TechSpot

Links hijacked, firewall won't turn, anti-virus scans clean

By skiguyross
Nov 15, 2011
  1. I have a ridiculous virus on my computer that so far I have been unable to clean. Before finding these forums I ran virus scans on Microsoft Security Essentials, AdAware, Housecall from TrendMicro, and Malwarebytes' Anti-Malware. I ran a good majority of them in safe mode. My computer found problems and said to have cleaned it, but the problems persist. Attached are two Malwarebytes logs: one is the most recent run, the other the latest run where it found problems.

    Here are the requested logs:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8156

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/14/2011 5:12:41 PM
    mbam-log-2011-11-14 (17-12-41).txt

    Scan type: Quick scan
    Objects scanned: 215370
    Time elapsed: 8 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Here is one I ran yesterday that did find malicious software:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8156

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    11/13/2011 4:17:45 PM
    mbam-log-2011-11-13 (16-17-45).txt

    Scan type: Quick scan
    Objects scanned: 215303
    Time elapsed: 11 minute(s), 50 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 7
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 9

    Memory Processes Infected:
    c:\Users\Ross\AppData\Roaming\microsoft\D014\38B.exe (Backdoor.CycBot.Gen) -> 4008 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iXXXqjjUeIBrzNx (Trojan.Dropper) -> Value: iXXXqjjUeIBrzNx -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38B.exe (Backdoor.CycBot.Gen) -> Value: 38B.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uIBBrrzPNyxA8234A (Trojan.FakeAlert.CLGen) -> Value: uIBBrrzPNyxA8234A -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38B.exe (Backdoor.CycBot) -> Value: 38B.exe -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Ross\AppData\Roaming\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\$RECYCLE.BIN\s-1-5-21-1708482083-798194572-1285507946-1000\$R9F8Q2O\av security 2012v121.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Ross\AppData\Local\Temp\dwme.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Users\Ross\local settings\temporary internet files\Content.IE5\SCPH70ES\file[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Ross\AppData\Roaming\firefox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Ross\AppData\Roaming\ldr.ini (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Ross\Desktop\av security 2012.lnk (Rogue.AVSecurity2012) -> Quarantined and deleted successfully.
    c:\Users\Ross\AppData\Roaming\microsoft\D014\38B.exe (Backdoor.CycBot.Gen) -> Quarantined and deleted successfully.
    c:\program files (x86)\LP\D014\38B.exe (Backdoor.CycBot) -> Quarantined and deleted successfully.



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-14 21:40:37
    Windows 6.0.6002 Service Pack 2
    Running: gmer.exe


    ---- Services - GMER 1.0.15 ----

    Service .NET CLR Data
    Service .NET CLR Networking
    Service .NET CLR Networking 4.0.0.0
    Service .NET Data Provider for Oracle
    Service .NET Data Provider for SqlServer
    Service .NETFramework
    Service system32\DRIVERS\Accelerometer.sys (HP Accelerometer/Hewlett-Packard Company) [MANUAL] Accelerometer
    Service system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
    Service (Adobe Drive File System Driver/Adobe Systems, Inc.) [AUTO] adfs
    Service system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [BOOT] adp94xx
    Service system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [BOOT] adpahci
    Service system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (X64)/Adaptec, Inc.) [BOOT] adpu160m
    Service system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver (X64)/Adaptec, Inc.) [BOOT] adpu320
    Service adsi
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
    Service C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe (Andrea filters APO access service (64-bit)/Andrea Electronics Corporation) [AUTO] AESTFilters
    Service system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
    Service system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
    Service system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [BOOT] aic78xx
    Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
    Service system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] aliide
    Service system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [BOOT] amdide
    Service system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] AmdK8
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
    Service C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (MobileDeviceService/Apple Inc.) [AUTO] Apple Mobile Device
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) AppMgmt
    Service system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [BOOT] arc
    Service system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [BOOT] arcsas
    Service system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
    Service system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioSrv
    Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (System Level Service Utility/Autodesk) [MANUAL] Autodesk Licensing Service
    Service (Battery Class Driver/Microsoft Corporation) BattC
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
    Service system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [MANUAL] blbdrive
    Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
    Service system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
    Service system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
    Service system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
    Service system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
    Service system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
    Service system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
    Service system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
    Service system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [MANUAL] BTHMODEM
    Service BTHPORT
    Service system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
    Service system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
    Service system32\DRIVERS\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [MANUAL] circlass
    Service System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
    Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32
    Service C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_64
    Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
    Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_64
    Service system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
    Service system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [BOOT] cmdide
    Service C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) [DISABLED] Com4QLBEx
    Service system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
    Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
    Service system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
    Service C:\Windows\system32\crypserv.exe (CrypKey License Service/CrypKey (Canada) Ltd.) [AUTO] Crypkey License
    Service crypt32
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
    Service DCLocator
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
    Service System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
    Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
    Service system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
    Service C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona Local Host/DigitalPersona, Inc.) [AUTO] DpHost
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
    Service system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
    Service System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
    Service system32\DRIVERS\E1G6032E.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
    Service [DISABLED] eabfiltr
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
    Service System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
    Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
    Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
    Service system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [BOOT] elxstor
    Service EmdCache
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
    Service system32\DRIVERS\enecir.sys (ENE CIR Driver for eHome(64)/ENE TECHNOLOGY INC.) [MANUAL] enecir
    Service system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [MANUAL] ErrDev
    Service ESENT
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
    Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
    Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
    Service system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] fdc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub
    Service system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
    Service system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
    Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Activation Licensing Service/Acresso Software Inc.) [MANUAL] FLEXnet Licensing Service
    Service system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
    Service system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FontCache
    Service C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
    Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
    Service system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
    Service system32\DRIVERS\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
    Service C:\Program [AUTO] gupdate1ca51e2abc2f06b
    Service C:\Program [MANUAL] gupdatem
    Service C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google) [MANUAL] gusvc
    Service system32\drivers\HdAudio.sys (High Definition Audio Function Driver/Microsoft Corporation) [MANUAL] HdAudAddService
    Service system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
    Service system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [MANUAL] HidBth
    Service system32\DRIVERS\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidIr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hidserv
    Service system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
    Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [DISABLED] HP Health Check Service
    Service system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [BOOT] HpCISSs
    Service system32\DRIVERS\hpdskflt.sys (HP Disk Filter - SATA/RAID/Hewlett-Packard Company) [BOOT] hpdskflt
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hpqcxs08
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hpqddsvc
    Service system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HpqKbFiltr
    Service C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [DISABLED] hpqwmiex
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] HPSLPSVC
    Service C:\Windows\system32\Hpservice.exe (HpService/Hewlett-Packard Company) [DISABLED] hpsrv
    Service system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
    Service system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [BOOT] i2omp
    Service system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
    Service C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (RAID Monitor/Intel Corporation) [AUTO] IAANTMON
    Service system32\DRIVERS\iaStor.sys (Intel Matrix Storage Manager driver - x64/Intel Corporation) [BOOT] iaStor
    Service system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [BOOT] iaStorV
    Service C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
    Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
    Service system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [BOOT] iirsp
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
    Service inetaccs
    Service system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [BOOT] intelide
    Service system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
    Service system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
    Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
    Service system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [MANUAL] IPMIDRV
    Service system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
    Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (64-bit)/Apple Inc.) [MANUAL] iPod Service
    Service system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
    Service system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
    Service system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
    Service system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteatapi
    Service system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteraid
    Service system32\DRIVERS\jmcr.sys (JMicron JMB38X Flash Media Controller Driver/JMicron Technology Corporation) [MANUAL] JMCR
    Service system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass
    Service system32\DRIVERS\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [SYSTEM] kbdhid
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
    Service System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
    Service system32\drivers\ksthunk.sys (Kernel Streaming WOW Thunk Service/Microsoft Corporation) [MANUAL] ksthunk
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
    Service C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Ad-Aware Service Application/Lavasoft Limited) [MANUAL] Lavasoft Ad-Aware Service
    Service system32\DRIVERS\Lbd.sys (Boot Driver/Lavasoft AB) [BOOT] Lbd
    Service ldap
    Service C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [DISABLED] LightScribeService
    Service system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
    Service Lsa
    Service system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [BOOT] LSI_FC
    Service system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [BOOT] LSI_SAS
    Service system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [BOOT] LSI_SCSI
    Service system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
    Service system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x64/LSI Corporation) [BOOT] megasas
    Service system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [BOOT] MegaSR
    Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Groove Audit Service/Microsoft Corporation) [MANUAL] Microsoft Office Groove Audit Service
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
    Service system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
    Service system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
    Service C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [AUTO] MotoConnect Service
    Service system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
    Service system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
    Service System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
    Service system32\DRIVERS\MpFilter.sys (Microsoft antimalware file system filter driver/Microsoft Corporation) [SYSTEM] MpFilter
    Service system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [BOOT] mpio
    Service system32\DRIVERS\MpNWMon.sys (Network monitor driver/Microsoft Corporation) [MANUAL] MpNWMon
    Service System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
    Service system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86-64/LSI Logic Corporation) [BOOT] Mraid35x
    Service system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
    Service system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
    Service system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
    Service system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
    Service system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [BOOT] msahci
    Service system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [BOOT] msdsm
    Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation) [MANUAL] MSDTC
    Service MSDTC Bridge 3.0.0.0
    Service MSDTC Bridge 4.0.0.0
    Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
    Service system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) [BOOT] msisadrv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] MSiSCSI
    Service C:\Windows\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] msiserver
    Service system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
    Service C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Antimalware Service Executable/Microsoft Corporation) [AUTO] MsMpSvc
    Service system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
    Service system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
    Service (Kernel Remote Procedure Call Provider/Microsoft Corporation) [MANUAL] MsRPC
    Service MSSCNTRS
    Service system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
    Service system32\drivers\MSTEE.sys (WDM Tee/Communication Transform Filter /Microsoft Corporation) [MANUAL] MSTEE
    Service System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] napagent
    Service system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) [MANUAL] NativeWifiP
    Service system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) [BOOT] NDIS
    Service system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
    Service system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) [MANUAL] Ndisuio
    Service system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
    Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Net Driver HPZ12
    Service system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
    Service System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] netbt
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] Netlogon
     
  2. skiguyross

    skiguyross TS Rookie Topic Starter

    Logs continued:

    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Netman
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] netprofm
    Service C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
    Service system32\DRIVERS\NETw3v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw3v64
    Service system32\DRIVERS\NETw5v64.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw5v64
    Service Network Inspection System
    Service C:\Windows\system32\ckldrv.sys [SYSTEM] NetworkX
    Service system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [BOOT] nfrd960
    Service system32\DRIVERS\NisDrvWFP.sys (Microsoft Network Inspection System Driver/Microsoft Corporation) [MANUAL] NisDrv
    Service C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Network Inspection System/Microsoft Corporation) [MANUAL] NisSrv
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] NlaSvc
    Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] nsi
    Service system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) [SYSTEM] nsiproxy
    Service NTDS
    Service (NT File System Driver/Microsoft Corporation) [MANUAL] Ntfs
    Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
    Service system32\drivers\nvhda64v.sys [MANUAL] NVHDA
    Service system32\DRIVERS\nvlddmkm.sys (NVIDIA Windows Kernel Mode Driver, Version 285.62 /NVIDIA Corporation) [MANUAL] nvlddmkm
    Service system32\drivers\nvraid.sys (NVIDIA® nForce(TM) RAID Driver/NVIDIA Corporation) [BOOT] nvraid
    Service system32\drivers\nvstor.sys (NVIDIA® nForce(TM) Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor
    Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 285.62/NVIDIA Corporation) [AUTO] nvsvc
    Service C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Settings Update Manager/NVIDIA Corporation) [AUTO] nvUpdatusService
    Service system32\drivers\nv_agp.sys (NForce NT AGP Filter/Microsoft Corporation) [MANUAL] nv_agp
    Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
    Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
    Service C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Office Diagnostics/Microsoft Corporation) [MANUAL] odserv
    Service system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [MANUAL] ohci1394
    Service C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Office Source Engine/Microsoft Corporation) [MANUAL] ose
    Service Outlook
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2pimsvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] p2psvc
    Service system32\drivers\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
    Service System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) [BOOT] partmgr
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PcaSvc
    Service system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] pci
    Service system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] pciide
    Service system32\drivers\pcmcia.sys (PCMCIA Bus Driver/Microsoft Corporation) [MANUAL] pcmcia
    Service System32\Drivers\pcouffin.sys (low level access layer for CD/DVD/BD devices/VSO Software) [MANUAL] pcouffin
    Service system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) [AUTO] PEAUTH
    Service PerfDisk
    Service C:\Windows\SysWow64\perfhost.exe (x86 Performance Counter Host/Microsoft Corporation) [MANUAL] PerfHost
    Service PerfNet
    Service PerfOS
    Service PerfProc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] pla
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PlugPlay
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Pml Driver HPZ12
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPAutoReg
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] PNRPsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] PolicyAgent
    Service PortProxy
    Service system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
    Service system32\drivers\processr.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] Processor
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ProfSvc
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] ProtectedStorage
    Service system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) [SYSTEM] PSched
    Service system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [BOOT] ql2300
    Service system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [BOOT] ql40xx
    Service C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [DISABLED] QPCapSvc
    Service C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [DISABLED] QPSched
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] QWAVE
    Service system32\drivers\qwavedrv.sys (Microsoft Quality Windows Audio Video Experience (qWave) Support Driver/Microsoft Corporation) [MANUAL] QWAVEdrv
    Service System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasAuto
    Service system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RasMan
    Service system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
    Service system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) [MANUAL] RasSstp
    Service system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] rdbss
    Service System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
    Service RDPDD
    Service system32\drivers\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
    Service system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
    Service RDPNP
    Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
    Service C:\Windows\SMINST\BLService.exe [DISABLED] Recovery Service for Windows
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
    Service C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [DISABLED] RichVideo
    Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
    Service system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
    Service system32\DRIVERS\Rtlh64.sys (Realtek 8101E/8168/8169 NDIS6 64-bit Driver /Realtek Corporation ) [MANUAL] RTL8169
    Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
    Service system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [BOOT] sbp2port
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
    Service system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
    Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
    Service system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
    Service system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [MANUAL] Serial
    Service system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [MANUAL] sermouse
    Service ServiceModelEndpoint 3.0.0.0
    Service ServiceModelOperation 3.0.0.0
    Service ServiceModelService 3.0.0.0
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
    Service system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [MANUAL] sffdisk
    Service system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
    Service system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
    Service system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [MANUAL] sfloppy
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
    Service system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Microsoft Corporation) [BOOT] SiSRaid2
    Service system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [BOOT] SiSRaid4
    Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify
    Service system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb
    Service SMSvcHost 3.0.0.0
    Service SMSvcHost 4.0.0.0
    Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
    Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
    Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
    Service System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
    Service System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
    Service System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
    Service C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe (IDT PC Audio/IDT, Inc.) [AUTO] STacSV
    Service system32\DRIVERS\stwrt64.sys (IDT PC Audio/IDT, Inc.) [MANUAL] STHDA
    Service system32\DRIVERS\serscan.sys (Serial Imaging Device Driver/Microsoft Corporation) [MANUAL] StillCam
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
    Service system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
    Service system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [BOOT] Symc8xx
    Service SYMTDI
    Service system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [BOOT] Sym_hi
    Service system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [BOOT] Sym_u3
    Service system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics Incorporated) [MANUAL] SynTP
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
    Service system32\drivers\tbhsd.sys (Tunebite High-Speed Dubbing/RapidSolution Software AG) [MANUAL] tbhsd
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS
    Service System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
    Service system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
    Service System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
    Service system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
    Service system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
    Service system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
    Service system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
    Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
    Service TSDDD
    Service System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
    Service system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
    Service system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
    Service system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
    Service system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
    Service UGatherer
    Service UGTHRSVC
    Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
    Service system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
    Service system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [BOOT] uliahci
    Service system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [BOOT] UlSata
    Service system32\drivers\ulsata2.sys (Promise SATAII150 Series x64 Windows Driver/Promise Technology, Inc.) [BOOT] ulsata2
    Service system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] upnphost
    Service usb
    Service System32\Drivers\usbaapl64.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL64
    Service system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
    Service system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [MANUAL] usbcir
    Service system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
    Service system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
    Service system32\drivers\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
    Service system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
    Service system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
    Service system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
    Service system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
    Service System32\Drivers\usbvideo.sys (USB Video Class Driver/Microsoft Corporation) [MANUAL] usbvideo
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
    Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
    Service system32\drivers\vfs101a.sys (Validity Fingerprint Scanner USB Driver/Validity Sensors, Inc.) [MANUAL] vfs101a
    Service C:\Windows\system32\vfsFPService.exe (Validity Sensors Fingerprint Service/Validity Sensors, Inc.) [AUTO] vfsFPService
    Service system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
    Service System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
    Service system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [BOOT] viaide
    Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (ViewMgr/Viewpoint Corporation) [DISABLED] Viewpoint Manager Service
    Service system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
    Service System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
    Service system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
    Service system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [BOOT] vsmraid
    Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time
    Service W3SVC
    Service system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [MANUAL] WacomPen
    Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
    Service system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
    Service system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [BOOT] Wd
    Service system32\drivers\Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) [BOOT] Wdf01000
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
    Service Windows Workflow Foundation 3.0.0.0
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
    Service [MANUAL] Winsock
    Service WinSock2
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
    Service system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
    Service WmiApRpl
    Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
    Service C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe [AUTO] WMPNetworkSvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum
    Service system32\DRIVERS\wpdusb.sys (WPD USB Driver/Microsoft Corporation) [MANUAL] WpdUsb
    Service C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (wpffontcache_v0400.exe/Microsoft Corporation) [MANUAL] WPFFontCache_v0400
    Service system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
    Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
    Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
    Service WSearchIdxPi
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
    Service system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
    Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
    Service xmlprov
    Service system32\DRIVERS\yk60x64.sys (NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell) [MANUAL] yukonx64
    Service {34A03489-EBF5-4884-BB0A-2694DC1605DC}
    Service C:\??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [AUTO] {55662437-DA8C-40c0-AADA-2C816A897A49}
    Service {FA19CAE0-2729-4F89-97C1-4BEAE780BBA8}

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by Ross at 23:05:55 on 2011-11-14
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.3021 [GMT -7:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Aim6]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [<NO NAME>]
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRunOnce: [GrpConv] grpconv -o
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
     
  3. skiguyross

    skiguyross TS Rookie Topic Starter

    The rest of the logs:

    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Aim6]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [<NO NAME>]
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [hpqSRMon]
    mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRunOnce: [GrpConv] grpconv -o
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{34A03489-EBF5-4884-BB0A-2694DC1605DC} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{FA19CAE0-2729-4F89-97C1-4BEAE780BBA8} : DhcpNameServer = 12.127.16.67 12.127.17.71
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli DPPWDFLT
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO-X64: DigitalPersona Personal Extension - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    BHO-X64: Google Gears Helper - No File
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [(Default)]
    mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [hpqSRMon]
    mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    mRunOnce-x64: [GrpConv] grpconv -o
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 62061
    FF - prefs.js: network.proxy.type - 4
    FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
    FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
    FF - plugin: C:\Users\Ross\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Ross\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Ross\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
    S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-7-23 27632]
    S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S2 gupdate1ca51e2abc2f06b;Google Update Service (gupdate1ca51e2abc2f06b);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
    S2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-23 91456]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-30 2253120]
    S2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-5-26 599344]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-20 133104]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 vfs101a;vfs101a;C:\Windows\system32\drivers\vfs101a.sys --> C:\Windows\system32\drivers\vfs101a.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-5 89920]
    S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-9-2 228408]
    S4 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
    S4 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-9-2 361808]
    S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-1-20 24652]
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-11-15 04:42:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AD47E3A-DA67-4E50-9774-3739741A50A3}\offreg.dll
    2011-11-15 01:34:12 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3AD47E3A-DA67-4E50-9774-3739741A50A3}\mpengine.dll
    2011-11-14 21:44:21 98816 ----a-w- C:\Windows\sed.exe
    2011-11-14 21:44:21 518144 ----a-w- C:\Windows\SWREG.exe
    2011-11-14 21:44:21 256000 ----a-w- C:\Windows\PEV.exe
    2011-11-14 21:44:21 208896 ----a-w- C:\Windows\MBR.exe
    2011-11-14 21:44:18 -------- d-s---w- C:\ComboFix
    2011-11-14 20:12:51 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-11-13 23:05:50 -------- d-----w- C:\Program Files (x86)\LP
    2011-11-13 22:44:41 98816 ----a-w- C:\Users\Ross\AppData\Roaming\Microsoft\D014\24A5.tmp
    2011-11-13 22:44:33 -------- d-----w- C:\Users\Ross\AppData\Roaming\B69D4
    2011-11-13 22:44:27 -------- d-----we C:\Windows\system64
    2011-11-13 22:44:27 -------- d-----w- C:\Users\Ross\AppData\Roaming\T7fffEL9g
    2011-11-13 22:44:27 -------- d-----w- C:\Users\Ross\AppData\Roaming\jbbbD33pnG4aH6W
    2011-11-13 22:44:21 -------- d-----w- C:\Users\Ross\AppData\Roaming\wF33ppaaJ6dWKfL
    2011-11-13 22:44:20 -------- d-----w- C:\Users\Ross\AppData\Roaming\hRRRZZ9hY
    2011-11-13 22:44:11 -------- d-----w- C:\Users\Ross\AppData\Roaming\40DB6
    2011-11-09 03:05:08 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2011-11-09 03:05:08 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 03:05:07 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
    2011-11-09 03:05:07 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
    2011-11-09 03:05:05 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 03:05:05 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 03:05:05 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
    2011-11-06 10:04:13 -------- d-----w- C:\Users\Ross\AppData\Roaming\Fingerfox (SE)
    2011-10-30 07:35:03 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
    2011-10-30 07:34:43 3074368 ----a-w- C:\Windows\System32\nvsvcr.dll
    2011-10-30 07:34:42 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
    2011-10-30 07:24:44 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2011-10-26 00:31:02 -------- d-----w- C:\Program Files\iPod
    2011-10-26 00:31:00 -------- d-----w- C:\Program Files\iTunes
    2011-10-26 00:25:21 -------- d-----w- C:\Program Files\Bonjour
    2011-10-19 04:54:49 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-10-19 00:28:14 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    .
    ==================== Find3M ====================
    .
    2011-10-30 07:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-19 00:46:52 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-09-15 02:36:13 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
    2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
    2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-31 05:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-08-31 05:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
    2011-08-31 05:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-08-31 05:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
    2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
    2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
    2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
    .
    ============= FINISH: 23:08:17.39 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/4/2009 2:33:34 AM
    System Uptime: 11/14/2011 9:41:37 PM (2 hours ago)
    .
    Motherboard: Quanta | | 361B
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | CPU | 2394/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 363 GiB total, 112.011 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.756 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart Plus B209a-m
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart Plus B209a-m
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Plus B209a-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Plus B209a-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: Consumer IR Devices
    Device ID: ROOT\SYSTEM\0001
    Manufacturer: Microsoft
    Name: Consumer IR Devices
    PNP Device ID: ROOT\SYSTEM\0001
    Service: circlass
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    @RISK 5.0 for Excel, Industrial Edition
    µTorrent
    ActiveCheck component for HP Active Support Library
    Ad-Aware
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe Media Player
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.1.2
    Adobe Setup
    Adobe Shockwave Player 11.5
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    ADSTech Media Link version 1.2
    AIM 6
    Apple Application Support
    Apple Software Update
    Audacity 1.2.6
    Autodesk Design Review 2009
    B209a-m
    BufferChm
    Cards_Calendar_OrderGift_DoMorePlugout
    ConvertXtoDVD 2.2.3.258
    CyberLink DVD Suite
    CyberLink YouCam
    Destinations
    DeviceDiscovery
    EPSON Scan
    ESU for Microsoft Vista
    ffdshow [rev 2527] [2008-12-19]
    gBurner
    GoldSim 10 Beta
    GoldSim 10.02
    GoldSim 9.60
    Google Chrome
    Google Gears
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 4.0.0.320
    GPBaseService2
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart TV
    HP Photosmart Essential 2.5
    HP Quick Launch Buttons
    HP Total Care Advisor
    HP Update
    HP User Guides 0115
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPPhotoGadget
    HPPhotoSmartPhotobookWebPack1
    hpPrintProjects
    HPProductAssistant
    HPSSupply
    HPTCSSetup
    hpWLPGInstaller
    HTC Driver Installer
    HTC Sync
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 23
    Java(TM) 6 Update 6
    JMicron JMB38X Flash Media Controller
    Juniper Networks Host Checker
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    K-Lite Codec Pack 4.5.3 (Full)
    LabelPrint
    LAME v3.98.2 for Audacity
    Last.fm 1.5.4.27091
    LightScribe System Software 1.12.33.2
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MotoConnect
    Move Media Player
    Mozilla Firefox 8.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 6.1
    MVPstats
    NVIDIA PhysX
    PDF Settings
    PhotoNow!
    Picasa 3
    PixiePack Codec Pack
    Power2Go
    PowerDirector
    PrimoPDF
    PS_AIO_06_B209a-m_SW_Min
    PSSWCORE
    QLBCASL
    QuickPlay SlingPlayer 0.4.6
    QuickTime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Serif DrawPlus Starter Edition
    Slingbox Flash Tour
    SlingPlayer
    SmartWebPrinting
    Snood 4
    SolutionCenter
    SopCast 3.0.3
    Status
    System Requirements Lab
    TBS WMP Plug-in
    The Weather Channel Desktop 6
    Toolbox
    TrayApp
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VBA (2627.01)
    Verizon V CAST Media Manager
    VideoToolkit01
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.1.11
    WebReg
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinZip
    WModem Driver Installer
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/9/2011 3:22:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/8/2011 3:14:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    11/8/2011 3:13:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    11/8/2011 3:11:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/7/2011 1:31:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.1358.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/7/2011 1:22:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/14/2011 9:43:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter NetworkX spldr Wanarpv6
    11/14/2011 9:43:38 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
    11/14/2011 9:43:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 9:43:38 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
    11/14/2011 8:23:47 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    11/14/2011 7:18:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    11/14/2011 6:47:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/14/2011 4:46:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/14/2011 2:48:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/14/2011 2:43:05 PM, Error: Service Control Manager [7034] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 3 time(s).
    11/14/2011 2:41:48 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    11/14/2011 12:55:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/14/2011 12:53:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/14/2011 12:53:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/14/2011 12:52:38 PM, Error: EventLog [6008] - The previous system shutdown at 12:50:26 PM on 11/14/2011 was unexpected.
    11/14/2011 11:57:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC MpFilter NetBIOS netbt NetworkX nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The MotoConnect Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2011 11:39:13 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/14/2011 11:37:54 AM, Error: EventLog [6008] - The previous system shutdown at 11:36:20 AM on 11/14/2011 was unexpected.
    11/14/2011 10:48:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/14/2011 10:47:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/14/2011 10:47:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/14/2011 10:47:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/14/2011 1:42:59 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/13/2011 4:25:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/13/2011 3:59:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/13/2011 3:54:51 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
    11/13/2011 11:16:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/13/2011 11:03:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/12/2011 9:27:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    11/12/2011 1:53:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================


    Thanks in advance!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    You're running two AV programs, Lavasoft Ad-Watch Live! Anti-Virus and MSE.
    One of them has to go.
    I suggest Lavasoft goes.

    =============================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. skiguyross

    skiguyross TS Rookie Topic Starter

    Next set of logs

    Thank you for the quick reply!

    So I had a little bit of trouble initially running aswMBR. My first 2 attempts, the first being in normal mode and the second in safe mode, brought up the blue screen of death. Both times it happened after the line:
    19:10:07.693 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    appeared. The third time running it, in safe mode, worked. I might have run rkill before doing. Unfortunately I can't remember, so I ran it again since then and have posted the log below, along with aswMBR and ComboFix logs.

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-15 19:09:31
    -----------------------------
    19:09:31.906 OS Version: Windows x64 6.0.6002 Service Pack 2
    19:09:31.906 Number of processors: 2 586 0x1706
    19:09:31.922 ComputerName: ROSS-PC UserName: Ross
    19:09:34.324 Initialize success
    19:09:59.378 AVAST engine defs: 11111501
    19:10:05.509 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:10:05.509 Disk 0 Vendor: TOSHIBA_ FF01 Size: 381554MB BusType: 3
    19:10:05.524 Disk 0 MBR read successfully
    19:10:05.524 Disk 0 MBR scan
    19:10:05.524 Disk 0 unknown MBR code
    19:10:05.524 Service scanning
    19:10:07.693 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    19:10:09.456 Modules scanning
    19:10:09.456 Disk 0 trace - called modules:
    19:10:09.487 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
    19:10:09.487 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80059a8060]
    19:10:09.502 3 CLASSPNP.SYS[fffffa6000a2cc33] -> nt!IofCallDriver -> [0xfffffa80059a7a50]
    19:10:09.502 5 hpdskflt.sys[fffffa6001a02189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004c23050]
    19:10:10.610 AVAST engine scan C:\Windows
    19:10:15.493 AVAST engine scan C:\Windows\system32
    19:10:29.002 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Malware-gen
    19:12:29.060 AVAST engine scan C:\Windows\system32\drivers
    19:12:44.192 AVAST engine scan C:\Users\Ross
    19:15:48.054 Disk 0 MBR has been saved successfully to "C:\Users\Ross\Desktop\MBR.dat"
    19:15:48.054 The log file has been saved successfully to "C:\Users\Ross\Desktop\aswMBR.txt"

    ComboFix 11-11-15.06 - Ross 11/15/2011 19:51:22.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.1443 [GMT -7:00]
    Running from: c:\users\Ross\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\LP
    c:\users\Ross\AppData\Roaming\bcrypt.html
    c:\users\Ross\AppData\Roaming\inst.exe
    c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Security 2012
    c:\users\Ross\g2mdlhlpx.exe
    c:\windows\system32\consrv.dll
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-16 03:21 . 2011-11-16 03:21 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4C6CFE8-6750-428D-8C25-45F57E42D097}\offreg.dll
    2011-11-16 03:19 . 2011-11-16 03:25 -------- d-----w- c:\users\Ross\AppData\Local\temp
    2011-11-14 20:12 . 2011-11-14 20:12 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-13 22:44 . 2011-11-13 22:44 98816 ----a-w- c:\users\Ross\AppData\Roaming\Microsoft\D014\24A5.tmp
    2011-11-13 22:44 . 2011-11-14 20:42 -------- d-----w- c:\users\Ross\AppData\Roaming\B69D4
    2011-11-13 22:44 . 2011-11-13 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\T7fffEL9g
    2011-11-13 22:44 . 2011-11-13 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\jbbbD33pnG4aH6W
    2011-11-13 22:44 . 2011-11-13 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\wF33ppaaJ6dWKfL
    2011-11-13 22:44 . 2011-11-13 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\hRRRZZ9hY
    2011-11-13 22:44 . 2011-11-14 20:42 -------- d-----w- c:\users\Ross\AppData\Roaming\40DB6
    2011-11-09 03:05 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 03:05 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 03:05 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 03:05 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2011-11-09 03:05 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 03:05 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
    2011-11-09 03:05 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-06 10:04 . 2011-11-06 10:05 -------- d-----w- c:\users\Ross\AppData\Roaming\Fingerfox (SE)
    2011-10-30 07:35 . 2011-10-30 07:35 -------- d-----w- c:\users\UpdatusUser
    2011-10-30 07:35 . 2011-10-30 07:35 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2011-10-30 07:34 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-10-30 07:34 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-10-30 07:24 . 2011-10-30 07:24 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2011-10-26 00:31 . 2011-10-26 00:31 -------- d-----w- c:\program files\iPod
    2011-10-26 00:31 . 2011-10-26 00:32 -------- d-----w- c:\program files\iTunes
    2011-10-26 00:25 . 2011-10-26 00:25 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-30 07:41 . 2011-05-26 03:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-19 00:46 . 2009-10-28 00:18 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-15 08:53 . 2010-10-17 08:55 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-10-15 08:53 . 2009-10-03 18:02 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2009-10-03 18:01 539456 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-10-15 08:53 . 2009-10-03 18:01 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-10-15 08:53 . 2009-10-03 18:01 222528 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2009-10-03 18:01 137536 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2009-10-03 18:01 10406208 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2008-07-25 13:28 2808128 ----a-w- c:\windows\system32\nvapi64.dll
    2011-10-15 08:53 . 2008-07-25 13:28 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-10-14 05:30 . 2011-10-14 05:31 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5270484C-5CCD-4ED7-8F51-97BF92E99651}\gapaengine.dll
    2011-10-07 04:16 . 2010-05-21 17:33 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-09-15 02:36 . 2011-09-15 02:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-09-15 02:36 . 2011-09-15 02:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-09-15 02:36 . 2011-09-15 02:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-09-15 02:36 . 2011-09-15 02:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-09-15 02:36 . 2011-09-15 02:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-09-15 02:36 . 2011-09-15 02:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-09-15 02:36 . 2011-09-15 02:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-09-15 02:36 . 2011-09-15 02:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-09-15 02:36 . 2011-09-15 02:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-09-15 02:36 . 2011-09-15 02:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-09-15 02:36 . 2011-09-15 02:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-09-15 02:36 . 2011-09-15 02:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-09-15 02:36 . 2011-09-15 02:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-09-15 02:36 . 2011-09-15 02:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-09-15 02:36 . 2011-09-15 02:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-09-15 02:36 . 2011-09-15 02:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-09-15 02:36 . 2011-09-15 02:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-09-15 02:36 . 2011-09-15 02:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-09-15 02:36 . 2011-09-15 02:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-09-15 02:36 . 2011-09-15 02:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-09-15 02:36 . 2011-09-15 02:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-09-15 02:36 . 2011-09-15 02:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-15 02:36 . 2011-09-15 02:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-09-15 02:36 . 2011-09-15 02:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-09-15 02:36 . 2011-09-15 02:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-09-15 02:36 . 2011-09-15 02:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-09-15 02:36 . 2011-09-15 02:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-09-15 02:36 . 2011-09-15 02:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-09-15 02:36 . 2011-09-15 02:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-09-15 02:36 . 2011-09-15 02:36 448512 ----a-w- c:\windows\system32\html.iec
    2011-09-15 02:36 . 2011-09-15 02:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-09-15 02:36 . 2011-09-15 02:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-09-15 02:36 . 2011-09-15 02:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-09-15 02:36 . 2011-09-15 02:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-09-15 02:36 . 2011-09-15 02:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-09-15 02:36 . 2011-09-15 02:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-09-06 13:56 . 2011-10-14 05:29 2764288 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 05:24 . 2011-10-15 04:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-15 04:17 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-15 04:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-15 04:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-15 04:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-15 04:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-01 00:00 . 2010-05-18 20:30 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 05:05 . 2011-08-31 05:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 05:05 . 2011-08-31 05:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-25 16:20 . 2011-10-14 05:29 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:19 . 2011-10-14 05:29 332288 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 16:19 . 2011-10-14 05:29 847360 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:15 . 2011-10-14 05:29 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-14 05:29 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-08-25 16:14 . 2011-10-14 05:29 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-25 13:54 . 2011-10-14 05:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-25 13:31 . 2011-10-14 05:29 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate1ca51e2abc2f06b;Google Update Service (gupdate1ca51e2abc2f06b);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-07 361808]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-07-24 27632]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [x]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 719152]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
    2009-03-04 22:32 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 00:08]
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 00:08]
    .
    2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708482083-798194572-1285507946-1000Core.job
    - c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 00:32]
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708482083-798194572-1285507946-1000UA.job
    - c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 00:32]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "combofix"="c:\combofix\CF20566.3XE" [2008-01-21 363008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 62061
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Aim6 - (no file)
    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Wow6432Node-HKLM-Run-hpqSRMon - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-SopCast - c:\program files (x86)\SopCast\uninst.exe
    AddRemove-The Weather Channel Desktop 6 - c:\program files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\crypserv.exe
    c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
    c:\program files (x86)\Common Files\Teleca Shared\logger.exe
    c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
    c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-15 20:31:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-16 03:31
    .
    Pre-Run: 121,040,232,448 bytes free
    Post-Run: 120,158,486,528 bytes free
    .
    - - End Of File - - DE0301AC33C5155AE23366C6DDD3D255

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 11/15/2011 at 20:39:57.
    Operating System: Windows (TM) Vista Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\SysWOW64\rundll32.exe


    Rkill completed on 11/15/2011 at 20:40:05.
     
  6. skiguyross

    skiguyross TS Rookie Topic Starter

    Computer Status

    BTW, my firewall has turned back on and searches are no longer being hijacked. The only odd thing that has happened was Firefox was removed as my default browser.

    Thanks again!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good news :)

    That was done by Combofix. You can set it back.

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box
    • Click OK
    Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\users\Ross\AppData\Roaming\B69D4
    c:\users\Ross\AppData\Roaming\T7fffEL9g
    c:\users\Ross\AppData\Roaming\jbbbD33pnG4aH6W
    c:\users\Ross\AppData\Roaming\wF33ppaaJ6dWKfL
    c:\users\Ross\AppData\Roaming\hRRRZZ9hY
    c:\users\Ross\AppData\Roaming\40DB6
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  8. skiguyross

    skiguyross TS Rookie Topic Starter

    Here you go. Thanks again!

    ComboFix 11-11-16.01 - Ross 11/16/2011 12:12:22.2.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2333 [GMT -7:00]
    Running from: c:\users\Ross\Downloads\ComboFix.exe
    Command switches used :: c:\users\Ross\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Ross\AppData\Roaming\40DB6
    c:\users\Ross\AppData\Roaming\40DB6\69D4.0DB
    c:\users\Ross\AppData\Roaming\B69D4
    c:\users\Ross\AppData\Roaming\hRRRZZ9hY
    c:\users\Ross\AppData\Roaming\jbbbD33pnG4aH6W
    c:\users\Ross\AppData\Roaming\T7fffEL9g
    c:\users\Ross\AppData\Roaming\T7fffEL9g\AV Security 2012.ico
    c:\users\Ross\AppData\Roaming\wF33ppaaJ6dWKfL
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-16 19:19 . 2011-11-16 19:19 -------- d-----w- c:\users\Ross\AppData\Local\temp
    2011-11-16 19:19 . 2011-11-16 19:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-11-16 19:19 . 2011-11-16 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-16 18:57 . 2011-11-16 18:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7922E9B-5AA5-46E9-A26A-1D239DD0D216}\offreg.dll
    2011-11-16 03:34 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7922E9B-5AA5-46E9-A26A-1D239DD0D216}\mpengine.dll
    2011-11-14 20:12 . 2011-11-14 20:12 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-13 22:44 . 2011-11-13 22:44 98816 ----a-w- c:\users\Ross\AppData\Roaming\Microsoft\D014\24A5.tmp
    2011-11-09 03:05 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 03:05 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2011-11-09 03:05 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-11-09 03:05 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2011-11-09 03:05 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
    2011-11-09 03:05 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
    2011-11-09 03:05 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
    2011-11-06 10:04 . 2011-11-06 10:05 -------- d-----w- c:\users\Ross\AppData\Roaming\Fingerfox (SE)
    2011-10-30 07:35 . 2011-10-30 07:35 -------- d-----w- c:\users\UpdatusUser
    2011-10-30 07:35 . 2011-10-30 07:35 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2011-10-30 07:34 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
    2011-10-30 07:34 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-10-30 07:24 . 2011-10-30 07:24 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
    2011-10-26 00:31 . 2011-10-26 00:31 -------- d-----w- c:\program files\iPod
    2011-10-26 00:31 . 2011-10-26 00:32 -------- d-----w- c:\program files\iTunes
    2011-10-26 00:25 . 2011-10-26 00:25 -------- d-----w- c:\program files\Bonjour
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-30 07:41 . 2011-05-26 03:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-19 00:46 . 2009-10-28 00:18 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-10-15 08:53 . 2010-10-17 08:55 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-10-15 08:53 . 2009-10-03 18:02 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-10-15 08:53 . 2009-10-03 18:01 539456 ----a-w- c:\windows\system32\nvhotkey.dll
    2011-10-15 08:53 . 2009-10-03 18:01 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-10-15 08:53 . 2009-10-03 18:01 222528 ----a-w- c:\windows\system32\nvmctray.dll
    2011-10-15 08:53 . 2009-10-03 18:01 137536 ----a-w- c:\windows\system32\nvshext.dll
    2011-10-15 08:53 . 2009-10-03 18:01 10406208 ----a-w- c:\windows\system32\nvcpl.dll
    2011-10-15 08:53 . 2008-07-25 13:28 2808128 ----a-w- c:\windows\system32\nvapi64.dll
    2011-10-15 08:53 . 2008-07-25 13:28 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-10-14 05:30 . 2011-10-14 05:31 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5270484C-5CCD-4ED7-8F51-97BF92E99651}\gapaengine.dll
    2011-10-07 04:16 . 2010-05-21 17:33 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-09-15 02:36 . 2011-09-15 02:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-09-15 02:36 . 2011-09-15 02:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-09-15 02:36 . 2011-09-15 02:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-09-15 02:36 . 2011-09-15 02:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-09-15 02:36 . 2011-09-15 02:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-09-15 02:36 . 2011-09-15 02:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-09-15 02:36 . 2011-09-15 02:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-09-15 02:36 . 2011-09-15 02:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-09-15 02:36 . 2011-09-15 02:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-09-15 02:36 . 2011-09-15 02:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-09-15 02:36 . 2011-09-15 02:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-09-15 02:36 . 2011-09-15 02:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-09-15 02:36 . 2011-09-15 02:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-09-15 02:36 . 2011-09-15 02:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-09-15 02:36 . 2011-09-15 02:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-09-15 02:36 . 2011-09-15 02:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-09-15 02:36 . 2011-09-15 02:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-09-15 02:36 . 2011-09-15 02:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-09-15 02:36 . 2011-09-15 02:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-09-15 02:36 . 2011-09-15 02:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-09-15 02:36 . 2011-09-15 02:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-09-15 02:36 . 2011-09-15 02:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-09-15 02:36 . 2011-09-15 02:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-09-15 02:36 . 2011-09-15 02:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-09-15 02:36 . 2011-09-15 02:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-09-15 02:36 . 2011-09-15 02:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-09-15 02:36 . 2011-09-15 02:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-09-15 02:36 . 2011-09-15 02:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-09-15 02:36 . 2011-09-15 02:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-09-15 02:36 . 2011-09-15 02:36 448512 ----a-w- c:\windows\system32\html.iec
    2011-09-15 02:36 . 2011-09-15 02:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-09-15 02:36 . 2011-09-15 02:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-09-15 02:36 . 2011-09-15 02:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-09-15 02:36 . 2011-09-15 02:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-09-15 02:36 . 2011-09-15 02:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-09-15 02:36 . 2011-09-15 02:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-09-06 13:56 . 2011-10-14 05:29 2764288 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 05:24 . 2011-10-15 04:17 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-09-01 05:17 . 2011-10-15 04:17 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-09-01 05:12 . 2011-10-15 04:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-01 02:35 . 2011-10-15 04:17 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-09-01 02:28 . 2011-10-15 04:17 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-09-01 02:22 . 2011-10-15 04:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-09-01 00:00 . 2010-05-18 20:30 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 05:05 . 2011-08-31 05:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 05:05 . 2011-08-31 05:05 85864 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 05:05 . 2011-08-31 05:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-08-31 05:05 . 2011-08-31 05:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-08-25 16:20 . 2011-10-14 05:29 735744 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:19 . 2011-10-14 05:29 332288 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 16:19 . 2011-10-14 05:29 847360 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-25 16:15 . 2011-10-14 05:29 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
    2011-08-25 16:14 . 2011-10-14 05:29 238080 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-08-25 16:14 . 2011-10-14 05:29 563712 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-08-25 13:54 . 2011-10-14 05:29 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-08-25 13:31 . 2011-10-14 05:29 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-11-16_03.23.17 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-01-21 02:23 . 2011-11-16 02:25 82308 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-01-21 02:23 . 2011-11-16 19:00 82308 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 15:45 . 2011-11-16 19:00 98194 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2009-01-16 02:07 . 2011-11-16 19:00 19494 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1708482083-798194572-1285507946-1000_UserData.bin
    - 2009-01-16 02:07 . 2011-11-16 03:24 19494 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1708482083-798194572-1285507946-1000_UserData.bin
    - 2011-11-16 03:21 . 2011-11-16 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-16 18:57 . 2011-11-16 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-11-16 03:21 . 2011-11-16 03:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-11-16 18:57 . 2011-11-16 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2006-11-02 12:46 . 2011-11-16 02:26 606602 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-11-16 19:03 606602 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2011-11-16 19:03 105170 c:\windows\system32\perfc009.dat
    - 2006-11-02 12:46 . 2011-11-16 02:26 105170 c:\windows\system32\perfc009.dat
    - 2011-02-11 18:13 . 2011-11-16 03:20 531480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-02-11 18:13 . 2011-11-16 03:45 531480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-03-26 07:30 . 2011-11-16 03:45 27360468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1708482083-798194572-1285507946-1000-8192.dat
    - 2011-03-26 07:30 . 2011-11-16 03:20 27360468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1708482083-798194572-1285507946-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate1ca51e2abc2f06b;Google Update Service (gupdate1ca51e2abc2f06b);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 133104]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [x]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    R3 NETw3v64;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw3v64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
    R4 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-07 361808]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-07-24 27632]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [x]
    S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-05-26 719152]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 vfs101a;vfs101a;c:\windows\system32\drivers\vfs101a.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
    2009-03-04 22:32 8192 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 00:08]
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-21 00:08]
    .
    2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708482083-798194572-1285507946-1000Core.job
    - c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 00:32]
    .
    2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708482083-798194572-1285507946-1000UA.job
    - c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 00:32]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SYSTEM32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 62061
    FF - prefs.js: network.proxy.type - 4
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Completion time: 2011-11-16 12:22:42
    ComboFix-quarantined-files.txt 2011-11-16 19:22
    ComboFix2.txt 2011-11-16 03:31
    .
    Pre-Run: 120,493,060,096 bytes free
    Post-Run: 120,453,275,648 bytes free
    .
    - - End Of File - - AF8B76D3EC8F509A2366E9C1FB6F4ED8
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. skiguyross

    skiguyross TS Rookie Topic Starter

    logfile created on: 11/17/2011 1:53:38 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ross\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.97 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 35.72% Memory free
    8.13 Gb Paging File | 5.82 Gb Available in Paging File | 71.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 362.52 Gb Total Space | 111.34 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
    Drive D: | 10.09 Gb Total Space | 1.76 Gb Free Space | 17.40% Space Free | Partition Type: NTFS

    Computer Name: ROSS-PC | User Name: Ross | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/11/17 13:52:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe
    PRC - [2011/11/08 15:32:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/10/24 18:42:24 | 000,161,336 | ---- | M] (Google) -- C:\Users\Ross\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
    PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
    PRC - [2010/03/30 14:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    PRC - [2010/03/17 15:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    PRC - [2009/09/29 07:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    PRC - [2009/09/29 07:52:52 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    PRC - [2009/04/10 23:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/09/21 16:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\SysWOW64\Crypserv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/08 15:32:46 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/10/30 00:41:45 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2010/03/31 09:08:50 | 000,240,552 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
    MOD - [2010/03/31 09:08:50 | 000,240,552 | R--- | M] () -- C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
    SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2009/05/29 12:19:52 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
    SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/05/26 06:44:02 | 000,719,152 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vfsFPService.exe -- (vfsFPService)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/29 07:52:54 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
    SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/04/10 15:17:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/30 16:18:43 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
    SRV - [2008/08/06 17:37:22 | 000,361,808 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/07/23 19:35:42 | 000,292,216 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
    SRV - [2008/07/23 19:35:42 | 000,116,080 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
    SRV - [2008/05/26 06:43:58 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vfsFPService.exe -- (vfsFPService)
    SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/09/21 16:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\SysWow64\Crypserv.exe -- (Crypkey License)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/10/26 10:55:22 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
    DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/20 14:02:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2008/11/17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2008/09/04 01:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
    DRV:64bit: - [2008/08/06 00:26:08 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/07/07 12:16:30 | 000,140,888 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
    DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/05/26 06:44:14 | 000,049,968 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vfs101a.sys -- (vfs101a)
    DRV:64bit: - [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
    DRV:64bit: - [2008/01/20 19:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel(R)
    DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2006/10/03 18:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV - [2008/07/23 21:55:40 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
    DRV - [2006/01/09 19:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-1708482083-798194572-1285507946-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 62061
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ross\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ross\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ross\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ross\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2009/10/06 09:43:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/08/23 10:25:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/30 22:05:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/08 15:32:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/15 12:26:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2009/10/06 09:43:49 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Ross\AppData\Roaming\Move Networks [2009/12/22 20:49:35 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/10/30 22:05:22 | 000,000,000 | ---D | M]

    [2009/01/16 09:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Extensions
    [2011/11/06 03:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\extensions
    [2010/04/26 20:06:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/11/06 03:04:12 | 000,000,000 | ---D | M] (Fingerfox (SE)) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
    [2011/10/25 16:27:49 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\extensions\video.downloader.plugin@ffpimp.com
    [2009/01/26 21:53:39 | 000,001,591 | ---- | M] () -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\searchplugins\dictionary.xml
    [2011/11/13 20:44:36 | 000,004,873 | ---- | M] () -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\searchplugins\isohunt---bt-search.xml
    [2011/10/18 00:03:53 | 000,002,410 | ---- | M] () -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\searchplugins\s-amazon.xml
    [2010/03/13 00:43:33 | 000,001,019 | ---- | M] () -- C:\Users\Ross\AppData\Roaming\Mozilla\Firefox\Profiles\f51e3eiz.default\searchplugins\torrentz-search.xml
    [2011/11/08 15:32:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/08 15:32:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009/06/21 21:29:26 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
    [2011/10/03 10:16:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/08 15:32:47 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.237\gcswf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
    CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ross\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Ross\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/11/16 12:19:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
    O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
    O4 - HKU\S-1-5-21-1708482083-798194572-1285507946-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1708482083-798194572-1285507946-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-1708482083-798194572-1285507946-1001\..Trusted Ranges: Range1 ([http] in )
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34A03489-EBF5-4884-BB0A-2694DC1605DC}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA19CAE0-2729-4F89-97C1-4BEAE780BBA8}: DhcpNameServer = 12.127.16.67 12.127.17.71
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Ross\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Ross\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/17 13:52:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe
    [2011/11/16 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Local\temp
    [2011/11/16 12:06:01 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/11/15 12:29:58 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Ross\Desktop\aswMBR.exe
    [2011/11/14 14:44:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/11/14 14:44:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/11/14 14:44:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/11/14 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/11/14 14:41:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/11/14 13:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2011/11/10 16:26:56 | 000,000,000 | ---D | C] -- C:\Users\Ross\Documents\My Scans
    [2011/11/06 03:04:13 | 000,000,000 | ---D | C] -- C:\Users\Ross\AppData\Roaming\Fingerfox (SE)
    [2011/10/30 00:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2011/10/30 00:31:46 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/10/30 00:31:46 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/10/30 00:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
    [2011/10/25 17:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/10/25 17:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/10/25 17:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/10/25 17:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/10/25 17:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/10/25 17:09:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2009/09/20 14:02:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Ross\AppData\Roaming\pcouffin.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/11/17 13:57:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/17 13:57:41 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/17 13:52:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe
    [2011/11/17 13:14:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/11/17 13:05:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1708482083-798194572-1285507946-1000UA.job
    [2011/11/17 13:05:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1708482083-798194572-1285507946-1000Core.job
    [2011/11/16 18:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/11/16 12:19:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/16 12:03:47 | 000,706,824 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/16 12:03:47 | 000,606,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/16 12:03:47 | 000,105,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/16 11:57:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/16 11:57:34 | 4260,569,088 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/15 19:15:48 | 000,000,512 | ---- | M] () -- C:\Users\Ross\Desktop\MBR.dat
    [2011/11/15 13:34:50 | 000,002,675 | ---- | M] () -- C:\Users\Ross\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2011/11/15 12:46:11 | 684,248,623 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/11/15 12:30:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ross\Desktop\aswMBR.exe
    [2011/11/14 23:05:01 | 000,001,460 | ---- | M] () -- C:\Users\Ross\AppData\Local\d3d9caps64.dat
    [2011/11/14 14:49:14 | 000,302,592 | ---- | M] () -- C:\Users\Ross\Desktop\gmer.exe
    [2011/11/14 13:21:36 | 000,080,384 | ---- | M] () -- C:\Users\Ross\Desktop\MBRCheck.exe
    [2011/11/13 16:50:01 | 000,741,178 | ---- | M] () -- C:\Users\Ross\AppData\Local\census.cache
    [2011/11/13 16:49:51 | 000,191,947 | ---- | M] () -- C:\Users\Ross\AppData\Local\ars.cache
    [2011/11/13 16:36:57 | 000,199,168 | ---- | M] () -- C:\Users\Ross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/11/11 18:30:07 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/11/11 18:30:07 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/11/10 14:29:35 | 000,001,694 | ---- | M] () -- C:\Users\Ross\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
    [2011/10/30 00:23:42 | 000,703,312 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/10/30 00:23:42 | 000,703,312 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/10/25 17:32:10 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/10/25 17:09:44 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/10/18 17:46:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/11/15 19:19:01 | 4260,569,088 | -HS- | C] () -- C:\hiberfil.sys
    [2011/11/15 19:15:48 | 000,000,512 | ---- | C] () -- C:\Users\Ross\Desktop\MBR.dat
    [2011/11/14 23:05:26 | 000,001,738 | ---- | C] () -- C:\Users\Ross\Desktop\scrfix_vista.reg
    [2011/11/14 17:18:53 | 000,302,592 | ---- | C] () -- C:\Users\Ross\Desktop\gmer.exe
    [2011/11/14 14:44:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/11/14 14:44:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/11/14 14:44:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/11/14 14:44:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/11/14 14:44:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/11/14 13:58:17 | 000,080,384 | ---- | C] () -- C:\Users\Ross\Desktop\MBRCheck.exe
    [2011/11/13 16:50:01 | 000,741,178 | ---- | C] () -- C:\Users\Ross\AppData\Local\census.cache
    [2011/11/13 16:49:51 | 000,191,947 | ---- | C] () -- C:\Users\Ross\AppData\Local\ars.cache
    [2011/11/10 14:29:35 | 000,001,694 | ---- | C] () -- C:\Users\Ross\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
    [2011/10/30 00:31:45 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2011/10/25 17:32:10 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/10/25 17:09:44 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2011/10/20 22:35:21 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/10/20 22:35:21 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/01/27 21:18:39 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/10/30 21:53:31 | 000,201,588 | ---- | C] () -- C:\Windows\hpoins40.dat
    [2010/04/01 23:25:29 | 000,000,036 | ---- | C] () -- C:\Users\Ross\AppData\Local\housecall.guid.cache
    [2009/10/08 16:28:48 | 000,004,096 | -H-- | C] () -- C:\Users\Ross\AppData\Local\keyfile3.drm
    [2009/10/05 23:36:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/10/05 23:35:50 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2009/10/05 23:34:59 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/09/20 14:02:56 | 000,007,859 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\pcouffin.cat
    [2009/09/20 14:02:56 | 000,001,167 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\pcouffin.inf
    [2009/05/22 03:04:30 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat
    [2009/04/17 10:27:17 | 000,001,356 | ---- | C] () -- C:\Users\Ross\AppData\Local\d3d9caps.dat
    [2009/03/31 15:09:05 | 000,006,478 | ---- | C] () -- C:\Users\Ross\AppData\Roaming\PrimoPDFSet.xml
    [2009/03/16 07:11:16 | 000,001,460 | ---- | C] () -- C:\Users\Ross\AppData\Local\d3d9caps64.dat
    [2009/03/02 10:33:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/02/26 16:06:21 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
    [2009/02/08 22:58:34 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2009/02/08 22:58:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2009/02/08 22:58:32 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/02/08 22:58:32 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/02/04 12:11:58 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
    [2009/01/22 10:02:37 | 000,703,312 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/01/22 01:01:00 | 000,000,198 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2009/01/22 01:00:57 | 000,031,846 | ---- | C] () -- C:\Windows\SysWow64\Ckldrv.sys
    [2009/01/22 01:00:57 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2009/01/22 01:00:57 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2009/01/22 01:00:57 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2009/01/22 00:59:17 | 000,703,312 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2009/01/21 20:35:48 | 000,199,168 | ---- | C] () -- C:\Users\Ross\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/01/15 19:44:55 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2008/09/02 16:09:48 | 000,002,081 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2008/09/02 15:34:20 | 000,107,386 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2008/04/28 09:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2007/11/14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CogentBioSDK.dll
    [2006/11/02 08:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 05:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2006/11/02 05:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2006/11/02 05:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2006/11/02 02:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

    ========== LOP Check ==========

    [2009/02/02 07:26:53 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DigitalPersona
    [2011/07/17 22:48:21 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Teleca
    [2009/01/20 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\acccore
    [2009/02/24 09:25:12 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Autodesk
    [2009/01/15 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\DigitalPersona
    [2009/01/22 17:04:45 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\EPSON
    [2011/11/06 03:05:53 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Fingerfox (SE)
    [2009/04/29 19:39:32 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\GetRightToGo
    [2009/04/17 13:12:10 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\GoldSim Technology Group LLC
    [2009/11/26 13:58:44 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Juniper Networks
    [2010/08/25 21:39:48 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Serif
    [2011/10/30 00:24:45 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\SystemRequirementsLab
    [2011/07/10 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Teleca
    [2011/05/27 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Unity
    [2011/11/12 18:09:42 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\uTorrent
    [2011/08/26 21:32:38 | 000,000,000 | ---D | M] -- C:\Users\Ross\AppData\Roaming\Vso
    [2011/11/15 20:45:26 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < * >
    [2011/11/15 12:15:36 | 000,127,080 | ---- | M] () -- \aaw7boot.log
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- \bootmgr
    [2011/11/16 12:22:42 | 000,024,862 | ---- | M] () -- \ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
    [2011/11/16 11:57:34 | 4260,569,088 | -HS- | M] () -- \hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- \install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
     
  11. skiguyross

    skiguyross TS Rookie Topic Starter

    OTL
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
    [2009/06/22 23:14:49 | 000,000,742 | -H-- | M] () -- \IPH.PH
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] () -- \msdia80.dll
    [2011/11/16 11:57:32 | 279,187,455 | -HS- | M] () -- \pagefile.sys
    [2011/11/15 20:40:05 | 000,000,404 | ---- | M] () -- \rkill.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI

    < %SYSTEMDRIVE%\*.* >
    [2011/11/15 12:15:36 | 000,127,080 | ---- | M] () -- C:\aaw7boot.log
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2011/11/16 12:22:42 | 000,024,862 | ---- | M] () -- C:\ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/11/16 11:57:34 | 4260,569,088 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/06/22 23:14:49 | 000,000,742 | -H-- | M] () -- C:\IPH.PH
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/11/16 11:57:32 | 279,187,455 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/15 20:40:05 | 000,000,404 | ---- | M] () -- C:\rkill.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/06 16:30:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:35:48 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/08 10:28:19 | 000,000,684 | -HS- | M] () -- C:\Users\Ross\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/11/15 12:30:17 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Ross\Desktop\aswMBR.exe
    [2011/11/14 14:49:14 | 000,302,592 | ---- | M] () -- C:\Users\Ross\Desktop\gmer.exe
    [2011/11/14 13:21:36 | 000,080,384 | ---- | M] () -- C:\Users\Ross\Desktop\MBRCheck.exe
    [2011/11/17 13:52:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ross\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/06/08 10:04:17 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/06/08 10:03:47 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/10/06 16:50:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/10/06 16:50:50 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/06/08 10:03:47 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/10/06 09:44:37 | 000,000,402 | -HS- | M] () -- C:\Users\Ross\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/05/18 13:27:11 | 000,002,081 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2009/01/16 09:39:08 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
    [2010/10/30 22:10:12 | 000,001,623 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/10/30 00:23:42 | 000,703,312 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    < * >
    [2011/11/15 12:15:36 | 000,127,080 | ---- | M] () -- \aaw7boot.log
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- \bootmgr
    [2011/11/16 12:22:42 | 000,024,862 | ---- | M] () -- \ComboFix.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- \eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- \eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- \eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- \globdata.ini
    [2011/11/16 11:57:34 | 4260,569,088 | -HS- | M] () -- \hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- \install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] () -- \install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] () -- \install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] () -- \install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] () -- \install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] () -- \install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] () -- \install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] () -- \install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] () -- \install.res.3082.dll
    [2009/06/22 23:14:49 | 000,000,742 | -H-- | M] () -- \IPH.PH
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] () -- \msdia80.dll
    [2011/11/16 11:57:32 | 279,187,455 | -HS- | M] () -- \pagefile.sys
    [2011/11/15 20:40:05 | 000,000,404 | ---- | M] () -- \rkill.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- \vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- \VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- \VC_RED.MSI

    < End of report >

    OTL Extras logfile created on: 11/17/2011 1:53:38 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ross\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.97 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 35.72% Memory free
    8.13 Gb Paging File | 5.82 Gb Available in Paging File | 71.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 362.52 Gb Total Space | 111.34 Gb Free Space | 30.71% Space Free | Partition Type: NTFS
    Drive D: | 10.09 Gb Total Space | 1.76 Gb Free Space | 17.40% Space Free | Partition Type: NTFS

    Computer Name: ROSS-PC | User Name: Ross | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .pif [@ = piffile] -- Reg Error: Key error. File not found
    .scr [@ = scrfile] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 01 ED A5 2F DF 46 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{035FF2FB-ED16-4B2B-A486-E8261A405B5E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{09CAA240-5754-4724-B5A6-D334E93879F0}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{0A3C5CAA-D5F6-4DBC-B69C-F37EDDC5698F}" = rport=138 | protocol=17 | dir=out | app=system |
    "{1D7045D1-130F-4B42-BFAE-F3BD6A0F2E7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{21F63680-9A8E-4D48-A82E-6CC4999FBB1C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{26652B4F-402F-40C6-8D13-92C3E9173886}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{334B8824-B25D-4950-BDDF-E24333A8F344}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3A6D5D5F-32ED-4CCC-8630-D359CB024257}" = rport=445 | protocol=6 | dir=out | app=system |
    "{46BA1C50-8878-4F61-9F73-82378899EC6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E4E0320-A53C-40DB-BF97-8EF0F84CBDF3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{55BBC8EA-2A80-4523-A825-2541A810FEAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{599AE400-9381-4D8C-A2B5-92DA991C981A}" = lport=137 | protocol=17 | dir=in | app=system |
    "{5A1792CE-5A66-4B22-B6B8-A4020FC36836}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{6725EF52-7AF6-4DCC-87C7-B4B39D277717}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
    "{754FB187-C176-4CAA-A91A-F386298B96F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7C52D966-7EBB-423F-88F1-D17A1855A7AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9176AE79-3A85-44E8-A2CF-C92164F1A8AF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{970B2C3A-C0FF-4DBB-BD41-9DC7809C250B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{974CAC47-7D12-4FD3-8584-E66323545203}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{B60DE03E-474A-409D-A80E-BCC811F2E7CC}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C144F441-3A5F-4935-BA1D-94C570509E02}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DDDBF485-C3FA-4BFE-90B0-65E1D181E16F}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05382203-0828-46A2-A176-1843A390E535}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{0785DEA7-4E9F-4BDA-B50D-F05F4D51F1B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{099BF9B7-DD50-413B-A0FF-1C1F1B4274B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{11295F47-2B5F-42E9-B097-F15F4FF6DA1D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{13216942-1771-4BC4-9C4B-0B49EFD15606}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1AEF64D2-2912-450C-9908-CD12CD3EE0C6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1DBB81A5-ED83-41B5-9F89-F227FC955B41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{20B7CA5F-977E-45CD-824E-C2679B3354AF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{255C6BD3-FA41-4431-B9B3-FD75519FAD05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
    "{2BEF1BAD-5EAA-4574-9358-45B298B21670}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
    "{30BF3EAA-EE10-4882-A79D-579114B64F5F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
    "{3374C5B9-5A79-4FE5-B33E-A727877FFD68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{36E34CCB-E9B7-4459-8EBF-5442EEA4F713}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{3DB5AA17-42F6-4294-B921-A967A56E7E56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3DF957C2-E720-4089-BC2F-D52F4267DC58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4311FD76-A836-456E-A14B-F820C48AFBD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{447F32C4-596A-4376-B6FF-00EC10D9B629}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
    "{50BC99B8-45A6-4FAA-BF24-98AC9DF65908}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
    "{53AD5008-80D1-407F-95B3-4E00624D684D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{5483831D-BB33-4F3B-9C38-63993788A2A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 |
    "{5A2A95E2-B68F-4FCC-BAA5-FBE122781ACA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5F96B288-7C11-4806-AC2E-AF6810704659}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 |
    "{61D35151-D94C-4539-A1F3-F82E018B3A5B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{623414E8-EED4-4CAF-AFE5-C1A6A5B1369E}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{632E9A9C-FE65-4314-BB34-55A8935780BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
    "{670B9869-2477-447F-8003-2C96754FB408}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{67E55FB1-415E-43BC-B4E2-C7D887F103A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
    "{683A374B-16BD-47C5-83C0-6175A29AAA16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{691E8531-0C98-4543-9539-5D817B54938F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6ECE35B5-9FA1-4313-BAE3-5131D0C7A2DC}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{6EDD09F6-08C4-4749-A112-0420CF91598E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
    "{70E339D1-B186-4FD3-B7CA-6A3981412587}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
    "{71A5DD7C-C450-43D0-ADD1-1E535D90836F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
    "{744052B5-DFF0-43CE-9100-C2A85E664B13}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{744F650F-D14B-438D-B582-CAFBFBF75A5F}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{7745A549-36BC-4F79-8A4B-4C2050148A35}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{79C29499-44A7-4514-9062-B84010CF4E13}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{7D5D573E-00D3-4A50-A887-6221D303F1E5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{7E1069D9-BAB0-432D-9ED5-D2265028D37A}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{7F0D2B1F-4EA8-4F13-899C-B932DD1E6BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{8613321F-75E3-4167-8E85-49CD4EA3523C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{8D8D0B2F-9CF5-4254-B1C7-2ADB0BE0570B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8FCD1ABF-9C2E-4797-95F6-94065D12402F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{94FC7D6B-CADC-4B4E-A4E8-1C4E906D2B2C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{97B4F1C0-DC07-483F-BAD6-C99AD2354B6B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{98E36874-00CC-420C-8748-E2020370BA6F}" = protocol=6 | dir=out | app=system |
    "{9AD59B3C-F79E-4CCD-9A67-7B70E45FD2EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
    "{9CCFA449-583E-46DB-8F44-E72D9F4940A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A16549A9-4F38-456F-B8C0-B454998F1C98}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{AB14685D-325C-4B54-A247-E527CB67C6F3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB1C5FCA-B71A-4682-B06E-4C03C80E357B}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{AC629745-A84F-4A72-BF39-5555508DCD2B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{B8D33BE5-5612-4C61-8415-9212EF8924E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
    "{BD2471C6-961D-4E76-9373-B281511DFDE9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{C43B210C-C653-4D7C-A172-C429E1813C89}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
    "{C44809AD-15C3-4F13-BF03-AF4ACC0321D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
    "{C4B663FE-C0EE-40F0-A859-A12FCB32ED96}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C7AAE213-6FF5-467D-983C-050314A7A2B3}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "{C9EB2126-7284-4763-AED0-6C1A49DCC13C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{CABEF890-A33A-47FD-BADF-F7BE79B91B70}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CC93E0EA-AA09-4698-B572-8F78F26B5CCF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{D7421762-F233-4ABB-A977-50D3C5B684CF}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{DA3E70F3-D2E7-450A-9179-7DFF02A0F5E4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
    "{DAC920BF-5D53-4BAC-9A92-E858CEE24168}" = dir=in | app=e:\setup\hpznui40.exe |
    "{E0DB7383-BA65-4FBE-8C18-4E65CE1F5A4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
    "{E1059CFE-445F-4981-830A-3C5449133B34}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{E3B5FD3A-BDED-4882-A37D-69A545B49AA7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E49FE967-2F2C-4FC8-BC9A-66FF74B2E4F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E8CF33B5-5038-431A-9397-7F646BF73023}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{EA0F1237-B51A-40A5-B966-C41E6F7DBE55}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
    "{EA2050D3-A6A1-4A77-80B2-9C6E324527CE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EE705729-24F1-4DEC-8721-81E1076701BF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{F138EA49-8ED7-48A8-A6D5-0B9CB8E5591E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{F1C19A0C-E2A5-4B8F-8E06-0A8293ACED29}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{F494A330-EA84-4DB5-8211-F3E7724C103F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{F95F69F0-9509-4197-979A-82A0BA2A2BED}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
    "{F9D09AFA-A88D-4331-ACE0-401B8286E138}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FC5E561E-33AF-4C49-9111-18E941B25F3B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{FF0A0B60-E5C7-4A72-B93D-F55FC397EDA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FFA24722-D92D-4E99-8A45-3A7F564D6904}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "TCP Query User{256ECEA3-4AAD-466A-9AB9-22FA86D8E93A}C:\program files (x86)\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "TCP Query User{33FD4607-B062-4C92-A1D4-121966A174D0}C:\program files (x86)\adstech media link\app\adstechmedialink-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adstech media link\app\adstechmedialink-server.exe |
    "TCP Query User{3D8F363B-933F-46F2-A49B-29DC69048F30}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
    "TCP Query User{694F13AE-1DF8-4F41-BAF5-5291B60EDC81}C:\program files (x86)\windows media components\encoder\wmenc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows media components\encoder\wmenc.exe |
    "TCP Query User{7147DFD3-A66B-4AE2-AF0D-1CEB87524EA8}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
    "TCP Query User{751C67E1-DB9C-42B7-956F-910BE6D3140E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
     
  12. skiguyross

    skiguyross TS Rookie Topic Starter

    "TCP Query User{9A5F0A8C-672C-4902-8C5C-7101728DACCA}C:\program files\ca\etrustitm\realmon.exe" = protocol=6 | dir=in | app=c:\program files\ca\etrustitm\realmon.exe |
    "TCP Query User{B2515EDA-F238-4DC9-8EBB-10B8CE6F822E}C:\program files\ca\etrustitm\shellscn.exe" = protocol=6 | dir=in | app=c:\program files\ca\etrustitm\shellscn.exe |
    "TCP Query User{C65F57C3-FAEE-4A85-8777-F4A1F2D9864B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "TCP Query User{D0CC3266-7F69-4E5C-A546-FB3A9F2B5DC6}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{053D140C-305D-4E65-B8FB-A4E768DC71DF}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe |
    "UDP Query User{1AFAC840-A0BD-4F7F-99A0-E3EBB64F91E7}C:\program files (x86)\adstech media link\app\adstechmedialink-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adstech media link\app\adstechmedialink-server.exe |
    "UDP Query User{1D81484E-22D0-4A22-94F1-E60A2831F4D2}C:\program files (x86)\windows media components\encoder\wmenc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows media components\encoder\wmenc.exe |
    "UDP Query User{1DEB7FCF-BB97-4FF8-9BBF-F226EE3E06E4}C:\program files (x86)\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
    "UDP Query User{2757D89E-AF94-4DA1-B968-517BE517D3A3}C:\program files\ca\etrustitm\shellscn.exe" = protocol=17 | dir=in | app=c:\program files\ca\etrustitm\shellscn.exe |
    "UDP Query User{2BB52B9D-5CD3-41CC-8DED-34E50615CA96}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{3C509AF8-7058-4C52-96DB-6BBFCC8653F4}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
    "UDP Query User{8032D833-9693-4DA4-9C76-E02FA0D7036C}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{A21B65FC-CCC4-421D-A998-86A003AF5006}C:\program files\ca\etrustitm\realmon.exe" = protocol=17 | dir=in | app=c:\program files\ca\etrustitm\realmon.exe |
    "UDP Query User{E4AB18EA-8505-41D3-A622-E9BC8FF7CA2D}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
    "{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3F5D0650-63D7-4850-A87E-9A934962511C}" = DigitalPersona Personal 4.11
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
    "{5783F2D7-7001-0409-0102-0060B0CE6BBA}" = AutoCAD 2009 - English
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{665870B4-8C0C-41E7-A015-33245DDC8679}" = HP MediaSmart SmartMenu
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7C581504-74B4-4F5C-9201-92DD684F74A2}" = GS64bitComponents
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
    "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
    "{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
    "AutoCAD 2009 - English" = AutoCAD 2009 - English
    "B30ECD0209A21D638611F893829C8AF3A483A302" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.0
    "HP Print Projects" = HP Print Projects 1.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v1.6.4
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "{00C3EAB3-76FF-45C8-97FE-5EBFBF0B1036}" = HP User Guides 0115
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
    "{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
    "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
    "{1C643154-0ADF-4B4C-AF17-E315C946A54B}" = MotoConnect
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
    "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
    "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
    "{33311EA4-0ECA-4E7F-83E5-8A92CD760152}" = Serif DrawPlus Starter Edition
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
    "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
    "{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
    "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PRJPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PRJPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_PRJPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_PRJPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
    "{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D164C123-6C11-4FA2-812A-F71887A34E50}" = GoldSim 10.02
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D534BE1A-D519-4F56-9306-0DECFF9F9E5D}" = muvee autoProducer 6.1
    "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DBB6DD0C-0467-4524-ADF5-244E395E00CA}" = MVPstats
    "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{DF614B1C-392B-4E14-BB86-92E8F6481A9C}" = GoldSim 9.60
    "{E3106067-CD5B-45A1-A7CE-FCBC912F2EC7}" = GoldSim 10 Beta
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F5A0823C-E3AA-47FF-A756-6A626D1835D0}" = @RISK 5.0 for Excel, Industrial Edition
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "ADSTech Media Link_is1" = ADSTech Media Link version 1.2
    "AIM_6" = AIM 6
    "Audacity_is1" = Audacity 1.2.6
    "Autodesk Design Review 2009" = Autodesk Design Review 2009
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON Scanner" = EPSON Scan
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "gBurner" = gBurner
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.5.3 (Full)
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LastFM_is1" = Last.fm 1.5.4.27091
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
    "Picasa 3" = Picasa 3
    "PrimoPDF4.1.0.9" = PrimoPDF
    "PRJPRO" = Microsoft Office Project Professional 2007
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "Snood 4_is1" = Snood 4
    "SopCast" = SopCast 3.0.3
    "SystemRequirementsLab" = System Requirements Lab
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "Verizon V CAST Media Manager" = Verizon V CAST Media Manager
    "VLC media player" = VLC media player 1.1.11
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinZip" = WinZip

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.0.0.320
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Move Media Player" = Move Media Player
    "Neoteris_Host_Checker" = Juniper Networks Host Checker
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/29/2011 7:13:52 AM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 7/29/2011 7:18:40 AM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 7/29/2011 7:19:30 AM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 7/29/2011 7:21:33 AM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 7/30/2011 3:05:57 PM | Computer Name = Ross-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/30/2011 4:51:40 PM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 7/30/2011 4:51:40 PM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 7/30/2011 4:51:40 PM | Computer Name = Ross-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    Error - 8/2/2011 2:40:41 AM | Computer Name = Ross-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/2/2011 3:17:34 PM | Computer Name = Ross-PC | Source = WinMgmt | ID = 10
    Description =

    [ OSession Events ]
    Error - 10/5/2009 2:48:35 PM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 75 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 10/5/2009 3:17:40 PM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 1618 seconds with 300 seconds of active time. This session ended with a
    crash.

    Error - 11/10/2009 1:02:17 PM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 6990 seconds with 5160 seconds of active time. This session ended with a
    crash.

    Error - 11/10/2009 1:12:26 PM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 603 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 11/11/2009 1:54:23 AM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 72 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 11/16/2009 2:47:45 PM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
    lasted 5771 seconds with 1320 seconds of active time. This session ended with a
    crash.

    Error - 11/16/2009 9:07:28 PM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22487
    seconds with 420 seconds of active time. This session ended with a crash.

    Error - 9/5/2011 1:56:23 AM | Computer Name = Ross-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 11/15/2011 11:23:17 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/16/2011 2:58:12 PM | Computer Name = Ross-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 11/16/2011 2:59:36 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/16/2011 3:05:06 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 11/16/2011 3:05:06 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 11/16/2011 3:05:56 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 11/16/2011 3:15:55 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/16/2011 3:19:13 PM | Computer Name = Ross-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/16/2011 3:19:13 PM | Computer Name = Ross-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/16/2011 3:19:49 PM | Computer Name = Ross-PC | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
     
  13. skiguyross

    skiguyross TS Rookie Topic Starter

    PS: Computer has been running well. Booting quicker, no hijacked links, etc.
    Thanks!
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Cool :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-1708482083-798194572-1285507946-1001\..Trusted Ranges: Range1 ([http] in )
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5...ndows-i586.cab (Reg Error: Key error.)
      O37 - HKU\S-1-5-21-1708482083-798194572-1285507946-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. skiguyross

    skiguyross TS Rookie Topic Starter

    Here are the most recent logs:

    The OTL file is below. It asked me to reboot, which I did. Upon rebooting my computer reinstalled HP Photosmart Essentials 2.5. It’s a little odd considering 3.0 is already installed on my computer.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry key HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1000_Classes\.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1708482083-798194572-1285507946-1000_Classes\ComFile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
    C:\Windows\msdownld.tmp folder deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1653740 bytes
    ->Java cache emptied: 19688569 bytes
    ->FireFox cache emptied: 71710836 bytes
    ->Flash cache emptied: 3896 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Ross
    ->Temp folder emptied: 31832 bytes
    ->Temporary Internet Files folder emptied: 91948929 bytes
    ->Java cache emptied: 124040681 bytes
    ->FireFox cache emptied: 102484336 bytes
    ->Google Chrome cache emptied: 13375286 bytes
    ->Flash cache emptied: 2553478 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 19925 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33706 bytes
    RecycleBin emptied: 608452 bytes

    Total Files Cleaned = 408.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Ross
    ->Flash cache emptied: 0 bytes

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11172011_183930

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 29
    Java(TM) 6 Update 6
    Out of date Java installed!
    Adobe Flash Player 11.0.1.152
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````

    ESET Scan:
    C:\Users\Ross\AppData\Roaming\Microsoft\D014\24A5.tmp Win32/PSW.Agent.NTM trojan cleaned by deleting - quarantined
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Uninstall Java(TM) 6 Update 6 .


    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...