TechSpot

IE keeps popping up; I use google chrome

Inactive
By princessdaedae
Feb 13, 2011
Topic Status:
Not open for further replies.
  1. My brother-in-law was watching a stupid video on my laptop. Since that day Internet Explorer has been popping up. I've read through the revised 8 steps process & this is what I have. (gmer appears to come up blank even though I did it 3 times.) I also have the "attach" log but it says do not post unless specifically instructed. If requested, zip it up and attach it"

    Can you help?


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5752

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/13/2011 3:25:04 AM
    mbam-log-2011-02-13 (03-25-04).txt

    Scan type: Full scan (C:\|D:\|G:\|Q:\|)
    Objects scanned: 301027
    Time elapsed: 39 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CE8SIIFGSU (Trojan.FakeAlert) -> Value: CE8SIIFGSU -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\Ojaraa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.





    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by DaeDae at 6:46:58.21 on Sun 02/13/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2482 [GMT -10:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    C:\Users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\DaeDae\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Google Update] "C:\Users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [MobiLink3] C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: {2950CA20-07C8-4FC9-B9A7-190C89F5ED6F} = 68.28.50.91 68.28.58.92
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    LSA: Notification Packages = DPPassFilter scecli
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-15 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 202752]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-2-13 135336]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-2-13 267944]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-2-13 83120]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-8-24 82432]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-4-16 6403584]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-16 188928]
    R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-24 32880]
    R3 NWVMModem;Virgin Mobile USB Modem Driver;C:\Windows\System32\drivers\nwvmmdm.sys [2009-5-15 213376]
    R3 NWVMPort;Virgin Mobile USB Status Port Driver;C:\Windows\System32\drivers\nwvmser.sys [2009-5-15 213376]
    R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;C:\Windows\System32\drivers\nwvmser2.sys [2009-5-15 213376]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-15 239136]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-11-15 38456]
    S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/16 00:13:21;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-11-15 245232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-11-15 295424]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-29 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

    =============== Created Last 30 ================

    2011-02-13 12:14:42 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\Malwarebytes
    2011-02-13 12:07:13 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-13 12:07:11 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2011-02-13 12:07:08 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-02-13 12:07:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-02-13 10:34:36 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\Avira
    2011-02-13 10:27:56 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-02-13 10:27:55 -------- d-----w- C:\Program Files (x86)\Avira
    2011-02-13 10:27:55 -------- d-----w- C:\PROGRA~3\Avira
    2011-02-12 19:45:19 -------- d-----w- C:\PROGRA~3\{23D58E70-3B83-4B83-A227-68770F84F5EC}
    2011-02-12 08:17:16 129024 ------w- C:\Windows\Ojaraa.exe
    2011-02-12 04:40:41 -------- d-----w- C:\Users\DaeDae\AppData\Local\Adobe
    2011-02-12 03:46:57 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E1E1CAF4-5307-4EDB-82DA-75313269A6B1}\mpengine.dll
    2011-02-09 06:04:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2011-02-07 05:17:42 -------- d-----w- C:\PROGRA~3\Recovery
    2011-02-06 01:58:33 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
    2011-02-05 23:46:32 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\SoftGrid Client
    2011-02-05 23:46:32 -------- d-----w- C:\Users\DaeDae\AppData\Local\SoftGrid Client
    2011-02-05 23:45:44 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
    2011-02-05 23:45:29 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\TP
    2011-02-02 06:00:38 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2011-02-01 08:19:35 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\Macrovision
    2011-02-01 05:31:41 -------- d-----w- C:\Program Files (x86)\Audible
    2011-01-31 20:21:42 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\ICAClient
    2011-01-31 20:18:00 73728 ----a-r- C:\Users\DaeDae\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
    2011-01-31 20:18:00 73728 ----a-r- C:\Users\DaeDae\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    2011-01-31 20:17:58 -------- d-----w- C:\Users\DaeDae\AppData\Local\Citrix
    2011-01-31 09:02:30 -------- d-----w- C:\Users\DaeDae\AppData\Local\HP MediaSmart Video
    2011-01-30 20:35:49 -------- d-----w- C:\Users\DaeDae\AppData\Local\CutePDF Writer
    2011-01-30 02:59:53 -------- d-----w- C:\Users\DaeDae\AppData\Local\Apple Computer
    2011-01-30 02:59:45 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-01-30 02:59:45 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-01-30 02:59:45 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-01-30 02:59:31 -------- d-----w- C:\Program Files\iTunes
    2011-01-30 02:59:31 -------- d-----w- C:\Program Files\iPod
    2011-01-30 02:59:31 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-01-30 02:59:31 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2011-01-30 02:58:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2011-01-30 02:58:04 -------- d-----w- C:\Users\DaeDae\AppData\Local\Apple
    2011-01-30 02:57:39 -------- d-----w- C:\Program Files\Bonjour
    2011-01-30 02:57:39 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-01-30 02:47:25 -------- d-----w- C:\Users\DaeDae\AppData\Local\Yahoo
    2011-01-30 02:22:45 -------- d-----w- C:\Program Files (x86)\Yahoo!
    2011-01-30 02:13:30 -------- d-----r- C:\Program Files (x86)\Skype
    2011-01-30 01:37:47 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-01-30 01:31:22 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-01-30 01:31:22 -------- d-----w- C:\Windows\System32\Wat
    2011-01-29 08:52:57 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-01-29 08:52:57 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-01-29 08:52:57 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-01-29 08:52:57 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-01-29 08:52:57 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-01-29 08:52:57 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-01-29 08:52:56 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-01-29 08:52:56 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-01-29 08:52:56 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-01-29 08:52:56 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-01-29 08:48:17 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2011-01-29 08:48:17 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
    2011-01-29 07:09:44 41280 ----a-w- C:\Windows\System32\drivers\PCASp50a64.sys
    2011-01-29 07:09:15 -------- d-----w- C:\PROGRA~3\Novatel Wireless
    2011-01-29 07:07:53 -------- d-----w- C:\Program Files (x86)\Novatel Wireless
    2011-01-29 07:06:52 -------- d-----w- C:\Users\DaeDae\AppData\Local\Downloaded Installations
    2011-01-29 03:00:19 -------- d-----w- C:\Program Files (x86)\GPLGS
    2011-01-29 02:59:42 85504 ----a-w- C:\Windows\System32\cpwmon64.dll
    2011-01-29 02:59:41 -------- d-----w- C:\Program Files (x86)\Acro Software
    2011-01-29 02:59:34 -------- d-----w- C:\Program Files (x86)\Ask.com
    2011-01-29 02:43:59 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2011-01-29 02:40:05 -------- d-----w- C:\Users\DaeDae\AppData\Local\Google
    2011-01-29 02:34:21 -------- d-----w- C:\Users\DaeDae\AppData\Local\Deployment
    2011-01-29 02:34:21 -------- d-----w- C:\Users\DaeDae\AppData\Local\Apps
    2011-01-28 06:24:27 -------- d-----w- C:\Users\DaeDae\AppData\Local\IsolatedStorage
    2011-01-28 06:14:57 -------- d-----w- C:\Users\DaeDae\AppData\Local\ATI
    2011-01-28 06:14:50 -------- d-----w- C:\Users\DaeDae\AppData\Roaming\hpqLog
    2011-01-28 06:07:32 -------- d-----w- C:\Users\DaeDae\AppData\Local\Hewlett-Packard
    2011-01-28 06:03:57 -------- d-----w- C:\Users\DaeDae\AppData\Local\VirtualStore

    ==================== Find3M ====================

    2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
    2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
    2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
    2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
    2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
    2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
    2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
    2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
    2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
    2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
    2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
    2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
    2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
    2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
    2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
    2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
    2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-30 03:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 03:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-16 08:55:11 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2010-11-16 08:55:11 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
    2010-11-16 08:55:01 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2010-11-16 08:53:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2010-11-16 08:53:10 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2010-11-16 08:53:10 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2010-11-16 08:10:11 0 ----a-w- C:\Windows\ativpsrm.bin

    ============= FINISH: 6:47:48.15 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Attach.txt part of DDS is missing.
  3. princessdaedae

    princessdaedae TS Rookie Topic Starter

    Thank you

    I've read your response, and will do what ever you tell me to do. Did you want me to copy+paste the "attached" log from the DDS?
  4. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Yes. All logs have to be pasted.
  5. princessdaedae

    princessdaedae TS Rookie Topic Starter

    Attached



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/27/2011 7:57:45 PM
    System Uptime: 2/13/2011 3:27:10 AM (3 hours ago)

    Motherboard: Hewlett-Packard | | 143F
    Processor: AMD Phenom(tm) II P840 Triple-Core Processor | Socket S1G4 | 798/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 576 GiB total, 532.896 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 2.88 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP11: 1/31/2011 10:17:31 AM - Installed Citrix XenApp Web Plugin
    RP12: 2/1/2011 8:00:16 PM - Windows Update
    RP13: 2/4/2011 11:29:15 AM - Windows Update
    RP14: 2/7/2011 9:25:50 PM - Windows Update
    RP15: 2/8/2011 12:09:26 AM - Windows Update
    RP16: 2/8/2011 7:43:31 PM - Windows Update
    RP17: 2/9/2011 12:20:24 AM - Windows Update
    RP18: 2/11/2011 5:46:15 PM - Windows Update
    RP19: 2/11/2011 11:15:27 PM - Removed Adobe Reader 9.4.2 MUI.
    RP20: 2/11/2011 11:16:55 PM - Removed Adobe Reader 9.4.2 MUI.
    RP21: 2/11/2011 11:20:28 PM - HPSF Restore Point
    RP22: 2/12/2011 9:40:56 AM - HPSF Applying updates
    RP23: 2/12/2011 9:45:27 AM - Installed HP Support Assistant
    RP24: 2/12/2011 9:47:43 AM - Windows Modules Installer
    RP25: 2/12/2011 9:48:44 AM - Windows Modules Installer

    ==== Installed Programs ======================

    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player 11.5
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Atheros Driver Installation Program
    Audible Download Manager
    Avira AntiVir Personal - Free Antivirus
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Broadband2Go
    Build-a-lot 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Citrix XenApp Web Plugin
    CyberLink DVD Suite
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    DVD Menu Pack for HP MediaSmart Video
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    FATE
    Final Drive Nitro
    Google Chrome
    Heroes of Hellas 2 - Olympia
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP DVB-T TV Tuner 8.0.64.43
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP MediaSmart/TouchSmart Netflix
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    HPAsset component for HP Active Support Library
    Hulu Desktop
    IDT Audio
    InstallVC90Support
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Movie Theme Pack for HP MediaSmart Video
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek USB 2.0 Card Reader
    Recovery Manager
    Roxio CinemaNow 2.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Skype Toolbars
    Skype™ 5.1
    Times Reader
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Virgin Mobile Broadband Modem Drivers
    Virtual Families
    Virtual Villagers - The Secret City
    Wheel of Fortune 2
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Zuma Deluxe

    ==== Event Viewer Messages From Past Week ========

    2/9/2011 7:36:13 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    2/13/2011 6:26:34 AM, Error: RasMan [20276] - CoId={2AB53B3E-2D8F-4F6B-AD5B-CB2388BDAD62}: Layer=PPP: SubLayer=LCP: The connection attempt failed on port: COM5 because of the authentication protocol selected. Check to see if the authentication protocol is supported in the operating systems at the client and server ends of the connection
    2/13/2011 12:28:15 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    2/12/2011 9:54:17 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147024882
    2/11/2011 10:45:27 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. princessdaedae

    princessdaedae TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Hewlett-Packard
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6 Notebook PC
    Logical Drives Mask: 0x0001007c

    Kernel Drivers (total 205):
    0x02C54000 \SystemRoot\system32\ntoskrnl.exe
    0x02C0B000 \SystemRoot\system32\hal.dll
    0x00B96000 \SystemRoot\system32\kdcom.dll
    0x00CE7000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CF4000 \SystemRoot\system32\PSHED.dll
    0x00D08000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00EBA000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F5E000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F6D000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00FC4000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00FCD000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E55000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E6A000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00D66000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E7F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00E99000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00DC2000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00EA2000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x00FD7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00FE7000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x010F1000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0113D000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01255000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01151000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x0121A000 \SystemRoot\System32\drivers\pcw.sys
    0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x014EA000 \SystemRoot\system32\drivers\ndis.sys
    0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01602000 \SystemRoot\System32\drivers\tcpip.sys
    0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x014D5000 \SystemRoot\System32\Drivers\spldr.sys
    0x011AF000 \SystemRoot\System32\drivers\rdyboost.sys
    0x015DC000 \SystemRoot\System32\Drivers\mup.sys
    0x015EE000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x014DD000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
    0x0184D000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01887000 \SystemRoot\system32\DRIVERS\disk.sys
    0x0189D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x018CD000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x0190D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01937000 \SystemRoot\System32\Drivers\Null.SYS
    0x01940000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01947000 \SystemRoot\System32\drivers\vga.sys
    0x01955000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0197A000 \SystemRoot\System32\drivers\watchdog.sys
    0x0198A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01993000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x0199C000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x019A5000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x019B0000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x019C1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x019DF000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02CF9000 \SystemRoot\system32\drivers\afd.sys
    0x02D83000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02DC8000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02DD1000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02C16000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C25000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02C40000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02C54000 \SystemRoot\system32\ntoskrnl.exe
    0x02CA5000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02CB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02CBC000 \SystemRoot\System32\drivers\discache.sys
    0x02CCB000 \SystemRoot\System32\Drivers\dfsc.sys
    0x019EC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01800000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x01822000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x01235000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x03696000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x03EE0000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x036CA000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x0454F000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04595000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04800000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x04989000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x049E2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x049EF000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03E56000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x03E63000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03E74000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x03E92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03600000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x049FA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x03EA1000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x045B9000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x045C8000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
    0x045D4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x045D9000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x045E2000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x045F2000 \SystemRoot\system32\DRIVERS\clwvd.sys
    0x03653000 \SystemRoot\system32\DRIVERS\ks.sys
    0x045F9000 \SystemRoot\system32\drivers\ksthunk.sys
    0x037BE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x037D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x02CE9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x010BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x00CC0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04AFD000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04B1E000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04B38000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04B3A000 \SystemRoot\system32\DRIVERS\circlass.sys
    0x04B4C000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04B5E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04BB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04BCD000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x04A00000 \SystemRoot\system32\drivers\portcls.sys
    0x04A3D000 \SystemRoot\system32\drivers\drmk.sys
    0x04A5F000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x04AE1000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x04BF0000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04996000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x049A4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04AF2000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x049B0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05C04000 \SystemRoot\System32\Drivers\RtsUStor.sys
    0x05C41000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05C5E000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x05C8C000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00510000 \SystemRoot\System32\TSDDD.dll
    0x006E0000 \SystemRoot\System32\cdd.dll
    0x00970000 \SystemRoot\System32\ATMFD.DLL
    0x05C9A000 \SystemRoot\system32\drivers\luafv.sys
    0x05CBD000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x05CDA000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
    0x05CE5000 \SystemRoot\system32\drivers\WudfPf.sys
    0x05D06000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x05D1B000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x05D6E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x05D81000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x06041000 \SystemRoot\system32\drivers\HTTP.sys
    0x06124000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x06142000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0615A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06187000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x061D5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06A31000 \??\C:\Windows\system32\Drivers\rikvm_C6F09094.sys
    0x0807B000 \SystemRoot\system32\drivers\peauth.sys
    0x08121000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0812C000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
    0x08000000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    0x0804D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x081E3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x05D99000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x08815000 \SystemRoot\System32\DRIVERS\srv.sys
    0x088AB000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    0x088B6000 \SystemRoot\system32\DRIVERS\nwvmmdm.sys
    0x088EB000 \SystemRoot\system32\drivers\modem.sys
    0x088FA000 \SystemRoot\system32\DRIVERS\nwvmser.sys
    0x0892F000 \SystemRoot\system32\DRIVERS\nwvmser2.sys
    0x08964000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x0897F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x089B0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x09A88000 \SystemRoot\system32\drivers\spsys.sys
    0x77B90000 \Windows\System32\ntdll.dll
    0x478F0000 \Windows\System32\smss.exe
    0xFFEB0000 \Windows\System32\apisetschema.dll
    0xFF810000 \Windows\System32\autochk.exe
    0xFFD70000 \Windows\System32\wininet.dll
    0x77A90000 \Windows\System32\user32.dll
    0xFFC40000 \Windows\System32\rpcrt4.dll
    0xFFBC0000 \Windows\System32\difxapi.dll
    0xFFBB0000 \Windows\System32\nsi.dll
    0xFFB60000 \Windows\System32\ws2_32.dll
    0xFFB40000 \Windows\System32\sechost.dll
    0xFFAC0000 \Windows\System32\shlwapi.dll
    0xFFA70000 \Windows\System32\Wldap32.dll
    0xFF9D0000 \Windows\System32\clbcatq.dll
    0xFF8C0000 \Windows\System32\msctf.dll
    0xFF6E0000 \Windows\System32\setupapi.dll
    0xFF6C0000 \Windows\System32\imagehlp.dll
    0x77D60000 \Windows\System32\psapi.dll
    0xFF4B0000 \Windows\System32\ole32.dll
    0x77970000 \Windows\System32\kernel32.dll
    0xFF410000 \Windows\System32\comdlg32.dll
    0xFF290000 \Windows\System32\urlmon.dll
    0xFF220000 \Windows\System32\gdi32.dll
    0x77D50000 \Windows\System32\normaliz.dll
    0xFF210000 \Windows\System32\lpk.dll
    0xFF130000 \Windows\System32\advapi32.dll
    0xFE3A0000 \Windows\System32\shell32.dll
    0xFE140000 \Windows\System32\iertutil.dll
    0xFE0A0000 \Windows\System32\msvcrt.dll
    0xFDFC0000 \Windows\System32\oleaut32.dll
    0xFDEF0000 \Windows\System32\usp10.dll
    0xFDEC0000 \Windows\System32\imm32.dll
    0xFDE80000 \Windows\System32\wintrust.dll
    0xFDD10000 \Windows\System32\crypt32.dll
    0xFDCF0000 \Windows\System32\devobj.dll
    0xFDCB0000 \Windows\System32\cfgmgr32.dll
    0xFDC40000 \Windows\System32\KernelBase.dll
    0xFDBA0000 \Windows\System32\comctl32.dll
    0xFDB90000 \Windows\System32\msasn1.dll
    0x76830000 \Windows\SysWOW64\normaliz.dll

    Processes (total 94):
    0 System Idle Process
    4 System
    268 C:\Windows\System32\smss.exe
    380 csrss.exe
    460 C:\Windows\System32\wininit.exe
    492 csrss.exe
    516 C:\Windows\System32\services.exe
    532 C:\Windows\System32\lsass.exe
    540 C:\Windows\System32\lsm.exe
    664 C:\Windows\System32\svchost.exe
    780 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\atiesrxx.exe
    884 C:\Windows\System32\winlogon.exe
    932 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    296 C:\Program Files\IDT\WDM\stacsv64.exe
    1092 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\atieclxx.exe
    1164 C:\Windows\System32\hpservice.exe
    1316 C:\Windows\System32\atibtmon.exe
    1340 C:\Windows\System32\vcsFPService.exe
    1396 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\wlanext.exe
    1496 C:\Windows\System32\conhost.exe
    1592 C:\Windows\System32\spoolsv.exe
    1620 C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    1684 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1748 C:\Windows\System32\svchost.exe
    1900 C:\Windows\System32\svchost.exe
    1928 C:\Program Files\IDT\WDM\AESTSr64.exe
    1956 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    1984 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2012 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2044 C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    1124 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    1308 C:\Windows\System32\conhost.exe
    2116 C:\Windows\System32\taskhost.exe
    2236 C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
    2252 C:\Windows\System32\dwm.exe
    2292 C:\Windows\explorer.exe
    2464 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2500 C:\Program Files\IDT\WDM\sttray64.exe
    2528 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2572 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    2624 C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    2684 C:\Users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2696 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    2760 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    2768 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    2784 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    2960 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    2988 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    2376 C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    2424 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    2560 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    2600 C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    3164 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    3212 C:\Windows\System32\svchost.exe
    3256 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    3356 C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3408 C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    3556 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3584 WmiPrvSE.exe
    3728 WmiPrvSE.exe
    3840 C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    3864 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4056 C:\Windows\System32\taskeng.exe
    3248 C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    4364 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    4604 C:\Program Files\iPod\bin\iPodService.exe
    4800 C:\Windows\System32\SearchIndexer.exe
    5032 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1876 WUDFHost.exe
    4660 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    2216 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    684 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    2740 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    5244 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    5308 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    5428 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    5508 C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe
    5928 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    6008 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    6060 C:\Windows\System32\sppsvc.exe
    3572 <unknown>
    5140 C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    5396 C:\Windows\servicing\TrustedInstaller.exe
    5400 <unknown>
    708 C:\Windows\System32\svchost.exe
    5468 C:\Windows\System32\audiodg.exe
    404 C:\Users\DaeDae\Downloads\MBRCheck.exe
    3000 C:\Windows\System32\conhost.exe
    2808 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000090`10200000 (NTFS)
    \\.\Q: --> error 5

    PhysicalDrive0 Model Number: WDCWD6400BEVT-60A0RT0, Rev: 02.01A02

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 1EEA63D727183061F2A693FAB2B948CABB4235AB


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!

    Running combofix as soon as I close this browser
  8. princessdaedae

    princessdaedae TS Rookie Topic Starter

    ComboFix 11-02-13.01 - DaeDae 02/13/2011 18:17:45.1.3 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2595 [GMT -10:00]
    Running from: c:\users\DaeDae\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
    .

    2011-02-14 04:30 . 2011-02-14 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-13 12:07 . 2010-12-21 04:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-13 12:07 . 2011-02-13 12:07 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-13 12:07 . 2011-02-13 12:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-13 12:07 . 2010-12-21 04:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-13 10:27 . 2011-01-11 00:23 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-02-13 10:27 . 2011-01-11 00:23 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-02-13 10:27 . 2011-02-13 10:27 -------- d-----w- c:\programdata\Avira
    2011-02-13 10:27 . 2011-02-13 10:27 -------- d-----w- c:\program files (x86)\Avira
    2011-02-12 19:45 . 2011-02-12 19:45 -------- d-----w- c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
    2011-02-12 09:13 . 2011-02-12 09:13 -------- d-----w- c:\windows\Sun
    2011-02-12 03:46 . 2011-01-20 20:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1E1CAF4-5307-4EDB-82DA-75313269A6B1}\mpengine.dll
    2011-02-09 06:04 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
    2011-02-09 05:45 . 2011-02-09 05:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
    2011-02-07 05:17 . 2011-02-12 09:18 -------- d-----w- c:\programdata\Recovery
    2011-02-06 01:58 . 2011-02-06 02:01 -------- d-----w- c:\programdata\VirtualizedApplications
    2011-02-05 23:45 . 2011-02-05 23:45 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
    2011-02-01 05:31 . 2011-02-01 05:31 -------- d-----w- c:\program files (x86)\Audible
    2011-01-30 02:59 . 2009-05-18 23:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-01-30 02:59 . 2008-04-17 22:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
    2011-01-30 02:58 . 2011-01-30 02:58 -------- d-----w- c:\program files (x86)\QuickTime
    2011-01-30 02:58 . 2011-01-30 02:58 -------- d-----w- c:\program files (x86)\Apple Software Update
    2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\program files\Common Files\Apple
    2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\program files\Bonjour
    2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\program files (x86)\Bonjour
    2011-01-30 02:57 . 2011-01-30 02:59 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2011-01-30 02:57 . 2011-01-30 02:57 -------- d-----w- c:\programdata\Apple
    2011-01-30 02:28 . 2011-01-30 02:28 -------- d-----w- c:\programdata\Yahoo! Companion
    2011-01-30 02:27 . 2011-01-30 02:28 -------- d-----w- c:\programdata\Yahoo!
    2011-01-30 02:22 . 2011-01-30 02:28 -------- d-----w- c:\program files (x86)\Yahoo!
    2011-01-30 02:13 . 2011-01-30 02:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2011-01-30 02:13 . 2011-01-30 02:14 -------- d-----r- c:\program files (x86)\Skype
    2011-01-30 01:37 . 2011-01-30 01:37 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2011-01-30 01:31 . 2011-01-30 01:31 -------- d-----w- c:\windows\SysWow64\Wat
    2011-01-30 01:31 . 2011-01-30 01:31 -------- d-----w- c:\windows\system32\Wat
    2011-01-29 08:52 . 2009-11-25 22:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2011-01-29 08:52 . 2009-11-25 22:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2011-01-29 08:52 . 2009-11-25 22:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2011-01-29 08:52 . 2009-11-25 22:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2011-01-29 08:52 . 2009-11-25 22:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2011-01-29 08:52 . 2009-11-25 22:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-01-29 08:52 . 2009-11-25 22:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
    2011-01-29 08:52 . 2009-11-25 22:47 444752 ----a-w- c:\windows\system32\mscoree.dll
    2011-01-29 08:52 . 2009-11-25 22:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-01-29 08:52 . 2009-11-25 22:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2011-01-29 08:48 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2011-01-29 08:48 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-01-29 07:09 . 2009-08-25 04:53 41280 ----a-w- c:\windows\system32\drivers\PCASp50a64.sys
    2011-01-29 07:09 . 2011-01-29 07:09 -------- d-----w- c:\programdata\Novatel Wireless
    2011-01-29 07:07 . 2011-01-29 07:09 -------- d-----w- c:\program files (x86)\Novatel Wireless
    2011-01-29 03:00 . 2011-01-29 03:00 -------- d-----w- c:\program files (x86)\GPLGS
    2011-01-29 02:59 . 2009-11-05 17:40 85504 ----a-w- c:\windows\system32\cpwmon64.dll
    2011-01-29 02:59 . 2011-01-29 02:59 -------- d-----w- c:\program files (x86)\Acro Software
    2011-01-29 02:59 . 2011-01-29 02:59 -------- d-----w- c:\program files (x86)\Ask.com
    2011-01-29 02:43 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
    2011-01-28 06:01 . 2011-01-28 06:01 -------- d-----w- c:\users\Public\Symantec
    2011-01-28 05:58 . 2011-02-13 04:18 -------- d-----w- c:\users\DaeDae

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 03:38 . 2010-11-30 03:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 03:38 . 2010-11-30 03:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-16 08:55 . 2010-11-16 08:55 52224 ----a-w- c:\windows\system32\rtutils.dll
    2010-11-16 08:55 . 2010-11-16 08:55 37376 ----a-w- c:\windows\SysWow64\rtutils.dll
    2010-11-16 08:55 . 2010-11-16 08:55 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
    2010-11-16 08:53 . 2010-11-16 08:53 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-11-16 08:53 . 2010-11-16 08:53 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2010-11-16 08:53 . 2010-11-16 08:53 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 08:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    "Google Update"="c:\users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-29 136176]
    "MobiLink3"="c:\program files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-26 421160]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-11 281768]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/11/16 00:13;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-16 213376]
    R3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-16 213376]
    R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-16 213376]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-29 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-16 202752]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-11 135336]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-15 92216]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-25 82432]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-04-16 6403584]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-16 188928]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-25 32880]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - CLKMDRV10_C6F09094

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000Core.job
    - c:\users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 02:40]

    2011-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000UA.job
    - c:\users\DaeDae\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 02:40]

    2011-02-13 c:\windows\Tasks\HPCeeScheduleForDaeDae.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "combofix"="c:\combofix\CF11112.cfxxe" [X]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-09 487424]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-21 611896]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: {2950CA20-07C8-4FC9-B9A7-190C89F5ED6F} = 68.28.50.91 68.28.58.92
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atibtmon.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe
    c:\users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-13 18:57:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-14 04:57

    Pre-Run: 571,631,407,104 bytes free
    Post-Run: 571,144,921,088 bytes free

    - - End Of File - - 7487955D697E3C74FAB41C0073BEFCC9


    I can't run the other one right now. I have to leave for church, but I'll run it as soon as I get home. Thanks again.
  9. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Uninstall Ask Toolbar, known foistware.

    Combofix log looks clean.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. princessdaedae

    princessdaedae TS Rookie Topic Starter

    So far the comps been fine. Haven't had that IE pop up. I tried to uninstall Ask gave me a pop up that said, "Do you want to allow the following programs from an unknown publisher to make changes to this computer, C:\Windows\Installer\1d34ad.msi File origin: Hard Drive on this computer" I wasn't sure, so I clicked no. Then it gave me the error message attached.

    Should I still run the "rkill" program? And should I run the OTL.exe even if I haven't been able to uninstall ask tool bar?

    Attached Files:

  11. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Try to uninstall Ask Toolbar one more time, but this time say "yes".

    Then post OTL logs.
     
  12. princessdaedae

    princessdaedae TS Rookie Topic Starter

    Ok Ask is gone. I ran the OTL scan & tried to paste each log in here, but it gave me this error.

    The text that you have entered is too long (55905 characters). Please shorten it to 50000 characters long.

    Should I save each document & load them as attachments?
  13. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    No. Split the log between couple of replies.
  14. princessdaedae

    princessdaedae TS Rookie Topic Starter

    OTL logfile created on: 2/14/2011 10:06:49 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\DaeDae\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 576.06 Gb Total Space | 532.43 Gb Free Space | 92.43% Space Free | Partition Type: NTFS
    Drive D: | 19.82 Gb Total Space | 2.88 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

    Computer Name: DAEDAE-HP | User Name: DaeDae | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
    PRC - [2011/01/28 16:40:04 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\DaeDae\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/10/19 12:09:04 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/06/29 16:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2010/06/29 15:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2010/06/24 20:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    PRC - [2010/06/12 16:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2009/08/26 19:44:34 | 000,902,144 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe
    PRC - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    PRC - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
    MOD - [2010/08/20 19:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/06/18 13:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/06/08 23:06:18 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/04/23 16:42:40 | 000,445,192 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
    SRV:64bit: - [2010/04/16 04:09:00 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/02/23 05:38:54 | 002,192,176 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
    SRV:64bit: - [2009/07/13 15:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/08 10:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/06/29 18:51:12 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
    SRV - [2010/06/29 16:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/06/12 16:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/04/03 13:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/23 05:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/08/24 18:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
    SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 10:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/01/10 14:23:53 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/01/10 14:23:52 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/09/02 19:02:03 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/09/02 19:02:03 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/06/24 20:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/06/08 23:06:18 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/05/27 13:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/05/06 03:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/04/16 04:19:34 | 006,403,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/04/16 03:11:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/02 14:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/02/08 19:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/12/22 00:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2009/11/27 15:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/08/23 15:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 15:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 13:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/07/08 10:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2009/07/08 10:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 10:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 10:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 10:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 10:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
    DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
    DRV:64bit: - [2009/05/15 14:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/11/15 22:41:42 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000..\Run: [MobiLink3] C:\Program Files (x86)\Novatel Wireless\Virgin Mobile\MobiLink3.exe (Novatel Wireless Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/02/13 22:15:38 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
    [2011/02/13 18:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/02/13 18:33:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/02/13 18:16:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/02/13 18:16:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/02/13 18:16:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/02/13 18:16:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/02/13 18:16:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/02/13 18:15:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/02/13 03:25:48 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Desktop\clean
    [2011/02/13 02:14:42 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Malwarebytes
    [2011/02/13 02:07:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/02/13 02:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/02/13 02:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/02/13 02:07:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/02/13 02:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/02/13 00:34:36 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Avira
    [2011/02/13 00:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/02/13 00:27:56 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/02/13 00:27:56 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/02/13 00:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/02/13 00:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/02/12 09:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}
    [2011/02/11 23:13:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/02/11 18:40:41 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Adobe
    [2011/02/08 19:45:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2011/02/06 19:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
    [2011/02/05 16:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
    [2011/02/05 15:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
    [2011/02/05 15:11:30 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Avatar
    [2011/02/05 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\SoftGrid Client
    [2011/02/05 13:46:32 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\SoftGrid Client
    [2011/02/05 13:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2011/02/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2011/02/05 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2011/02/05 13:45:29 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\TP
    [2011/01/31 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Macrovision
    [2011/01/31 19:31:43 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
    [2011/01/31 19:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
    [2011/01/31 19:31:42 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Audible
    [2011/01/31 19:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
    [2011/01/31 10:21:42 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\ICAClient
    [2011/01/31 10:18:00 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Mozilla
    [2011/01/31 10:17:58 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Citrix
    [2011/01/30 23:02:30 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\HP MediaSmart Video
    [2011/01/30 10:35:49 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\CutePDF Writer
    [2011/01/29 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Apple Computer
    [2011/01/29 16:59:53 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Apple Computer
    [2011/01/29 16:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/01/29 16:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2011/01/29 16:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/01/29 16:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2011/01/29 16:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2011/01/29 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Apple
    [2011/01/29 16:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2011/01/29 16:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2011/01/29 16:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/01/29 16:57:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2011/01/29 16:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2011/01/29 16:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2011/01/29 16:47:25 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Yahoo
    [2011/01/29 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
    [2011/01/29 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Yahoo!
    [2011/01/29 16:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2011/01/29 16:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
    [2011/01/29 16:22:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
    [2011/01/29 16:15:12 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\skypePM
    [2011/01/29 16:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/01/29 16:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2011/01/29 16:13:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2011/01/29 16:13:30 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Skype
    [2011/01/29 15:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2011/01/29 15:31:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2011/01/29 15:31:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2011/01/28 21:09:44 | 000,041,280 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\SysNative\drivers\PCASp50a64.sys
    [2011/01/28 21:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novatel Wireless
    [2011/01/28 21:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Novatel Wireless
    [2011/01/28 21:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novatel Wireless
    [2011/01/28 21:06:52 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Downloaded Installations
    [2011/01/28 17:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
    [2011/01/28 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
    [2011/01/28 16:59:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
    [2011/01/28 16:51:05 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Desktop\Work
    [2011/01/28 16:41:35 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2011/01/28 16:40:05 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Google
    [2011/01/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Deployment
    [2011/01/28 16:34:21 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Apps
    [2011/01/28 07:03:24 | 000,000,000 | R-SD | C] -- C:\Users\DaeDae\Documents\My Stationery
    [2011/01/28 04:36:29 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Documents\Scanned Documents
    [2011/01/28 04:36:29 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Fax
    [2011/01/27 20:39:10 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Adobe
    [2011/01/27 20:24:27 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\IsolatedStorage
    [2011/01/27 20:24:03 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\Documents\Webcam
    [2011/01/27 20:23:54 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\CyberLink
    [2011/01/27 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\ATI
    [2011/01/27 20:14:57 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\ATI
    [2011/01/27 20:14:50 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\hpqLog
    [2011/01/27 20:14:20 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2011/01/27 20:14:20 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/01/27 20:14:19 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Searches
    [2011/01/27 20:14:19 | 000,000,000 | -H-D | C] -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/01/27 20:14:10 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Identities
    [2011/01/27 20:14:06 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Contacts
    [2011/01/27 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Hewlett-Packard
    [2011/01/27 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\VirtualStore
    [2011/01/27 20:01:13 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Hewlett-Packard
    [2011/01/27 20:00:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
    [2011/01/27 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\DigitalPersona
    [2011/01/27 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\DigitalPersona
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\AppData\Local\Temporary Internet Files
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Templates
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Start Menu
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\SendTo
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Recent
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\PrintHood
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\NetHood
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Documents\My Videos
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Documents\My Pictures
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Documents\My Music
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\My Documents
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Local Settings
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\AppData\Local\History
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Cookies
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\Application Data
    [2011/01/27 19:58:38 | 000,000,000 | -HSD | C] -- C:\Users\DaeDae\AppData\Local\Application Data
    [2011/01/27 19:58:37 | 000,000,000 | --SD | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Videos
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Saved Games
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Pictures
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Music
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Links
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Favorites
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Downloads
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\My Documents
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\Desktop
    [2011/01/27 19:58:37 | 000,000,000 | R--D | C] -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/01/27 19:58:37 | 000,000,000 | -H-D | C] -- C:\Users\DaeDae\AppData
    [2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Temp
    [2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\Microsoft
    [2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Media Center Programs
    [2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Roaming\Macromedia
    [2011/01/27 19:58:37 | 000,000,000 | ---D | C] -- C:\Users\DaeDae\AppData\Local\HuluDesktop

    ========== Files - Modified Within 30 Days ==========

    [2011/02/14 22:03:52 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/02/14 22:03:52 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/02/14 22:03:52 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/02/14 22:02:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/02/14 22:02:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/02/14 21:54:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/02/14 21:54:54 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/14 06:45:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000UA.job
    [2011/02/13 22:25:57 | 000,023,341 | ---- | M] () -- C:\Users\DaeDae\Desktop\error.jpg
    [2011/02/13 22:23:24 | 000,034,370 | ---- | M] () -- C:\Users\DaeDae\Desktop\Error.docx
    [2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
    [2011/02/13 18:10:42 | 000,721,199 | ---- | M] () -- C:\Users\DaeDae\Desktop\rkill.exe
    [2011/02/13 18:09:59 | 004,267,704 | R--- | M] () -- C:\Users\DaeDae\Desktop\ComboFix.exe
    [2011/02/13 02:07:13 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/13 00:33:11 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDaeDae.job
    [2011/02/13 00:28:03 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/02/12 09:46:53 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2011/02/11 17:46:00 | 000,002,368 | ---- | M] () -- C:\Users\DaeDae\Desktop\Google Chrome.lnk
    [2011/02/09 19:25:13 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/02/05 16:45:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000Core.job
    [2011/02/05 13:45:56 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/01/31 19:31:42 | 000,002,119 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
    [2011/01/31 10:19:33 | 000,001,447 | ---- | M] () -- C:\Users\DaeDae\Desktop\Internet Explorer.lnk
    [2011/01/29 16:59:47 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/29 16:58:26 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/01/29 16:27:52 | 000,001,165 | ---- | M] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/01/29 16:27:52 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/01/29 16:15:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/29 16:13:32 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/01/28 21:09:22 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
    [2011/01/27 20:36:46 | 000,001,441 | ---- | M] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/01/27 11:55:12 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2011/01/27 11:55:12 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

    ========== Files Created - No Company Name ==========

    [2011/02/13 22:25:57 | 000,023,341 | ---- | C] () -- C:\Users\DaeDae\Desktop\error.jpg
    [2011/02/13 22:23:23 | 000,034,370 | ---- | C] () -- C:\Users\DaeDae\Desktop\Error.docx
    [2011/02/13 18:16:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/02/13 18:16:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/02/13 18:16:36 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/02/13 18:16:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/02/13 18:16:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/02/13 18:13:39 | 000,721,199 | ---- | C] () -- C:\Users\DaeDae\Desktop\rkill.exe
    [2011/02/13 18:13:36 | 004,267,704 | R--- | C] () -- C:\Users\DaeDae\Desktop\ComboFix.exe
    [2011/02/13 02:07:13 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/02/13 00:28:03 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/02/12 09:46:53 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2011/02/05 13:45:56 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/02 17:23:19 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDaeDae.job
    [2011/01/31 19:31:42 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
    [2011/01/31 10:19:33 | 000,001,447 | ---- | C] () -- C:\Users\DaeDae\Desktop\Internet Explorer.lnk
    [2011/01/29 16:59:47 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/01/29 16:58:26 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/01/29 16:58:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2011/01/29 16:27:52 | 000,001,165 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/01/29 16:27:52 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/01/29 16:15:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/29 16:13:32 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/01/28 21:09:22 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Broadband2Go.lnk
    [2011/01/28 16:59:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysNative\cpwmon64.dll
    [2011/01/28 16:41:37 | 000,002,368 | ---- | C] () -- C:\Users\DaeDae\Desktop\Google Chrome.lnk
    [2011/01/28 16:40:09 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000UA.job
    [2011/01/28 16:40:07 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3930163349-2018200318-2550135438-1000Core.job
    [2011/01/27 20:36:46 | 000,001,441 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/01/27 20:14:30 | 000,001,413 | ---- | C] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011/01/27 20:14:22 | 000,001,447 | ---- | C] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/01/27 20:00:40 | 000,002,306 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
    [2011/01/27 20:00:40 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    [2011/01/27 20:00:40 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
    [2011/01/27 19:58:37 | 000,001,974 | ---- | C] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
    [2011/01/27 19:58:37 | 000,000,290 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/01/27 19:58:37 | 000,000,272 | ---- | C] () -- C:\Users\DaeDae\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2011/01/27 11:53:45 | 000,000,287 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoJack Pro for HP ProtectTools.url
    [2010/11/15 22:30:07 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
    [2010/11/15 22:29:59 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/11/15 22:29:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/11/15 22:29:20 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/11/15 22:28:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/11/15 22:01:35 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/11/15 22:01:35 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/09/02 21:19:38 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/09/02 20:17:53 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
    [2010/09/02 20:06:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/09/02 20:00:47 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/09/02 19:59:28 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/09/02 19:58:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/02/09 15:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/13 13:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 11:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2011/01/27 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\DigitalPersona
    [2011/01/31 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\ICAClient
    [2011/02/13 23:05:06 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\SoftGrid Client
    [2011/02/05 13:46:41 | 000,000,000 | ---D | M] -- C:\Users\DaeDae\AppData\Roaming\TP
    [2009/07/13 19:08:49 | 000,014,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
  15. princessdaedae

    princessdaedae TS Rookie Topic Starter

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 15:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2011/02/13 18:58:01 | 000,019,932 | ---- | M] () -- C:\ComboFix.txt
    [2011/02/14 21:54:54 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/14 21:54:57 | 4021,186,560 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/13 19:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 19:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 19:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 19:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 10:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/16 21:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 18:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/27 20:36:46 | 000,000,221 | -HS- | M] () -- C:\Users\DaeDae\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/02/13 18:09:59 | 004,267,704 | R--- | M] () -- C:\Users\DaeDae\Desktop\ComboFix.exe
    [2011/02/13 22:15:21 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\DaeDae\Desktop\OTL.exe
    [2011/02/13 18:10:42 | 000,721,199 | ---- | M] () -- C:\Users\DaeDae\Desktop\rkill.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 11:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/01/27 20:14:28 | 000,000,402 | -HS- | M] () -- C:\Users\DaeDae\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/15 22:29:59 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/09/02 20:06:59 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/11/15 22:29:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/09/02 20:00:37 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/11/15 22:28:37 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/11/15 22:29:44 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/09/02 19:59:19 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/09/02 20:06:11 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/11/15 22:30:16 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  16. princessdaedae

    princessdaedae TS Rookie Topic Starter

    OTL Extras logfile created on: 2/14/2011 10:06:49 PM - Run 1
    OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\DaeDae\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 67.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 576.06 Gb Total Space | 532.43 Gb Free Space | 92.43% Space Free | Partition Type: NTFS
    Drive D: | 19.82 Gb Total Space | 2.88 Gb Free Space | 14.53% Space Free | Partition Type: NTFS

    Computer Name: DAEDAE-HP | User Name: DaeDae | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\DaeDae\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}" = ATI Catalyst Install Manager
    "{1F6B7CB0-66D8-4B31-BF1F-D2318E58080E}" = HP SimplePass Identity Protection
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
    "{426FAE9F-7373-496E-A215-9DB7EF4398CF}" = Validity Sensors DDK
    "{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
    "{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
    "{E2BDBC42-A7F5-BE3C-CAE7-672461BADFBB}" = ccc-utility64
    "{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
    "{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{06C75F9A-97AD-5248-E32E-DF614E74CB30}" = CCC Help English
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{17AAFDC8-0126-8325-99C3-BA94ECC88719}" = CCC Help Chinese Standard
    "{1C7D54A1-3EAF-1FA6-865A-5BD68563978F}" = Catalyst Control Center Graphics Previews Vista
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2469F651-772F-53D7-66D6-EC065F786E38}" = CCC Help French
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2E228408-8C07-BF2B-E3BE-6FE3226D0557}" = Catalyst Control Center Graphics Full Existing
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3418A50C-5B73-420F-A617-B680D778573C}" = CCC Help Greek
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3CE8DBEF-2A88-F180-F62C-43AA930D6D47}" = CCC Help Korean
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{43C189A4-D61F-F7C7-F4BC-C3FE800FF7BB}" = ccc-core-static
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{527B2D1F-0129-70C1-3D8E-D7C13994F3D8}" = Catalyst Control Center Graphics Previews Common
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5911C3EB-2E4F-80CC-4A1F-65DD5BFFEA0D}" = CCC Help German
    "{639BDAFA-4A48-62A1-E2D9-13A84E9582FE}" = CCC Help Polish
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6B6A1FFD-AF4B-2348-1854-1BBDD6A4E852}" = CCC Help Chinese Traditional
    "{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{705893E4-960A-E551-4825-B63B7BE8959A}" = CCC Help Czech
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{766BF6D1-A746-9B26-EC0B-E76DF6D5DE07}" = CCC Help Norwegian
    "{783C5B03-DF9C-30B0-BC32-066150B77F19}" = CCC Help Japanese
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83853D8B-E9F1-1E35-2F1B-4210D2875A8C}" = CCC Help Spanish
    "{845E9545-2A7F-FFCB-D2FA-A292B0137325}" = CCC Help Hungarian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6E13F3-44FB-A8A6-D9F5-2AF030A47F2C}" = CCC Help Portuguese
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{996FF46F-797F-AFE4-2932-3F391B5BB4A5}" = CCC Help Thai
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AA11D798-A4C3-F2BF-E9C8-584D1AA7C891}" = Catalyst Control Center Graphics Full New
    "{AB14AFDF-990F-C0FD-DDDF-6113BD111593}" = Catalyst Control Center Localization All
    "{AEBFE622-2807-E0D5-E7E2-0D5AA4977B48}" = CCC Help Danish
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2C904FA-DB34-47A3-B8D6-50F4E7AC5808}" = Virgin Mobile Broadband Modem Drivers
    "{B34FE99A-48DD-3564-761E-6BB78FBE5DB9}" = Catalyst Control Center InstallProxy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BFC1210F-19B0-A7F0-B027-82AD610DA5B7}" = CCC Help Italian
    "{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = Broadband2Go
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C8871195-1265-0859-CC55-ADE112EEF7D3}" = Times Reader
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D2D49B64-FBC1-15EE-5734-97BB457F197E}" = Catalyst Control Center Core Implementation
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D5EA734C-2DEC-76F6-9D98-97D57A6F61CE}" = CCC Help Swedish
    "{DB6A09A0-34B0-BFE5-7026-C91829ED879D}" = CCC Help Turkish
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
    "{E1600759-7AB3-A146-5ED4-4A50E743D3D3}" = CCC Help Russian
    "{E22B38FA-7A08-3CEE-EB31-970C4CF2AA54}" = CCC Help Dutch
    "{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5AE53A7-1A79-4840-998F-A18042A2F568}" = HP Documentation
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F3620D5D-B046-41F0-AB8D-3C56A36AFD60}" = Catalyst Control Center - Branding
    "{F55BB217-BB0F-4A7A-A499-8A0C34D842E2}" = Catalyst Control Center Graphics Light
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE39FB6F-05FB-4B09-4DE7-6E2BEC08427D}" = CCC Help Finnish
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "AudibleDownloadManager" = Audible Download Manager
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Broadband2Go" = Broadband2Go
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3930163349-2018200318-2550135438-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "HuluDesktop" = Hulu Desktop

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/28/2011 10:26:57 AM | Computer Name = DaeDae-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: hpqwmiex.exe, version: 4.0.39.1, time stamp:
    0x4c24f856 Faulting module name: OLEAUT32.dll, version: 6.1.7600.16385, time stamp:
    0x4a5bdaca Exception code: 0xc0000005 Fault offset: 0x00004660 Faulting process id:
    0xbf0 Faulting application start time: 0x01cbbeb24f84bc6e Faulting application path:
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe Faulting module path:
    C:\Windows\syswow64\OLEAUT32.dll Report Id: a8b819ff-2aea-11e0-a168-8b022bd9d7f1

    Error - 1/29/2011 3:11:22 AM | Computer Name = DaeDae-HP | Source = RasClient | ID = 20227
    Description =

    Error - 1/29/2011 4:54:24 AM | Computer Name = DaeDae-HP | Source = MsiInstaller | ID = 11935
    Description =

    Error - 1/29/2011 4:55:26 AM | Computer Name = DaeDae-HP | Source = MsiInstaller | ID = 11935
    Description =

    Error - 1/29/2011 9:45:30 PM | Computer Name = DaeDae-HP | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Application or service 'Bing Bar' could not be shut down.

    Error - 1/29/2011 10:20:33 PM | Computer Name = DaeDae-HP | Source = MsiInstaller | ID = 10005
    Description =

    Error - 1/30/2011 4:23:57 PM | Computer Name = DaeDae-HP | Source = RasClient | ID = 20227
    Description =

    Error - 1/31/2011 4:45:52 AM | Computer Name = DaeDae-HP | Source = Windows Backup | ID = 4103
    Description =

    Error - 2/4/2011 11:17:22 PM | Computer Name = DaeDae-HP | Source = RasClient | ID = 20227
    Description =

    Error - 2/6/2011 4:32:58 AM | Computer Name = DaeDae-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: mDNSResponder.exe, version: 2.0.4.0, time
    stamp: 0x4cae1be1 Faulting module name: mDNSResponder.exe, version: 2.0.4.0, time
    stamp: 0x4cae1be1 Exception code: 0xc0000005 Fault offset: 0x0000110a Faulting process
    id: 0x770 Faulting application start time: 0x01cbc58cadf0fe13 Faulting application
    path: C:\Program Files (x86)\Bonjour\mDNSResponder.exe Faulting module path: C:\Program
    Files (x86)\Bonjour\mDNSResponder.exe Report Id: b33a7ea4-31cb-11e0-8770-96bfd5187a8c

    [ HP Wireless Assistant Events ]
    Error - 1/28/2011 1:59:07 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:00:15 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:01:22 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:02:30 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:03:38 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:04:46 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:05:51 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 1/28/2011 2:06:51 AM | Computer Name = DaeDae-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    [ System Events ]
    Error - 1/29/2011 9:32:01 PM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7000
    Description = The HP Wireless Assistant Service service failed to start due to the
    following error: %%1053

    Error - 1/31/2011 4:08:48 PM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the HPWMISVC service.

    Error - 2/3/2011 5:27:44 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the CinemaNow Service service.

    Error - 2/3/2011 5:28:28 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the HPWMISVC service.

    Error - 2/3/2011 8:05:45 PM | Computer Name = DaeDae-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \...\DR2.

    Error - 2/6/2011 4:33:01 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 2/6/2011 2:17:57 PM | Computer Name = DaeDae-HP | Source = DCOM | ID = 10010
    Description =

    Error - 2/8/2011 6:10:18 AM | Computer Name = DaeDae-HP | Source = DCOM | ID = 10010
    Description =

    Error - 2/10/2011 1:36:13 AM | Computer Name = DaeDae-HP | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\DR1.

    Error - 2/12/2011 4:45:27 AM | Computer Name = DaeDae-HP | Source = Service Control Manager | ID = 7034
    Description = The HP Software Framework Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - File not found -- 
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3 - HKU\S-1-5-21-3930163349-2018200318-2550135438-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  18. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Are you still out there?
  19. princessdaedae

    princessdaedae TS Rookie Topic Starter

    I've been trying to get back to the thread from my comp but it wasn't working. Also I noticed that the finger print indetifying system on my laptop is gone. Anyway I'll try to get back on the thread from my laptop. I'm on my phone right now. Thanks again for all your help.
  20. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    No problem :)
  21. princessdaedae

    princessdaedae TS Rookie Topic Starter

    Ok so when I try to run the OTL as you instructed, the program goes to "Not Responding" What should I do?
  22. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Shut down Avira and try again.
    If still no go, try Safe Mode.
  23. princessdaedae

    princessdaedae TS Rookie Topic Starter

    Ok disabled the antivirus, tried to run OTL again. No go.

    Started & running it in safe mode, but it's been running for about 15-20 mins. & I can't tell if it's working or not.

    I'm on my phone.
  24. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Let me know....
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.