TechSpot

Super Sneaky Virus

By mariemagnolia
Sep 28, 2010
  1. I have a supposed virus that hijacked Norton Internet Security and would not allow it to run. It has disabled the ability to update malwarebytes definitions. It would not let me update Avira. I could not download or install McAfee. This is my last hope. I have followed all the steps and am pasting log files.

    Please let me know how to proceed.

    Thank you!
    mariemagnolia


    =============================================
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18943

    9/27/2010 11:37:43 PM
    mbam-log-2010-09-27 (23-37-43).txt

    Scan type: Quick scan
    Objects scanned: 143678
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ========================================================
     
  2. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Office Depot at 23:30:30.16 on Mon 09/27/2010
    Internet Explorer: 8.0.6001.18943
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6133.4126 [GMT -7:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Office Depot\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://qwest.live.com
    uWindow Title = Windows Internet Explorer provided by Qwest
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\syswow64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
    uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
    uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
    mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
    mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
    mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QwestTouchPointAgent] "c:\program files (x86)\qwest\desktop\QwestTouchPointAgent.exe" /autostart
    mRun: [Qwest Personal Digital Vault] "c:\program files (x86)\qwest personal digital vault\QwestPersonalDigitalVault.exe" /m
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [HP Remote Software] c:\program files\hewlett-packard\hp remote\HP REMOTE V1.0.5.exe
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-2-23 52856]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-7-6 433200]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-7-6 221232]
    R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-8-31 954928]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-7-6 615040]
    R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100920.001\IDSviA64.sys [2010-9-20 463408]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-7-6 150064]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-7-6 451120]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-9-27 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-9-27 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 81072]
    R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
    R2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 NIS;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe" /s "nis" /m "c:\program files (x86)\norton internet security\engine\17.7.0.12\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\17.7.0.12\ccSvcHst.exe [?]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-6 132656]
    S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\drivers\lvuvc64.sys [2010-5-10 6379288]
    S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-2-2 23536]
    S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-11-8 93184]

    ============== File Associations ===============

    JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-09-28 06:07:17 0 d-----w- c:\users\office~1\appdata\roaming\Avira
    2010-09-28 05:56:02 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-28 05:56:01 0 d-----w- c:\programdata\Avira
    2010-09-28 05:56:01 0 d-----w- c:\program files (x86)\Avira
    2010-09-28 05:51:26 0 d-----w- c:\program files\iPod
    2010-09-28 05:51:25 0 d-----w- c:\program files\iTunes
    2010-09-28 05:51:25 0 d-----w- c:\program files (x86)\iTunes
    2010-09-28 05:46:04 0 d-----w- c:\program files\Bonjour
    2010-09-28 05:46:04 0 d-----w- c:\program files (x86)\Bonjour
    2010-09-28 05:42:13 0 d-----w- c:\programdata\McAfee
    2010-09-28 04:46:54 0 d-----w- c:\users\office~1\appdata\roaming\Malwarebytes
    2010-09-28 04:46:46 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-28 01:17:49 65536 --sha-w- c:\users\office depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TM.blf
    2010-09-28 01:17:49 524288 --sha-w- c:\users\office depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000002.regtrans-ms
    2010-09-28 01:17:49 524288 --sha-w- c:\users\office depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
    2010-09-28 00:35:16 0 d-----w- c:\programdata\Malwarebytes
    2010-09-28 00:35:16 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-09-22 21:22:39 0 d-----w- c:\programdata\Sun
    2010-09-14 19:57:33 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
    2010-09-14 19:57:33 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2010-09-14 19:57:32 267776 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-14 19:57:25 975360 ----a-w- c:\windows\system32\inetcomm.dll
    2010-09-14 19:57:25 738816 ----a-w- c:\windows\syswow64\inetcomm.dll
    2010-09-14 19:57:25 622080 ----a-w- c:\windows\system32\usp10.dll
    2010-09-14 19:57:25 501760 ----a-w- c:\windows\syswow64\usp10.dll
    2010-09-08 18:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts

    ==================== Find3M ====================

    2010-09-28 05:47:11 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-09-28 05:47:11 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-09-28 05:47:11 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-09-28 01:47:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-07-31 06:03:40 13526497 ----a-w- c:\users\office depot\Otter32Setup.exe
    2010-07-28 01:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-28 01:55:50 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2010-07-28 01:55:50 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2010-07-28 01:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-28 01:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
    2010-07-28 01:44:10 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll
    2010-07-28 01:44:10 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
    2010-07-28 01:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
    2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
    2009-04-22 11:05:10 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
    2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-06-18 20:42:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2010-03-28 20:58:09 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
    2010-03-28 20:58:09 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
    2009-04-22 11:07:08 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 23:30:40.81 ===============
    =========================================================
    GMER.log is an empty file
     
  3. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    Avira AntiVir Personal - Free Antivirus Updater
    Complete product update

    Creation time: Mon Sep 27 23:33:00 2010


    Operating system:
    Windows Vista x64 (Service Pack 1) [6.0.6001] 64 bit

    Product information:
    Product version: 10.0.0.567
    Updater: C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 10.0.0.29
    Update resource: C:\Program Files (x86)\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
    Library: C:\Program Files (x86)\Avira\AntiVir Desktop\update.dll 0.1.0.44
    Plugin: C:\Program Files (x86)\Avira\AntiVir Desktop\updext.dll 10.0.0.8
    GUI: C:\Program Files (x86)\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

    Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
    Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
    Installation Directory: C:\Program Files (x86)\Avira\AntiVir Desktop\
    Updater folder: C:\Program Files (x86)\Avira\AntiVir Desktop\
    AppData folder: C:\ProgramData\Avira\AntiVir Desktop\

    Proxy settings:
    System settings used

    23:33:01 [UPD] [INFO] Checking whether newer files are available.
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.188/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.188/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.179/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.186/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.186/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.183/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.184/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.189/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.189/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.189/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.185/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.185/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.185/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.181/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.187/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.187/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.187/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.182/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
    23:33:01 [UPD] [INFO] Select update server 'http://perspeak.avira-update.com/update'.
    23:33:01 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
    23:33:01 [UPDLIB] [ERROR] Retry...
    23:33:01 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
    23:33:01 [UPDLIB] [ERROR] Retry...
    23:33:01 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
    23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
    23:33:01 [UPDLIB] [ERROR] No additional servers found, the update will be canceled.
    23:33:01 [UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 537.


    Summary:
    ********
    0 Files downloaded
    0 Files installed

    Mon Sep 27 23:33:01 2010
    The update failed!
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    Hi. Could you please also post the GMER logs.
     
  5. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    GMER log

    GMER log was an empty file.
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
     
  7. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    Combo Fix will not run on my computer because I am running Vista x64. Please help!!! What else should I try?
     
  8. crunchie

    crunchie Malware Helper Posts: 728

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    OTL.TXT
    +++++++++++++++++++++++++++++++++++++++++++++
    OTL logfile created on: 9/29/2010 11:34:34 PM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Office Depot\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.50 Gb Total Space | 399.56 Gb Free Space | 68.59% Space Free | Partition Type: NTFS
    Drive D: | 13.67 Gb Total Space | 1.93 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OFFICEDEPOT-PC
    Current User Name: Office Depot
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/09/29 23:31:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
    PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2009/04/09 23:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2009/04/09 23:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/03/19 10:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/09/29 23:31:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
    MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
    MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2008/08/26 07:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2008/12/08 19:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
    SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
    SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
    DRV:64bit: - [2010/07/06 08:11:00 | 000,173,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
    DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Ironx64.SYS -- (SymIRON)
    DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMEFA64.SYS -- (SymEFA)
    DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SRTSP64.SYS -- (SRTSP)
    DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
    DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ccHPx64.sys -- (ccHP)
    DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMDS64.SYS -- (SymDS)
    DRV:64bit: - [2009/10/07 01:49:27 | 006,379,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/26 04:46:34 | 010,276,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/02/02 11:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
    DRV:64bit: - [2009/01/20 09:49:30 | 001,254,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/01/20 07:49:48 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/12/04 05:48:52 | 000,407,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/01/20 19:46:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
    DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2007/01/18 16:10:22 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
    DRV - [2010/08/31 15:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2010/07/06 09:13:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/07/06 09:13:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/06/16 18:54:14 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100920.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/07/07 04:47:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/09/27 19:16:15 | 000,000,000 | ---D | M]

    [2009/10/24 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\mozilla\Extensions
    [2009/10/24 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
     
  10. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    continued...


    O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File not found
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL File not found
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File not found
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
    O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
    O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
    O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Microsoft Default Manager] c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
    O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
    O24 - Desktop WallPaper: C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{050b1c7a-71bf-11de-b384-00248cf8b4fe}\Shell - "" = AutoRun
    O33 - MountPoints2\{050b1c7a-71bf-11de-b384-00248cf8b4fe}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{735a699b-ac5b-11de-a0ea-00248cf8b4fe}\Shell - "" = AutoRun
    O33 - MountPoints2\{735a699b-ac5b-11de-a0ea-00248cf8b4fe}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/09/29 23:31:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
    [2010/09/29 23:17:49 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Desktop\files_to_file
    [2010/09/29 23:16:38 | 000,000,000 | R--D | C] -- C:\Users\Office Depot\Desktop\shortcuts
    [2010/09/29 22:49:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/09/27 23:07:17 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Avira
    [2010/09/27 22:56:02 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
    [2010/09/27 22:56:02 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
    [2010/09/27 22:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2010/09/27 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2010/09/27 22:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/09/27 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/09/27 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/09/27 22:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2010/09/27 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/09/27 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/09/27 22:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2010/09/27 21:46:54 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Malwarebytes
    [2010/09/27 21:46:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/09/27 17:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/09/27 17:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/09/22 14:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2010/09/22 14:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/07/30 23:03:40 | 013,526,497 | ---- | C] (Oregon Employment Department) -- C:\Users\Office Depot\Otter32Setup.exe
    [2010/07/23 08:33:22 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Desktop\album 7-22-2010
    [2010/07/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\CrashDumps
    [2010/07/07 03:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    [2010/07/06 14:43:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C
    [2010/07/06 08:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
    [2010/07/06 08:34:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/07/06 08:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
    [2010/07/06 08:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
    [2010/07/06 08:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2010/07/06 08:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2010/07/06 08:12:38 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Qwest
    [2010/07/06 08:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest Personal Digital Vault
    [2010/07/06 08:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2010/07/06 08:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
    [2010/07/06 08:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
    [2010/07/06 08:09:30 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Documents\Symantec
    [2010/07/06 07:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest
    [2010/07/06 07:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
    [2010/07/06 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Qwest
    [2010/07/06 07:37:51 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
    [2010/07/06 07:37:51 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Xenocode
    [2010/07/06 07:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
    [2010/07/02 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\2DBoy
    [2010/07/02 16:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
    [1 C:\Users\Office Depot\Desktop\*.tmp files -> C:\Users\Office Depot\Desktop\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/09/29 23:35:31 | 002,488,546 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
    [2010/09/29 23:34:43 | 002,621,440 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat
    [2010/09/29 23:31:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
    [2010/09/29 23:29:12 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/09/29 23:29:12 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/09/29 23:29:12 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/09/29 23:22:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/09/29 23:22:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/09/29 23:22:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/09/29 23:22:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/09/29 23:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/29 23:22:08 | 000,065,536 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TM.blf
    [2010/09/27 22:27:51 | 000,001,460 | ---- | M] () -- C:\Users\Office Depot\AppData\Local\d3d9caps64.dat
    [2010/09/27 22:27:46 | 000,002,551 | ---- | M] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
    [2010/09/27 18:47:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
    [2010/09/27 18:42:52 | 000,442,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/09/27 18:41:54 | 000,524,288 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000002.regtrans-ms
    [2010/09/27 18:41:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/09/27 17:45:21 | 000,524,288 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{41224832-4878-11df-ae4b-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/27 17:45:21 | 000,065,536 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{41224832-4878-11df-ae4b-00248cf8b4fe}.TM.blf
    [2010/08/31 14:38:51 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2010/07/30 23:03:40 | 013,526,497 | ---- | M] (Oregon Employment Department) -- C:\Users\Office Depot\Otter32Setup.exe
    [2010/07/30 22:33:45 | 000,035,328 | ---- | M] () -- C:\Users\Office Depot\Documents\THEMES 2010.doc
    [2010/07/28 17:52:35 | 000,614,416 | -H-- | M] () -- C:\Users\Office Depot\Desktop\xOx0.dat
    [2010/07/28 17:31:19 | 000,038,450 | ---- | M] () -- C:\Users\Office Depot\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/07/27 18:55:50 | 000,237,856 | ---- | M] () -- C:\Windows\SysNative\dnssdX.dll
    [2010/07/27 18:55:50 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
    [2010/07/27 18:55:50 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
    [2010/07/27 18:55:50 | 000,069,408 | ---- | M] () -- C:\Windows\SysNative\jdns_sd.dll
    [2010/07/07 16:19:48 | 000,000,970 | ---- | M] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2010/07/07 16:18:27 | 000,124,816 | ---- | M] () -- C:\Users\Office Depot\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/07/07 03:03:21 | 000,000,250 | ---- | M] () -- C:\Windows\win.ini
    [2010/07/06 10:50:57 | 000,031,232 | ---- | M] () -- C:\Users\Office Depot\Spummer Lesson Picasso.doc
    [2010/07/06 08:15:40 | 000,216,266 | ---- | M] () -- C:\Windows\WLIcon.ico
    [2010/07/06 08:11:00 | 000,173,104 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2010/07/06 08:11:00 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2010/07/06 08:11:00 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2010/07/06 07:49:13 | 000,031,089 | ---- | M] () -- C:\Users\Office Depot\Documents\Qwest Configuration Details.mht
    [1 C:\Users\Office Depot\Desktop\*.tmp files -> C:\Users\Office Depot\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/09/27 22:56:02 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
    [2010/09/27 22:56:02 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2010/09/27 22:54:35 | 000,421,308 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistMSI0A62.txt
    [2010/09/27 22:54:34 | 000,039,034 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistUI0A62.txt
    [2010/09/27 22:51:53 | 000,002,426 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistMSI0851.txt
    [2010/09/27 22:51:52 | 000,039,088 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistUI0851.txt
    [2010/09/27 21:46:46 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/09/27 18:17:49 | 000,524,288 | -HS- | C] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000002.regtrans-ms
     
  11. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    and again...

    [2010/09/27 18:17:49 | 000,524,288 | -HS- | C] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
    [2010/09/27 18:17:49 | 000,065,536 | -HS- | C] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TM.blf
    [2010/09/14 12:57:33 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
    [2010/09/14 12:57:32 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
    [2010/09/14 12:57:25 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
    [2010/09/14 12:57:25 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
    [2010/08/17 07:28:08 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
    [2010/08/17 07:28:01 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
    [2010/08/17 07:28:01 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
    [2010/08/17 07:27:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
    [2010/08/17 07:27:56 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
    [2010/08/17 07:27:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
    [2010/08/17 07:27:33 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
    [2010/08/17 07:27:32 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
    [2010/08/17 07:27:31 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
    [2010/08/17 07:27:29 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
    [2010/08/17 07:27:28 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
    [2010/08/17 07:27:27 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
    [2010/08/17 07:27:27 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
    [2010/08/17 07:27:26 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
    [2010/08/17 07:27:26 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
    [2010/08/17 07:27:26 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
    [2010/08/17 07:27:26 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
    [2010/08/17 07:27:26 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
    [2010/08/17 07:27:25 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
    [2010/08/17 07:27:25 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
    [2010/08/17 07:27:25 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
    [2010/08/17 07:27:24 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
    [2010/08/17 07:27:23 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
    [2010/08/17 07:27:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
    [2010/08/17 07:27:22 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
    [2010/08/17 07:27:22 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
    [2010/08/17 07:27:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
    [2010/08/17 07:27:15 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
    [2010/08/17 07:27:12 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
    [2010/08/03 01:51:35 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
    [2010/07/30 23:07:14 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\richtx32.oca
    [2010/07/30 23:07:14 | 000,003,008 | ---- | C] () -- C:\Windows\SysWow64\RICHTX32.DEP
    [2010/07/30 22:33:45 | 000,035,328 | ---- | C] () -- C:\Users\Office Depot\Documents\THEMES 2010.doc
    [2010/07/28 17:52:35 | 000,614,416 | -H-- | C] () -- C:\Users\Office Depot\Desktop\xOx0.dat
    [2010/07/28 17:31:19 | 000,038,450 | ---- | C] () -- C:\Users\Office Depot\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/07/27 18:55:50 | 000,237,856 | ---- | C] () -- C:\Windows\SysNative\dnssdX.dll
    [2010/07/27 18:55:50 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
    [2010/07/27 18:55:50 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
    [2010/07/27 18:55:50 | 000,069,408 | ---- | C] () -- C:\Windows\SysNative\jdns_sd.dll
    [2010/07/07 03:29:04 | 002,488,546 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
    [2010/07/06 14:43:27 | 000,451,120 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys
    [2010/07/06 14:43:27 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat
    [2010/07/06 14:43:27 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat
    [2010/07/06 14:43:27 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf
    [2010/07/06 14:43:27 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf
    [2010/07/06 14:43:26 | 000,615,040 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys
    [2010/07/06 14:43:26 | 000,505,392 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys
    [2010/07/06 14:43:26 | 000,433,200 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys
    [2010/07/06 14:43:26 | 000,221,232 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys
    [2010/07/06 14:43:26 | 000,150,064 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys
    [2010/07/06 14:43:26 | 000,032,304 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys
    [2010/07/06 14:43:26 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat
    [2010/07/06 14:43:26 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat
    [2010/07/06 14:43:26 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat
    [2010/07/06 14:43:26 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat
    [2010/07/06 14:43:26 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat
    [2010/07/06 14:43:26 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat
    [2010/07/06 14:43:26 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf
    [2010/07/06 14:43:26 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf
    [2010/07/06 14:43:26 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf
    [2010/07/06 14:43:26 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf
    [2010/07/06 14:43:26 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf
    [2010/07/06 14:43:26 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf
    [2010/07/06 14:43:14 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini
    [2010/07/06 10:50:57 | 000,031,232 | ---- | C] () -- C:\Users\Office Depot\Spummer Lesson Picasso.doc
    [2010/07/06 09:09:37 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
    [2010/07/06 08:15:40 | 000,216,266 | ---- | C] () -- C:\Windows\WLIcon.ico
    [2010/07/06 08:11:18 | 000,173,104 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2010/07/06 08:11:18 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2010/07/06 08:11:18 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2010/07/06 07:49:11 | 000,031,089 | ---- | C] () -- C:\Users\Office Depot\Documents\Qwest Configuration Details.mht
    [2010/05/27 20:35:06 | 000,418,574 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistMSI1545.txt
    [2010/05/27 20:35:05 | 000,014,058 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistUI1545.txt
    [2009/11/16 14:03:47 | 000,023,040 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/08 19:30:33 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/09/29 08:41:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll
    [2009/09/29 08:41:40 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
    [2009/08/16 12:06:26 | 000,000,680 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\d3d9caps.dat
    [2009/06/26 07:40:26 | 000,001,460 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\d3d9caps64.dat
    [2009/04/22 03:18:42 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
    [2009/04/22 03:18:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
    [2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
    [2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/05/10 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Leadertech
    [2010/09/22 07:35:09 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\LimeWire
    [2009/06/25 14:18:49 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\PictureMover
    [2010/02/23 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Research In Motion
    [2010/01/04 13:43:02 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Wal-Mart
    [2009/10/01 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\WildTangent
    [2010/08/31 14:38:51 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
    [2010/09/29 23:02:19 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
    [2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
    [2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
    [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
    [2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: EVENTLOG.DLL >
    [2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

    < MD5 for: IASTOR.SYS >
    [2008/12/04 05:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\hp\drivers\Intel_Storage\IaStor.sys
    [2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
    [2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

    < MD5 for: IASTORV.SYS >
    [2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
    [2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
    [2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
    [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
    [2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
    [2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
    [2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
    [2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
    [2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < >
    < End of report >
     
  12. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    Extras.txt

    OTL Extras logfile created on: 9/29/2010 11:34:34 PM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Office Depot\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
    12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.50 Gb Total Space | 399.56 Gb Free Space | 68.59% Space Free | Partition Type: NTFS
    Drive D: | 13.67 Gb Total Space | 1.93 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: OFFICEDEPOT-PC
    Current User Name: Office Depot
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Include 64bit Scans
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01D7FCE0-2735-4C8C-A369-808CB1B676D9}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{4C915835-00D0-470A-8F73-C6CC9790C2D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{589F0AEF-2705-47EC-808B-5C096C0A69C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{012CB307-5B3B-4095-B61A-ECFC01D945DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
    "{028F3170-85AE-460E-9A6D-AC767DE4CAAA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
    "{097B01F1-823F-4744-84C6-2646518C9D2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
    "{0FECAF15-0DFC-4305-8196-0E1583622759}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{118091C4-100A-4F02-AE1A-3932F340821C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
    "{1531A049-0C03-4084-95B5-B16425C20845}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{1BBFEFE7-155B-4CDC-87B8-C174B1B74B22}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{2A14F0BB-E718-427B-B56F-AAAFEF7F94D1}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "{30876046-9A88-428E-BA20-8A4E578243E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
    "{3238EBB1-B672-4D0F-BFBB-0A05C61A29A6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{353EC13F-6412-43B8-B5EF-6BEE787EB5BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{47881660-D0EC-4C9F-8ED7-29774DD0BEDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{4DEA7931-A0B4-445D-B727-461DB7A32129}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{518BAD2B-0F37-4F12-93A9-6427E0CC96FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
    "{58407F86-8854-4E1D-8EB7-8647CB3198B2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
    "{5B241404-4CC0-4540-B9C2-1FFD1D71B057}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{5B6AD335-DFDC-43CF-A202-33BC8518835A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{6B17FFBD-B862-467D-A3F9-1352B5D1F04C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
    "{6BAE77F6-9DFA-4BE8-81BC-A6654D6C2F24}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{6C140B73-1CE8-4B0C-9604-9D3E0EC53A03}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
    "{85CE9EE4-FF14-49F1-BEA8-AED8C83B7DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{932B3BC8-EFF3-4F29-927E-68EAB0412088}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{95ADBBCC-9905-4B55-9D2F-E11FB82FEFD4}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{9D394F58-6082-45FB-B27A-B0F82FF2872D}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
    "{A3BF6482-C24B-4857-BD0C-067574001130}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
    "{A86DAFE9-E9D1-43CB-9031-470112DB8988}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
    "{B875DFA2-9B43-4C3F-B2BD-627CEC8902DD}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
    "{C5A0215D-653A-4DE9-8432-80F345487EDB}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
    "{D5B01E62-AE55-4652-9854-944C35B780CA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
    "{DD12BB24-940B-498E-8C64-738D65CCE883}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{DD8A2730-7929-4127-A657-8A09DF240D20}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E1B1A9A4-C235-49D0-A469-E15A1BFE9D6C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
    "{F74EDA53-2C98-4D31-AD72-B9950313F492}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "lvdrivers_12.10" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
    "{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
    "{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
    "{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{693EF7BC-C5CA-43E6-AFA8-1F3FB63A8D92}" = Qwest Windows Live Toolbar Buttons
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
     
  13. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    extras continued...

    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
    "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
    "{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
    "{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
    "{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "NIS" = Norton Internet Security
    "pywin32-py2.6" = Python 2.6 pywin32-212
    "SAM Animation" = SAM Animation 1.2
    "ULTIMATER" = Microsoft Office Ultimate 2007
    "WildTangent hp Master Uninstall" = HP Games
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinVDIG_is1" = WinVDIG 1.0

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  14. crunchie

    crunchie Malware Helper Posts: 728

  15. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4700

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.18943

    9/30/2010 10:13:17 AM
    mbam-log-2010-09-30 (10-13-17).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 395878
    Time elapsed: 1 hour(s), 24 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  16. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    I have been running scans on this computer for 3 days now. I have tried 8 different programs and none of them has been able to find anything. Am I sunk?
     
  17. crunchie

    crunchie Malware Helper Posts: 728

    Certainly coming up blank each time. Lets have a look at an online scan to see if it uncovers anything.

    Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on the Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  18. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    Kaspersky won't work

    I cannot install Java. Kaspersky requires Java and that has been deleted from my system. Tried downloading and installing ,but error came up. Tried downloading Google chrome, but received an error as well. Tried installing from safe mode and also get an error. I know there is something on my machine stopping all these actions!!!

    AHHH!H!H!H!H

    Now what?
     
  19. crunchie

    crunchie Malware Helper Posts: 728

    Can you try for a system restore? Go back a good 1 or 2 weeks before the problem started and then see if you can do the on-line scan.
     
  20. mariemagnolia

    mariemagnolia TS Rookie Topic Starter

    still no luck.

    I was able to download firefox and run Kaspersky. Empty report. Nothing found.
    Then tried your restore idea. I was only able to restore to 9/21 and when I tried to load Kaspersky again in IE (which is having all the issues) I get the same error messages. I am trying to help a friend and she has over 250 GB of data on her drive that I have no idea what to do with. If you can think of anything else, that would be great, but I'm not sure what else to do.

    Thank you so much for all your help and ideas so far.

    mariemagnolia
     
  21. crunchie

    crunchie Malware Helper Posts: 728

    Vista sucks :(. You do not happen to have the Vista installation CD?

    ====

    Please download Rootkit Revealer
    Unzip it to your desktop.
    Open the RootkitRevealer folder and double-click RootkitRevealer.exe
    Click the Scan button (bottom right)
    It may take a while to scan (don't do anything while it's running)
    When it's done, go to File > Save. Choose to save the log to your desktop.
    Open rootkitrevealer.txt
    on your desktop and copy the entire contents and paste them here
    Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.

    ==============

    Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
    • Double click on RSIT.exe to launch program.
    • Click Continue at the disclaimer screen.
    • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
    • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...