FF - prefs.js..network.proxy.http_port: 12243
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rick\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/03/24 10:14:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2010/12/31 16:36:01 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/12/31 16:36:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/02/09 19:55:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/02/18 14:07:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 20:58:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/10 06:03:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/04/03 14:43:34 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/03/24 10:14:01 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2010/12/31 16:37:01 | 000,000,000 | ---D | M]

    [2010/11/07 08:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
    [2010/11/07 08:08:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/02/18 15:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions
    [2010/05/02 13:01:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/31 19:06:52 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
    [2011/01/06 20:28:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
    [2011/03/31 16:39:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\engine@conduit(80).com
    [2010/11/19 10:40:03 | 000,000,000 | ---D | M] ("BlackSheep") -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\jsobrier@zscaler.com
    [2010/11/22 21:03:30 | 000,000,000 | ---D | M] (Launch Clipboard) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\launchClipboard@alice
    [2010/02/24 20:26:40 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\noia2_option@kk.noia
    [2011/12/18 19:33:54 | 000,000,000 | ---D | M] (Rapportive) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\pnvm8p76.default\extensions\rapportive@rapportive.com
    [2012/02/11 20:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/09/04 09:16:32 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/31 20:21:06 | 000,000,000 | ---D | M] (1Password) -- C:\PROGRAM FILES\1PASSWORD\FIREFOX@1PASSWD.COM
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\ADONIS.CUHK@GMAIL.COM.XPI
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\HOOTSUITE@HOOTSUITE.COM.XPI
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\SEO4FIREFOX@SEOBOOK.COM.XPI
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\SEOTOOLBAR@SEOBOOK.COM.XPI
    () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PNVM8P76.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/02/08 13:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/08 10:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/08 10:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\9.0.597.107\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\9.0.597.107\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rick\AppData\Local\Google\Chrome\Application\9.0.597.107\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Rick\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Gloss Blue = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nheaocaplknjkpcnbadlgfpdfjaabiml\1.0_0\

    O1 HOSTS File: ([2012/02/18 16:46:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
    O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
    O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Agile1pAgent] C:\Program Files\1Password\Agile1pAgent.exe (AgileBits)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
    O4 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
    O9 - Extra 'Tools' menuitem : 1Password Ctrl+\ - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Program Files\1Password\Agile1pIE.dll (AgileBits)
    O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Program Files\iMacros\imacros.dll (iOpus Software GmbH)
    O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C07E7D7-601F-42E5-9888-EE5353F6A131}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKU\.DEFAULT Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
    O20 - HKU\S-1-5-18 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
     
  16. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/18 18:02:30 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
    [2012/02/18 17:09:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/18 17:09:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/18 17:09:10 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\temp
    [2012/02/18 16:46:38 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Local\CrashDumps
    [2012/02/18 16:19:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/18 16:19:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/18 16:19:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/18 15:04:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/18 13:57:09 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
    [2012/02/15 20:18:57 | 000,100,864 | ---- | C] (GMER) -- C:\pwacauoc.sys
    [2012/02/15 16:27:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rick\Desktop\dds.scr
    [2012/02/15 14:04:57 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/15 14:03:13 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\tdsskiller
    [2012/02/14 20:57:24 | 002,002,320 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rick\Desktop\HousecallLauncher.exe
    [2012/02/14 20:52:35 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/02/14 20:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2012/02/13 20:31:47 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/13 19:13:17 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
    [2012/02/12 20:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
    [2012/02/12 20:26:39 | 003,521,912 | ---- | C] (Piriform Ltd) -- C:\Users\Rick\Desktop\dfsetup209.exe
    [2012/02/09 22:27:26 | 000,345,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symtdiv.sys
    [2012/02/09 22:27:26 | 000,318,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symnets.sys
    [2012/02/09 22:27:25 | 000,905,336 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.sys
    [2012/02/09 22:27:24 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\symds.sys
    [2012/02/09 22:27:24 | 000,032,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.sys
    [2012/02/09 22:27:23 | 000,574,584 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.sys
    [2012/02/09 22:27:23 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ironx86.sys
    [2012/02/09 22:27:23 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.sys
    [2012/02/09 22:26:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1305000.091
    [2012/02/09 19:22:01 | 000,141,944 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012/02/09 19:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012/02/09 19:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/02/09 18:55:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
    [2012/02/09 18:55:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    [2012/02/09 18:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2012/02/09 18:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2012/02/09 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\8C431
    [2012/02/09 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\2DF8C
    [2012/02/09 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\8C431
    [2012/02/08 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\AVG2012
    [2012/02/08 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/02/05 19:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
    [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/02/18 18:03:58 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/18 18:03:58 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/18 18:02:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
    [2012/02/18 17:32:59 | 002,244,175 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
    [2012/02/18 16:46:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/18 16:40:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000UA.job
    [2012/02/18 15:40:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-900569667-3235452637-1988623051-1000Core.job
    [2012/02/18 14:13:23 | 000,000,512 | ---- | M] () -- C:\Users\Rick\Desktop\MBR.dat
    [2012/02/18 14:04:45 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2012/02/18 14:03:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/18 14:03:53 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/18 13:58:20 | 000,568,832 | ---- | M] () -- C:\Users\Rick\Desktop\BTKR_RunBox.exe
    [2012/02/18 13:57:49 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
    [2012/02/18 07:42:55 | 000,002,087 | ---- | M] () -- C:\Users\Rick\Desktop\Google Chrome.lnk
    [2012/02/16 21:26:34 | 436,426,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/15 20:18:57 | 000,100,864 | ---- | M] (GMER) -- C:\pwacauoc.sys
    [2012/02/15 17:53:45 | 000,302,592 | ---- | M] () -- C:\Users\Rick\Desktop\kcndg3kud.exe
    [2012/02/15 16:39:32 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/15 16:27:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rick\Desktop\dds.scr
    [2012/02/15 16:23:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/15 14:02:42 | 002,042,462 | ---- | M] () -- C:\Users\Rick\Desktop\tdsskiller.zip
    [2012/02/14 20:57:25 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rick\Desktop\HousecallLauncher.exe
    [2012/02/14 20:55:45 | 000,002,521 | ---- | M] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
    [2012/02/14 20:50:56 | 001,402,880 | ---- | M] () -- C:\Users\Rick\Desktop\HiJackThis.msi
    [2012/02/13 20:37:46 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
    [2012/02/12 20:29:05 | 000,001,752 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/02/12 20:27:47 | 003,521,912 | ---- | M] (Piriform Ltd) -- C:\Users\Rick\Desktop\dfsetup209.exe
    [2012/02/12 19:50:22 | 000,015,822 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120212_195010.reg
    [2012/02/12 19:34:56 | 000,012,962 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120212_193445.reg
    [2012/02/11 20:58:49 | 000,000,920 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/11 20:58:48 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/02/10 21:50:09 | 000,002,274 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/02/10 21:42:21 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
    [2012/02/09 22:28:09 | 000,007,468 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012/02/09 22:28:09 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012/02/09 22:28:08 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012/02/09 19:40:45 | 000,000,679 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/09 18:57:38 | 000,000,655 | ---- | M] () -- C:\Users\Rick\Desktop\System Check.lnk
    [2012/02/09 17:29:22 | 000,634,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/09 17:29:22 | 000,115,662 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/09 17:22:01 | 000,000,408 | ---- | M] () -- C:\Windows\System32\iolo.ini
    [2012/02/07 22:50:23 | 000,008,098 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120207_225013.reg
    [2012/02/05 17:14:22 | 000,001,686 | ---- | M] () -- C:\Users\Rick\Documents\cc_20120205_171413.reg
    [2012/01/31 20:46:44 | 000,000,966 | ---- | M] () -- C:\Users\Rick\Desktop\Dropbox.lnk
    [2012/01/31 20:46:44 | 000,000,946 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/01/31 20:21:12 | 000,000,866 | ---- | M] () -- C:\Users\Rick\Desktop\1Password.lnk
    [2012/01/30 22:19:21 | 000,000,600 | ---- | M] () -- C:\Users\Rick\AppData\Local\PUTTY.RND
    [2012/01/29 14:11:53 | 000,005,774 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\mainhst.zgh
    [2012/01/27 03:01:10 | 000,000,680 | ---- | M] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
    [2012/01/26 21:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/18 16:19:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/18 16:19:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/18 16:19:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/18 16:19:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/18 16:19:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/18 14:13:23 | 000,000,512 | ---- | C] () -- C:\Users\Rick\Desktop\MBR.dat
    [2012/02/18 13:58:09 | 000,568,832 | ---- | C] () -- C:\Users\Rick\Desktop\BTKR_RunBox.exe
    [2012/02/15 17:53:31 | 000,302,592 | ---- | C] () -- C:\Users\Rick\Desktop\kcndg3kud.exe
    [2012/02/15 16:39:32 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/15 14:02:36 | 002,042,462 | ---- | C] () -- C:\Users\Rick\Desktop\tdsskiller.zip
    [2012/02/14 20:52:35 | 000,002,521 | ---- | C] () -- C:\Users\Rick\Desktop\HiJackThis.lnk
    [2012/02/14 20:50:54 | 001,402,880 | ---- | C] () -- C:\Users\Rick\Desktop\HiJackThis.msi
    [2012/02/13 20:37:45 | 000,080,384 | ---- | C] () -- C:\Users\Rick\Desktop\MBRCheck.exe
    [2012/02/12 20:29:05 | 000,001,752 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
    [2012/02/12 19:50:15 | 000,015,822 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120212_195010.reg
    [2012/02/12 19:34:49 | 000,012,962 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120212_193445.reg
    [2012/02/11 20:58:49 | 000,000,920 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/02/11 20:58:48 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/02/11 20:58:47 | 000,000,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/10 21:50:09 | 000,002,274 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/02/10 21:42:21 | 002,244,175 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\Cat.DB
    [2012/02/10 21:42:21 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\VT20111023.023
    [2012/02/09 22:27:26 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnetv.cat
    [2012/02/09 22:27:26 | 000,001,469 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnetv.inf
    [2012/02/09 22:27:25 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.cat
    [2012/02/09 22:27:25 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.cat
    [2012/02/09 22:27:25 | 000,003,434 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symefa.inf
    [2012/02/09 22:27:25 | 000,001,441 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symnet.inf
    [2012/02/09 22:27:24 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.cat
    [2012/02/09 22:27:24 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symds.inf
    [2012/02/09 22:27:23 | 000,007,454 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.cat
    [2012/02/09 22:27:23 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.cat
    [2012/02/09 22:27:23 | 000,007,450 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.cat
    [2012/02/09 22:27:23 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtspx.inf
    [2012/02/09 22:27:23 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\srtsp.inf
    [2012/02/09 22:27:23 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\iron.inf
    [2012/02/09 22:27:22 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.cat
    [2012/02/09 22:27:22 | 000,000,827 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\ccsetx86.inf
    [2012/02/09 22:26:10 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\symvtcer.dat
    [2012/02/09 22:26:10 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1305000.091\isolate.ini
    [2012/02/09 19:40:40 | 000,000,679 | ---- | C] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/09 19:22:01 | 000,007,468 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012/02/09 19:22:01 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012/02/09 19:16:32 | 436,426,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 18:57:38 | 000,000,655 | ---- | C] () -- C:\Users\Rick\Desktop\System Check.lnk
    [2012/02/09 17:20:40 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/07 22:50:17 | 000,008,098 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120207_225013.reg
    [2012/02/05 17:14:18 | 000,001,686 | ---- | C] () -- C:\Users\Rick\Documents\cc_20120205_171413.reg
    [2011/12/10 13:26:13 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2011/07/12 19:45:26 | 000,000,408 | ---- | C] () -- C:\Windows\System32\iolo.ini
    [2011/05/07 17:09:36 | 000,000,600 | ---- | C] () -- C:\Users\Rick\AppData\Local\PUTTY.RND
    [2011/01/22 07:30:41 | 000,000,036 | ---- | C] () -- C:\Users\Rick\AppData\Local\housecall.guid.cache
    [2010/09/17 16:36:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2010/09/12 19:39:57 | 000,057,016 | ---- | C] () -- C:\Windows\System32\imsys.dll
    [2010/09/12 19:39:56 | 000,343,224 | ---- | C] () -- C:\Windows\System32\iimds.dll
    [2010/09/12 19:39:56 | 000,014,848 | ---- | C] () -- C:\Windows\System32\iimir.dll
    [2010/09/12 19:39:55 | 000,233,144 | ---- | C] () -- C:\Windows\System32\IMImage.dll
    [2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/07/30 08:25:10 | 000,000,680 | ---- | C] () -- C:\Users\Rick\AppData\Local\d3d9caps.dat
    [2010/07/24 20:15:24 | 000,016,384 | ---- | C] () -- C:\Users\Rick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/08 15:23:24 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2010/05/20 14:32:43 | 000,000,384 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
    [2010/04/30 14:08:04 | 000,000,153 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
    [2010/04/30 14:08:04 | 000,000,000 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
    [2010/03/22 07:54:29 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2010/03/01 03:01:00 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx16_ic.ini
    [2009/08/21 21:05:23 | 000,005,774 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\mainhst.zgh
    [2009/07/19 18:56:47 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

    ========== LOP Check ==========

    [2010/06/04 19:13:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\iolo
    [2010/06/04 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\TrueCrypt
    [2012/02/09 19:30:27 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\2DF8C
    [2012/02/09 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\8C431
    [2011/01/01 09:11:01 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Agile Web Solutions
    [2010/04/26 13:55:55 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AnvSoft
    [2011/12/10 14:05:26 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AVG
    [2012/02/08 20:49:21 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\AVG2012
    [2011/01/20 19:37:57 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\BitTorrent
    [2010/05/22 08:50:44 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Canon
    [2010/03/12 11:22:10 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\CoffeeCup Software
    [2011/04/02 17:47:27 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\DeskAlerts_{0960BB44-2943-4e39-872A-29DC1636040A}
    [2011/04/23 21:17:51 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\DoneEx
    [2011/05/22 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Downloaded Installations
    [2012/02/09 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Dropbox
    [2010/11/13 19:08:52 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\EasyLeadFinderv2
    [2012/02/12 19:48:45 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\FileZilla
    [2010/09/03 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\IBP
    [2011/07/12 19:44:24 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\iolo
    [2010/02/22 09:18:56 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\KaDonk
    [2010/09/14 19:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
    [2010/09/30 10:01:36 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\MySQL
    [2011/12/10 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Nitro PDF
    [2009/11/30 09:05:14 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\OpenOffice.org
    [2012/02/18 15:05:25 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\QuickScan
    [2010/11/30 19:31:49 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ScrapeBox Link Checker Free Edition
    [2011/04/04 17:47:15 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\SERPAttacks
    [2012/02/18 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\SoftGrid Client
    [2010/06/10 22:12:17 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TeamViewer
    [2010/05/20 14:32:46 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Template
    [2011/04/23 21:27:30 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TP
    [2010/11/24 12:23:46 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2010/06/13 17:17:31 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ZipGenius
    [2011/07/23 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Stacey\AppData\Roaming\iolo
    [2011/07/23 16:29:41 | 000,000,000 | ---D | M] -- C:\Users\Stacey\AppData\Roaming\SoftGrid Client
    [2012/02/18 14:02:52 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/01/26 21:31:11 | 000,000,728 | ---- | M] () -- C:\blitzblank.log
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/08/12 16:43:30 | 001,906,680 | ---- | M] (Codejock Software) -- C:\Codejock.Controls.Unicode.v15.1.3.ocx
    [2012/02/18 17:09:08 | 000,014,606 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/02/18 14:03:53 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/02/14 21:34:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/01/27 21:10:59 | 000,023,237 | ---- | M] () -- C:\JavaRa.log
    [2011/04/08 18:43:53 | 000,000,024 | ---- | M] () -- C:\license.txt
    [2012/02/15 17:28:14 | 000,003,740 | ---- | M] () -- C:\mbam-log-2012-02-15 (16-41-44).txt
    [2011/02/14 21:34:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/02/18 14:03:51 | 3462,864,896 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/15 20:18:57 | 000,100,864 | ---- | M] (GMER) -- C:\pwacauoc.sys
    [2010/06/06 13:16:10 | 000,000,755 | ---- | M] () -- C:\Sys_LogWin.log
    [2012/02/15 14:05:20 | 000,084,684 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_14.04.08_log.txt
    [2012/02/15 16:32:26 | 000,082,048 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_15.02.2012_16.31.36_log.txt
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/11/03 08:24:25 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/04/30 19:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD92.DLL
    [2007/04/30 19:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP92.DLL
    [2010/09/02 15:17:50 | 000,196,608 | ---- | M] (Eastman Kodak Company) -- C:\Windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
    [2008/08/12 09:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp082.dll
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/02/10 14:41:46 | 000,001,658 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2006/11/17 22:24:06 | 000,066,046 | ---- | M] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/18 13:57:49 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
    [2012/02/18 13:58:20 | 000,568,832 | ---- | M] () -- C:\Users\Rick\Desktop\BTKR_RunBox.exe
    [2012/02/12 20:27:47 | 003,521,912 | ---- | M] (Piriform Ltd) -- C:\Users\Rick\Desktop\dfsetup209.exe
    [2011/01/25 19:48:25 | 000,296,448 | ---- | M] () -- C:\Users\Rick\Desktop\GMERpipyxxhd.exe
    [2012/02/14 20:57:25 | 002,002,320 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rick\Desktop\HousecallLauncher.exe
    [2010/09/05 15:57:36 | 005,487,504 | ---- | M] () -- C:\Users\Rick\Desktop\HSS-1.49-install-webroot-225-conduit.exe
    [2010/09/05 17:10:48 | 005,487,504 | ---- | M] () -- C:\Users\Rick\Desktop\HSS-1.49-install-webroot-225-conduit[1].exe
    [2012/02/15 17:53:45 | 000,302,592 | ---- | M] () -- C:\Users\Rick\Desktop\kcndg3kud.exe
    [2012/02/15 16:23:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/02/13 20:37:46 | 000,080,384 | ---- | M] () -- C:\Users\Rick\Desktop\MBRCheck.exe
    [2011/11/30 10:30:05 | 128,933,888 | ---- | M] () -- C:\Users\Rick\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
    [2012/02/18 18:02:31 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
    [2010/06/10 22:46:27 | 006,936,830 | ---- | M] ( ) -- C:\Users\Rick\Desktop\setup.exe
    [2011/01/25 20:47:59 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/17 07:54:29 | 000,000,402 | -HS- | M] () -- C:\Users\Rick\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/02/18 14:04:45 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2011/11/05 07:35:52 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
    [2011/02/14 22:30:36 | 000,006,526 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/04/30 14:08:04 | 000,000,000 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
    [2010/04/30 14:08:04 | 000,000,153 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
    [2009/07/19 18:59:53 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/04/20 05:24:54 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/07/19 18:59:02 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/04/20 05:19:15 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/07/19 18:57:17 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/07/19 18:59:32 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/04/20 05:17:35 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/04/20 05:24:26 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/07/19 19:00:02 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 268 bytes -> C:\ProgramData\Temp:2B11E0DF
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F35A93AD

    < End of report >
     
  17. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    OTL Extras logfile created on: 2/18/2012 6:06:24 PM - Run 1
    OTL by OldTimer - Version 3.2.33.0 Folder = C:\Users\Rick\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 56.54% Memory free
    6.06 Gb Paging File | 4.71 Gb Available in Paging File | 77.72% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 287.17 Gb Total Space | 100.73 Gb Free Space | 35.08% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.82 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

    Computer Name: MANNCLANNLAPTOP | User Name: Rick | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{15142F5F-7C3A-44D5-85E7-FD23921C5528}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{271E284E-1BB7-457B-9142-957B598C4FE8}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2928F4E0-A165-4E84-B224-471F2E0E7FA0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3EC535F2-BC1E-4BA0-BBEE-80CC5CD3B31C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4523AFEF-E422-4475-8499-127CB3013A20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4D3243ED-D8C1-4B73-8878-531AB806B0A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{4DBAE02F-C8C8-4D74-BF9E-C17CA24E3558}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{519CE014-B082-4FB7-B2A4-C0ADB76E142F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{61E792CF-13BC-4E0E-B2D5-3D99DB1E5B92}" = rport=137 | protocol=17 | dir=out | app=system |
    "{7089D2BD-A2E4-4374-9DA9-5A19866ED0D3}" = lport=445 | protocol=6 | dir=in | app=system |
    "{792A320F-1AED-4212-BB6F-8308B19CCE29}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7F333E99-EDF8-473E-B86B-1AEE04AC0DCE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{84C6B7E1-DBEB-475C-9AFA-76062A838C3D}" = lport=138 | protocol=17 | dir=in | app=system |
    "{AA63AD45-A1EC-46D4-B5AC-8A92987AA064}" = rport=445 | protocol=6 | dir=out | app=system |
    "{B574F6C6-60ED-4E87-8D32-B54E2ABD6B23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{B5B6F440-7A12-4DFF-9737-AB522544BD4B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{C7D2F04B-30C4-433E-8921-EFC658A199E1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D0B03161-C333-4E45-8FE8-9AD273F6BE89}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{D5D30B6C-09B7-42B7-B9F9-8B12BFE8F180}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{DC87CC94-B5E7-41D0-9781-A7828539C8C7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F3A7161A-5488-4593-A7EC-6C140CD41A93}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FDC4452C-EB51-4AD5-A4BD-B70908FF28E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{13740FFF-A484-498A-A20E-0F22441EDF7A}" = protocol=6 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
    "{21A56D28-C3FE-4928-A916-3EA2034B54B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{2F06A6A2-BB56-4222-A42F-A7046614141A}" = dir=in | app=e:\setup\hpznui01.exe |
    "{306CE2B3-375E-4A82-B95D-2403984C32DE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{41B45893-1D5C-4474-AAB5-A901917431E5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{4A34CEA6-E59D-4765-B066-E74C34B4020C}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
    "{4C606A07-0F90-4C5C-A254-714187AE2F13}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4CC34291-90C7-4C4C-ACE7-DA899DE88156}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
    "{4D7F516A-8B06-4CA2-B416-5823080BAE52}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{564CCE0F-DA65-4336-B266-9510A707094E}" = protocol=6 | dir=in | app=c:\users\rick\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{67BC386C-E4CB-4E43-AD68-7044042B3304}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{6C90C03C-4D81-41C9-94FB-DDCEA4E205A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6E4BBC9D-AA60-4790-A2CB-FE22B7A65C03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{8D75A7F9-6E83-45E0-AD68-C52F97EB7B94}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{9317517A-E325-4FE8-8E65-1F780A0099EF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
    "{97D24841-A589-4966-A98E-3FDC40C541C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A53A9578-4F19-4DD2-A5A4-280377D52B77}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A5D84A2C-070D-46E3-A637-E2109ADB700C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{A89B0245-F75E-4E66-BCC0-50A277E3629C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
    "{ABAC187F-6940-4908-B437-5D511B8E2F78}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{B4AC5C31-A52E-4BAE-9250-3002230F3A40}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{BA973A2C-8098-4F8C-BEB1-47A61B35A232}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{BC707160-3FBA-4CE4-AA07-D28E76056939}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D39D1015-DF82-442D-88FB-7208E158DD69}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{E1BD6AD5-1400-4340-B5BA-BACD6F880A9A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{E2B392C5-25B7-4397-A79E-F95C8CF93A35}" = protocol=17 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
    "{E7CBB595-848B-433E-8342-9DD5EDD98329}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E9D0364B-20F2-437E-9DC3-9E9BE7271E0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{EA51B807-3A5B-4FD2-8123-0BC69825E200}" = protocol=6 | dir=in | app=c:\program files\iolo\system mechanic professional\sysmech.exe |
    "{F1AB2F7A-209E-4071-9317-B365213E3B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{F61C4FFE-AC6A-492D-9539-6C6FFEAD9AD7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{F76339C9-47B7-443F-AA7B-9AF35293D2F4}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{F9215783-162A-486F-8D2F-673D89B5BA65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{FB394EC6-CFDB-44BF-95B0-2FFAD4EA0E47}" = protocol=17 | dir=in | app=c:\users\rick\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{FCF532A2-76CD-4FE3-9D5C-DDA5AD22C6F2}" = protocol=17 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{58955F7B-D670-4183-B872-8E13D3679301}C:\xampp1\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp1\xampp\mysql\bin\mysqld.exe |
    "TCP Query User{88D7522A-C06D-4F0B-BEDB-F86D71497508}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
    "TCP Query User{C1B4590A-1A03-43B8-9797-CA088A90665E}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{E1C416AF-B3C3-4234-9EA1-201846AB22F6}C:\program files\coffeecup software\coffeecup free html editor\coffee.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\coffeecup free html editor\coffee.exe |
    "UDP Query User{2D23F0B8-DBAB-4410-AE14-12D469CF4023}C:\program files\coffeecup software\coffeecup free html editor\coffee.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffeecup free html editor\coffee.exe |
    "UDP Query User{7179FBDF-3F18-422E-9D79-7C4F37023E1C}C:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\rick\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{A04B76B9-F447-4E6A-AE0B-3E308EAEEEB2}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
    "UDP Query User{D8BED047-3864-46A6-845C-57AAD698C554}C:\xampp1\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp1\xampp\mysql\bin\mysqld.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
    "{04B2B238-7763-45A8-96AD-458EA749466C}" = e-Sword
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
    "{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1EA0260A-CE18-A022-DF3A-0AF6136B226E}" = Market Samurai
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 25
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
    "{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZero Preloader
    "{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
    "{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5CDF6674-78CA-4B1F-A3CA-BA7EAC6E4E0B}" = Nitro PDF Professional
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
    "{665CBCA4-5AB0-414B-A288-3F8F99FEFC45}" = HP User Guides 0118
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C3CDCA6-8B91-45A6-B704-522A1BFB67D9}" = MySQL Server 5.1
    "{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E55813F-2FA3-47E8-9AF9-31DC0B4AE3ED}" = Mindjet MindManager Viewer 7
    "{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB3D78B7-8066-465A-82A8-5F3751564457}_is1" = S3 Ripper 1.3
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
    "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
    "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F3E09EC5-EB20-4667-83D0-FF61AC087434}" = TweetAttacks
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
    "{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
    "{F7F23DFB-31E1-B7EC-7A6D-7668B595ADAE}" = FlipShare
    "{F81BC54F-0272-42B4-8237-F5D091421B9B}" = SERPAssist
    "{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1Password_is1" = 1Password 1.0.9.272
    "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVIGenerator V1.0.0.0_is1" = AVIGenerator V1.0.0.0
    "AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS Video Editor 4_is1" = AVS Video Editor 4
    "AVS Video Recorder_is1" = AVS Video Recorder 2.4
    "AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "CCleaner" = CCleaner
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
    "CoffeeCup HTML Editor" = CoffeeCup HTML Editor
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Defraggler" = Defraggler
    "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
    "FileZilla Client" = FileZilla Client 3.5.3
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Hide My ***! Pro" = Hide My ***! Pro 1.8
    "HP Document Manager" = HP Document Manager 2.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 12.0
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
    "HPExtendedCapabilities" = HP Customer Participation Program 12.0
    "HPOCR" = OCR Software by I.R.I.S. 12.0
    "IBP11_is1" = IBP 11.7.4
    "IIM5_is1" = iMacros V6.90
    "iLuminaPremium" = iLumina Gold Premium
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
    "Mozilla Firefox 4.0b12 (x86 en-US)" = Mozilla Firefox 4.0b12 (x86 en-US)
    "NIS" = Norton Internet Security
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Playback_is1" = Playback 2.3.0.4
    "seopowersuite" = Rank Tracker
    "SERPAttacks_is1" = SERPAttacks
    "SpeedBit Video Downloader" = SpeedBit Video Downloader
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamViewer 5" = TeamViewer 5
    "TheBestSpinner" = TheBestSpinner
    "VLC media player" = VLC media player 1.1.7
    "WampServer 2_is1" = WampServer 2.0
    "WildTangent hp Master Uninstall" = My HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinMerge_is1" = WinMerge 2.12.4
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-900569667-3235452637-1988623051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    I can't proceed.
    You didn't say:
    [​IMG]
     
  19. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    Everything seems to be doing well now except I still don't seen anything in the start menu. If I click "all programs" everything is there but nothing shows if I just click the start menu.

    Thanks for everything you have done.

    Rick
     
  20. Broni

    Broni Malware Annihilator Posts: 47,630   +267

  21. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    Yes, That is exactly what the issue is and the instructions in the manual work perfectly.

    Thanks

    Rick
     
  22. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Cool :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:62061
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
      O9 - Extra 'Tools' menuitem : iMacros Web Automation - {0483894E-2422-45E0-8384-021AFF1AF3CD} - Reg Error: Value error. File not found
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-900569667-3235452637-1988623051-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
      O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
      O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\2DF8C\DD73C.exe) - File not found
      [2012/02/09 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\8C431
      [2012/02/09 18:51:29 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\2DF8C
      [2012/02/09 17:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\8C431
      [2012/02/08 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\AVG2012
      [2012/02/08 20:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
      [2012/02/09 19:40:45 | 000,000,679 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2012/02/09 18:57:38 | 000,000,655 | ---- | M] () -- C:\Users\Rick\Desktop\System Check.lnk
      @Alternate Data Stream - 268 bytes -> C:\ProgramData\Temp:2B11E0DF
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
      @Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F35A93AD
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. mannclann

    mannclann TS Rookie Topic Starter Posts: 20

    I don't seem to be able to update Java. I tried both installers, local and online and get the same error both times which is an installer error.

    Should I remove the old java with the javara and try again?

    Thanks

    Rick
     
  24. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    Yeah, go ahead with JavaRa first.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,630   +267

    I still need OTL fix log.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.