Solved Hi - TrojanZeroAccessinf - please bail me out!

Thanks Broni

I've followed the instructions on how to create a restore point but keep getting an error message to say the restore point cannot be created due to the writer experiencing a transient error - 0x800423F3
I can see in System Properties / System Protection that the last restore point was 1 hour 15 minutes ago - do I still need to create one before I run Combofix ?
 
Hi Broni

Have run Combofix - here's the log

I cannot reconnect to the Internet - have tried several restarts - will attempt a few more ?



ComboFix 12-09-15.02 - Mark 15/09/2012 21:22:59.1.4 - x86
Running from: c:\users\Mark\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\restore
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12E9.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1BF.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4972.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc50DE.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A74.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B10.tmp
c:\users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3D1.tmp
c:\users\Mark\AppData\Roaming\.#
c:\users\Mark\AppData\Roaming\inst.exe
c:\users\Mark\AppData\Roaming\system32
c:\users\Mark\AppData\Roaming\vso_ts_preview.xml
c:\windows\jestertb.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
C:\winntse.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 08:51 . 2012-09-15 18:03--------d-----w-C:\FRST
2012-09-13 19:50 . 2012-09-13 19:50--------d-----w-c:\windows\system32\drivers\NST
2012-09-13 19:50 . 2012-09-13 19:50--------d-----w-c:\program files\Norton Identity Safe
2012-09-13 18:51 . 2012-09-13 22:02--------d-----w-C:\NBRT
2012-09-09 18:44 . 2012-09-11 15:17--------d-----w-c:\users\Mark\AppData\Local\CrashDumps
2012-09-09 16:11 . 2012-09-09 16:11--------d-----w-c:\users\Mark\AppData\Roaming\Malwarebytes
2012-09-09 16:11 . 2012-09-09 16:11--------d-----w-c:\programdata\Malwarebytes
2012-09-09 08:11 . 2012-09-09 08:11--------d-----w-c:\programdata\SMR310
2012-09-09 08:11 . 2012-09-09 08:1197440----a-w-c:\windows\system32\drivers\SMR310.SYS
2012-09-08 16:16 . 2012-09-08 16:16--------d-----w-C:\TDSSKiller_Quarantine
2012-09-08 14:29 . 2012-07-26 05:3226840----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-08 14:29 . 2012-09-08 14:29--------d-----w-c:\windows\system32\drivers\NBRTWizard
2012-09-08 14:29 . 2012-09-08 14:29--------d-----w-c:\program files\Norton Bootable Recovery Tool Wizard
2012-09-07 21:04 . 2012-09-07 21:04--------d-----w-c:\windows\system32\N360_BACKUP
2012-09-07 19:02 . 2012-09-09 08:10--------d-----w-c:\users\Mark\AppData\Local\NPE
2012-09-07 18:26 . 2012-09-13 19:52--------d-----w-c:\program files\NortonInstaller
2012-09-07 18:26 . 2012-09-13 19:51--------d-----w-c:\programdata\NortonInstaller
2012-09-07 17:31 . 2012-09-07 18:47--------d-----w-c:\users\Mark\Sources
2012-09-07 17:09 . 2012-09-07 17:09--------d-----w-c:\users\Mark\AppData\Local\NokiaAccount
2012-08-23 09:29 . 2012-08-23 09:29--------d-----w-c:\users\Mark\AppData\Local\MediaShow
2012-08-23 08:03 . 2012-08-23 08:03--------d-----w-c:\users\Mark\AppData\Local\Power2Go8
2012-08-22 16:04 . 2012-08-22 16:04--------d-----w-c:\users\Mark\AppData\Local\MediaServer
2012-08-22 16:04 . 2012-08-22 16:04--------d-----w-c:\programdata\PDVD
2012-08-22 15:58 . 2012-08-22 15:58--------d-----w-c:\program files\Common Files\CyberLink
2012-08-22 15:54 . 2012-09-13 20:24--------d-----w-c:\users\Mark\AppData\Local\Cyberlink
2012-08-22 15:51 . 2012-08-22 16:07--------d-----w-c:\programdata\install_clap
2012-08-22 15:47 . 2012-09-13 20:27--------d-----w-c:\programdata\CLSK
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 11:10 . 2012-03-31 07:50696520----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-08-27 11:10 . 2011-06-18 07:5573416----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 05:32 . 2010-11-16 20:17106928----a-w-c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB4C7833-A6EC-433f-B9FE-6B14B1A2F836}]
2012-08-10 20:45516576----a-r-c:\program files\Norton Identity Safe\Engine\2012.6.3.2\CoIEPlg.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A13C2648-91D4-4bf3-BC6D-0079707C4389}"= "c:\program files\Norton Identity Safe\Engine\2012.6.3.2\coIEPlg.dll" [2012-08-10 516576]
.
[HKEY_CLASSES_ROOT\clsid\{a13c2648-91d4-4bf3-bc6d-0079707c4389}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-19 39408]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HostManager"="c:\program files\Common Files\AOL\1219316984\ee\AOLSoftware.exe" [2008-06-24 41824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-07-05 1988608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-10-02 161336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-05-14 296056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(0):
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-17 08:4216680----a-w-c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmtREG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-04-16 11:07451872----a-w-c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 11:10]
.
2012-09-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-19 20:41]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 20:14]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 20:14]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 15:20]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
- c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 15:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.voover.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: &AOL Toolbar Search - c:\program files\aol\aol broadband toolbar 5.0\resources\en-GB\local\search.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-Power2GoExpress - (no file)
HKCU-Run-GameXN GO - c:\programdata\GameXN\GameXNGO.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-39681871.sys
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
"ImagePath"="System32\drivers\SMR310.SYS"
"ImagePath"="c:\program files\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3716)
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\ezNTSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe
c:\program files\Common Files\Motive\pcCMService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\vssvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\hp\kbd\kbd.exe
.
**************************************************************************
.
Completion time: 2012-09-15 21:54:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-15 20:53
.
Pre-Run: 193,439,764,480 bytes free
Post-Run: 193,828,491,264 bytes free
.
- - End Of File - - 09CF607C59CBD86DF71A0CB7F64F2804
 
Use that restore point from before running Combofix and see if you get your connection back.
 
Hi Broni

Unable to get Internet connection back - during restore from a restore point I get the message 'System Restore did not complete successfully - The writer has experienced a transient error - 0x800423F3' - I have tried several restore points
 
Hi Broni - thanks for your help - much appreciated

Here's a fresh FRST log - FRST.txt and Search.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2012
Ran by SYSTEM at 16-09-2012 17:49:23
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" [54936 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [HostManager] C:\Program Files\Common Files\AOL\1219316984\ee\AOLSoftware.exe [41824 2008-06-24] (AOL LLC)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2008-06-02] (Intel Corporation)
HKLM\...\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart [92704 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [1988608 2012-07-04] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Google Updater] "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation [161336 2011-10-02] (Google)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1644088 2009-08-05] (Hewlett-Packard)
HKU\Mark\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2011-03-09] (TomTom)
HKU\Mark\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2008-11-19] (Google Inc.)
HKU\Mark\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Mark\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\Mark\...\Policies\system: [DisableLockWorkstation] 0
HKU\Mark\...\Policies\system: [DisableChangePassword] 0
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll [X]
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services ================================

2 AOL ACS; "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" [46640 2006-10-23] (AOL LLC)
2 ezntsvc; C:\Windows\system32\ezNTSvc.exe [33792 2008-08-21] (EasyBits Software Corp.)
2 NCO; "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe" /s "NCO" /m "C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [247152 2010-08-19] ()
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

==================== Drivers =================================

1 ccSet_NST; C:\Windows\system32\drivers\NST\7DC06030.002\ccSetx86.sys [132744 2011-11-29] (Symantec Corporation)
3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-04-12] (VSO Software)
0 SMR310; C:\Windows\System32\drivers\SMR310.SYS [97440 2012-09-09] (Symantec Corporation)
1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2011-05-31] ()
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [x]
0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [x]
3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-15 13:23 - 2012-09-15 13:23 - 00000452 ____A C:\Users\Mark\Desktop\log - Shortcut.lnk
2012-09-15 13:22 - 2012-09-15 13:22 - 00000000 ____D C:\Users\Mark\My Documents\log
2012-09-15 13:22 - 2012-09-15 13:22 - 00000000 ____D C:\Users\Mark\Documents\log
2012-09-15 12:54 - 2012-09-15 12:54 - 00013696 ____A C:\ComboFix.txt
2012-09-15 12:19 - 2012-09-15 12:54 - 00000000 ____D C:\Qoobox
2012-09-15 12:19 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-15 12:19 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-15 12:19 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-15 12:19 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-15 12:18 - 2012-09-15 12:50 - 00000000 ____D C:\Windows\erdnt
2012-09-15 12:11 - 2012-09-15 12:11 - 04754503 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2012-09-15 00:51 - 2012-09-16 08:40 - 00000000 ____D C:\FRST
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Windows\System32\Drivers\NST
2012-09-13 11:50 - 2012-09-13 11:50 - 00000000 ____D C:\Program Files\Norton Identity Safe
2012-09-13 10:54 - 2012-09-13 10:55 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:51 - 2012-09-13 14:02 - 00000000 ____D C:\NBRT
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:16 - 2012-09-13 10:17 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:57 - 2012-09-13 07:58 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:23 - 2012-09-13 01:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:20 - 2012-09-13 00:21 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\CrashDumps
2012-09-09 10:44 - 2012-09-11 07:17 - 00000000 ____D C:\Users\Mark\AppData\Local\CrashDumps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\Application Data\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-09-09 08:11 - 2012-09-09 08:11 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\SMR310
2012-09-09 00:11 - 2012-09-09 00:11 - 00000000 ____D C:\Users\All Users\Application Data\SMR310
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:52 - 2012-09-08 09:55 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 08:16 - 2012-09-08 08:16 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Windows\System32\Drivers\NBRTWizard
2012-09-08 06:29 - 2012-09-08 06:29 - 00000000 ____D C:\Program Files\Norton Bootable Recovery Tool Wizard
2012-09-08 06:29 - 2012-07-25 21:32 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:12 - 2012-09-09 00:11 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:52 - 2012-09-13 10:36 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-07 13:04 - 2012-09-07 13:04 - 00000000 ____D C:\Windows\System32\N360_BACKUP
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NPE
2012-09-07 11:02 - 2012-09-09 00:10 - 00000000 ____D C:\Users\Mark\AppData\Local\NPE
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Mozilla
2012-09-07 10:33 - 2012-09-07 10:33 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\My Documents\Symantec
2012-09-07 10:30 - 2012-09-07 10:30 - 00000000 ____D C:\Users\Mark\Documents\Symantec
2012-09-07 10:09 - 2012-09-08 06:27 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-09-07 09:31 - 2012-09-07 10:47 - 00000000 ____D C:\Users\Mark\Sources
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\NokiaAccount
2012-09-07 09:09 - 2012-09-07 09:09 - 00000000 ____D C:\Users\Mark\AppData\Local\NokiaAccount
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\My Documents\NPS
2012-09-07 08:43 - 2012-09-07 08:43 - 00000000 ____D C:\Users\Mark\Documents\NPS
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaShow
2012-08-23 01:29 - 2012-08-23 01:29 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaShow
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Power2Go8
2012-08-23 00:03 - 2012-08-23 00:03 - 00000000 ____D C:\Users\Mark\AppData\Local\Power2Go8
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\Mark\AppData\Local\MediaServer
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\PDVD
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Documents\CyberLink
2012-08-22 08:04 - 2012-08-22 08:04 - 00000000 ____D C:\Users\All Users\Application Data\PDVD
2012-08-22 07:58 - 2012-08-22 07:58 - 00000000 ____D C:\Program Files\Common Files\CyberLink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\Local Settings\Application Data\Cyberlink
2012-08-22 07:54 - 2012-09-13 12:24 - 00000000 ____D C:\Users\Mark\AppData\Local\Cyberlink
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\install_clap
2012-08-22 07:51 - 2012-08-22 08:07 - 00000000 ____D C:\Users\All Users\Application Data\install_clap
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\CLSK
2012-08-22 07:47 - 2012-09-13 12:27 - 00000000 ____D C:\Users\All Users\Application Data\CLSK
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:23 - 2012-08-22 06:37 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps


============ 3 Months Modified Files ========================

2012-09-16 08:46 - 2006-11-02 05:01 - 00032600 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-16 08:46 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-16 08:46 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-16 08:46 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-16 08:35 - 2012-07-24 11:30 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
2012-09-16 08:25 - 2009-12-26 12:14 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-16 07:56 - 2012-03-30 23:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-16 07:28 - 2008-04-28 06:04 - 01232542 ____A C:\Windows\WindowsUpdate.log
2012-09-16 07:25 - 2009-12-26 12:14 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-16 01:14 - 2009-02-22 12:11 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-09-15 13:23 - 2012-09-15 13:23 - 00000452 ____A C:\Users\Mark\Desktop\log - Shortcut.lnk
2012-09-15 12:54 - 2012-09-15 12:54 - 00013696 ____A C:\ComboFix.txt
2012-09-15 12:40 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-09-15 12:37 - 2008-08-20 02:58 - 01637008 ____A C:\Windows\PFRO.log
2012-09-15 12:11 - 2012-09-15 12:11 - 04754503 ____R (Swearware) C:\Users\Mark\Downloads\ComboFix.exe
2012-09-15 11:42 - 2012-07-25 01:00 - 00024539 ____A C:\aaw7boot.log
2012-09-15 11:35 - 2012-07-24 11:30 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
2012-09-15 10:28 - 2011-11-26 04:25 - 00000064 ____A C:\Windows\System32\rp_stats.dat
2012-09-15 10:28 - 2011-11-26 04:25 - 00000044 ____A C:\Windows\System32\rp_rules.dat
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Temp.log
2012-09-13 12:19 - 2012-09-13 12:19 - 00000032 ____A C:\Users\All Users\Application Data\Temp.log
2012-09-13 10:55 - 2012-09-13 10:54 - 00145904 ____A C:\Windows\Minidump\Mini091312-23.dmp
2012-09-13 10:54 - 2008-09-17 10:15 - 271553641 ____A C:\Windows\MEMORY.DMP
2012-09-13 10:47 - 2012-09-13 10:47 - 00145904 ____A C:\Windows\Minidump\Mini091312-22.dmp
2012-09-13 10:40 - 2012-09-13 10:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-21.dmp
2012-09-13 10:36 - 2012-09-08 05:52 - 00000873 ____A C:\Users\Mark\Desktop\Norton Installation Files.lnk
2012-09-13 10:33 - 2012-09-13 10:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-20.dmp
2012-09-13 10:24 - 2012-09-13 10:24 - 00145904 ____A C:\Windows\Minidump\Mini091312-19.dmp
2012-09-13 10:17 - 2012-09-13 10:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-18.dmp
2012-09-13 09:50 - 2012-09-13 09:50 - 00145904 ____A C:\Windows\Minidump\Mini091312-17.dmp
2012-09-13 09:50 - 2006-11-02 04:47 - 00070656 _____ C:\Windows\System32\umstartup.etl
2012-09-13 09:40 - 2012-09-13 09:40 - 00145904 ____A C:\Windows\Minidump\Mini091312-16.dmp
2012-09-13 09:33 - 2012-09-13 09:33 - 00145904 ____A C:\Windows\Minidump\Mini091312-15.dmp
2012-09-13 08:19 - 2012-09-13 08:19 - 00145904 ____A C:\Windows\Minidump\Mini091312-14.dmp
2012-09-13 07:58 - 2012-09-13 07:57 - 00145904 ____A C:\Windows\Minidump\Mini091312-13.dmp
2012-09-13 06:59 - 2012-09-13 06:59 - 00145904 ____A C:\Windows\Minidump\Mini091312-12.dmp
2012-09-13 06:23 - 2012-09-13 06:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-11.dmp
2012-09-13 06:13 - 2012-09-13 06:13 - 00145904 ____A C:\Windows\Minidump\Mini091312-10.dmp
2012-09-13 05:46 - 2012-09-13 05:46 - 00145904 ____A C:\Windows\Minidump\Mini091312-09.dmp
2012-09-13 05:36 - 2012-09-13 05:36 - 00145904 ____A C:\Windows\Minidump\Mini091312-08.dmp
2012-09-13 05:18 - 2012-09-13 05:18 - 00145904 ____A C:\Windows\Minidump\Mini091312-07.dmp
2012-09-13 05:04 - 2012-09-13 05:04 - 00145904 ____A C:\Windows\Minidump\Mini091312-06.dmp
2012-09-13 01:39 - 2012-09-13 01:39 - 00145904 ____A C:\Windows\Minidump\Mini091312-05.dmp
2012-09-13 01:31 - 2012-09-13 01:31 - 00145904 ____A C:\Windows\Minidump\Mini091312-04.dmp
2012-09-13 01:24 - 2012-09-13 01:23 - 00145904 ____A C:\Windows\Minidump\Mini091312-03.dmp
2012-09-13 01:16 - 2012-09-13 01:16 - 00145904 ____A C:\Windows\Minidump\Mini091312-02.dmp
2012-09-13 00:21 - 2012-09-13 00:20 - 00145904 ____A C:\Windows\Minidump\Mini091312-01.dmp
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\Application Data\wklnhst.dat
2012-09-12 01:22 - 2008-08-20 03:38 - 00033046 ____A C:\Users\Mark\AppData\Roaming\wklnhst.dat
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\My Documents\dan passport photo.wps
2012-09-11 07:29 - 2012-09-11 07:29 - 12888064 ____A C:\Users\Mark\Documents\dan passport photo.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\My Documents\DDS log 1 and 2.wps
2012-09-09 09:51 - 2012-09-09 09:51 - 00064000 ____A C:\Users\Mark\Documents\DDS log 1 and 2.wps
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\My Documents\gmer.log..log
2012-09-09 09:34 - 2012-09-09 09:34 - 00000740 ____A C:\Users\Mark\Documents\gmer.log..log
2012-09-09 08:07 - 2012-09-09 08:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-1.62.0.1300.exe
2012-09-09 00:11 - 2012-09-09 00:11 - 00097440 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR310.SYS
2012-09-09 00:11 - 2012-09-08 06:12 - 00174504 ____A C:\Windows\ntbtlog.txt.bak
2012-09-08 23:52 - 2011-10-21 04:58 - 00009024 ____A C:\Windows\IE9_main.log
2012-09-08 23:51 - 2012-09-08 23:51 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (2).exe
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-08 23:30 - 2008-08-20 03:08 - 00072944 ____A C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-08 23:28 - 2006-11-02 04:47 - 00285328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-08 12:58 - 2006-11-02 02:22 - 59506688 ____A C:\Windows\System32\config\software_previous
2012-09-08 12:58 - 2006-11-02 02:22 - 18874368 ____A C:\Windows\System32\config\system_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\components_previous
2012-09-08 12:43 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-09-08 12:22 - 2012-09-08 12:22 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess (1).exe
2012-09-08 09:55 - 2012-09-08 09:52 - 02416348 ____A C:\Windows\System32\Drivers\Cat.DB
2012-09-08 07:27 - 2012-09-08 07:27 - 01805736 ____A (Symantec Corporation) C:\Users\Mark\Downloads\FixZeroAccess.exe
2012-09-08 06:27 - 2012-09-08 06:27 - 00912040 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NBRT-Retail-Downloader.exe
2012-09-08 06:09 - 2012-09-08 06:09 - 02892816 ____A (Symantec Corporation) C:\Users\Mark\Downloads\NPE.exe
2012-09-08 05:51 - 2008-08-20 03:14 - 00095736 ____A C:\Windows\DPINST.LOG
2012-09-08 05:50 - 2006-11-02 02:23 - 00000324 ____A C:\Windows\win.ini
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\Public\Documents\_rgpl
2012-09-08 05:41 - 2012-09-08 05:41 - 00000040 ____A C:\Users\All Users\Documents\_rgpl
2012-09-08 04:00 - 2012-09-08 04:00 - 00145856 ____A C:\Windows\Minidump\Mini090812-01.dmp
2012-09-08 03:40 - 2006-11-02 02:22 - 00786432 ____A C:\Windows\System32\config\default_previous
2012-09-08 03:40 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-09-07 09:29 - 2012-09-07 09:29 - 00001537 ____A C:\Users\Mark\Desktop\Windows Explorer.lnk
2012-09-07 08:47 - 2012-09-07 08:47 - 00000134 ____A C:\Users\Mark\Desktop\Programs.lnk
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46.rar
2012-09-05 05:18 - 2012-09-05 05:18 - 00854759 ____A C:\Users\Mark\Downloads\MTS46 (1).rar
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-01 12:39 - 2008-10-06 07:38 - 00038400 ____A C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-27 03:10 - 2012-03-30 23:50 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-27 03:10 - 2011-06-17 23:55 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\Public\Desktop\BT Desktop Help.lnk
2012-08-23 01:26 - 2012-08-23 01:26 - 00001095 ____A C:\Users\All Users\Desktop\BT Desktop Help.lnk
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\My Documents\CyberLink_MES120105-04.exe
2012-08-22 06:37 - 2012-08-22 06:23 - 1238864448 ____A C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\My Documents\New @ Condado.wps
2012-08-21 02:51 - 2012-08-21 02:51 - 11912192 ____A C:\Users\Mark\Documents\New @ Condado.wps
2012-07-31 08:07 - 2006-11-02 04:52 - 00069228 ____A C:\Windows\setupact.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\Application Data\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:06 - 2011-11-01 12:31 - 00003999 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 08:04 - 2011-11-01 12:31 - 00002058 ____A C:\Users\All Users\Desktop\BlackBerry Desktop Software.lnk
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\Application Data\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00001934 ____A C:\Users\Mark\AppData\Roaming\Rim.Desktop.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\Application Data\Rim.DesktopHelper.Exception.log
2012-07-31 07:59 - 2011-11-01 12:44 - 00000924 ____A C:\Users\Mark\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\My Documents\carpark cardiff.wps
2012-07-31 03:29 - 2012-07-31 03:29 - 00518656 ____A C:\Users\Mark\Documents\carpark cardiff.wps
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\My Documents\sara 429.xlr
2012-07-27 05:11 - 2012-07-27 05:11 - 00010752 ____A C:\Users\Mark\Documents\sara 429.xlr
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\My Documents\Nirvana.p2g
2012-07-27 03:15 - 2012-07-27 03:15 - 00014370 ____A C:\Users\Mark\Documents\Nirvana.p2g
2012-07-25 21:32 - 2012-09-08 06:29 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-25 21:32 - 2010-11-16 12:17 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-07-24 11:45 - 2012-07-24 11:22 - 00020969 ____A C:\INSTALLHELPER.LOG
2012-07-24 11:45 - 2012-07-24 11:22 - 00003982 ____A C:\alotserviceruntime.log
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\My Documents\Asda socket set.wps
2012-07-12 22:54 - 2012-07-12 22:54 - 00485376 ____A C:\Users\Mark\Documents\Asda socket set.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\My Documents\Ryanair cancellation.wps
2012-07-08 09:22 - 2012-07-08 09:22 - 00441344 ____A C:\Users\Mark\Documents\Ryanair cancellation.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\My Documents\apodo flight.wps
2012-07-08 05:50 - 2012-07-08 05:50 - 01670144 ____A C:\Users\Mark\Documents\apodo flight.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\My Documents\Holiday Inn Kenilworth.wps
2012-06-30 12:42 - 2012-06-30 12:42 - 04307456 ____A C:\Users\Mark\Documents\Holiday Inn Kenilworth.wps


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-08 04:55:28
Restore point made on: 2012-09-08 05:31:03
Restore point made on: 2012-09-08 05:31:59
Restore point made on: 2012-09-08 05:32:57
Restore point made on: 2012-09-08 05:33:43
Restore point made on: 2012-09-08 05:35:25
Restore point made on: 2012-09-08 05:36:31
Restore point made on: 2012-09-08 05:37:37
Restore point made on: 2012-09-08 05:39:00
Restore point made on: 2012-09-08 05:39:59
Restore point made on: 2012-09-08 05:42:24
Restore point made on: 2012-09-08 05:43:53
Restore point made on: 2012-09-08 05:45:12
Restore point made on: 2012-09-08 05:46:13
Restore point made on: 2012-09-08 05:47:35
Restore point made on: 2012-09-08 05:48:31
Restore point made on: 2012-09-08 05:49:35
Restore point made on: 2012-09-08 13:57:43
Restore point made on: 2012-09-09 07:12:43
Restore point made on: 2012-09-09 07:16:55
Restore point made on: 2012-09-10 01:47:13
Restore point made on: 2012-09-11 23:50:00
Restore point made on: 2012-09-13 12:17:53
Restore point made on: 2012-09-14 09:16:37
Restore point made on: 2012-09-14 09:20:38
Restore point made on: 2012-09-15 10:34:04
Restore point made on: 2012-09-15 10:42:51
Restore point made on: 2012-09-15 10:43:51
Restore point made on: 2012-09-15 10:47:46
Restore point made on: 2012-09-15 11:02:04
Restore point made on: 2012-09-15 11:17:54
Restore point made on: 2012-09-15 12:13:11
Restore point made on: 2012-09-16 00:25:20
Restore point made on: 2012-09-16 00:34:44
Restore point made on: 2012-09-16 02:57:18
Restore point made on: 2012-09-16 07:33:56

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.5 MB
Available physical RAM: 3501.08 MB
Total Pagefile: 3762.31 MB
Available Pagefile: 3564.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1990.14 MB

==================== Partitions ============================

1 Drive c: (HP) (Fixed) (Total:455.51 GB) (Free:181.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.25 GB) (Free:1.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (Cruzer) (Removable) (Total:1.86 GB) (Free:1.84 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1528 KB
Disk 1 Online 1912 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 456 GB 32 KB
Partition 2 Primary 10 GB 456 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C HP NTFS Partition 456 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 D FACTORY_IMA NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 65 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F Cruzer FAT Removable 1908 MB Healthy

==================================================================================

Last Boot: 2012-09-16 00:54

==================== End Of Log =============================






Farbar Recovery Scan Tool (x86) Version: 12-09-2012
Ran by SYSTEM at 2012-09-16 17:51:07
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-08-29 04:32] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-24 08:59] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\erdnt\cache\services.exe
[2012-09-15 12:50] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\FRST\Quarantine\services.exe
[2009-09-24 08:59] - [2012-09-08 08:21] - 0282624 ____A (Microsoft Corporation) 1C5A8277AA91E44684772C950C892AE2

=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Restart normally and see if you can connect.
 

Attachments

  • fixlist.txt
    16 bytes · Views: 10
Hi Broni

I must be doing something wrong - the computer can not find fixlist.txt on my flashdrive even though I can see it there ?
 
Hi
Broni

The computer is telling me that the fixlist.txt should be made and saved in the same directory the tool is located - I'm saving it to the same flashdrive
 
Hi Broni

Deleted everything on flashdrive, got new copy of FRST and fixlist.tx, but computer still can not see the fixlist - is it anything to do with the USB drive on my laptop ( which I'm communicating with you on now ) which I'm using to copy to my flashdrive and the USB drive I'm using on the problem PC ? When I drag the fixlist on to my flashdrive, do I need to drop it directly on top of the FRST file ?
 
Thanks Broni

I am booting to System Recovery Options via the F8 button - I will try a different flash drive
 
Hi Broni

I've tried two different flashdrives, three in all - same result - 'No fixlist.txt found' - I can definitely see FRST and the fixlist on the flashdrive in System Recovery Operations - it's the same flashdrive I used for the previous scans and logs
 
Make sure the file is named "fixlist.txt" and nothing else like having double extension.
Look at FRST file. Do you see "FRST.exe or just "FRST"?
 
Hi Broni

The fixlist.txt ran!

Here's the log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-09-2012 01
Ran by SYSTEM at 2012-09-16 21:40:12 Run:2
Running from K:\

==============================================

BCD not restored.
DEFAULT restored successfuly.
SAM restored successfuly.
SECURITY restored successfuly.
SOFTWARE restored successfuly.
hiv-backup\BCD not found.
SYSTEM restored successfuly.

==== End of Fixlog ====
 
Hi Broni

Internet connection restored! :) Excellent - Thank you, thank you

I'm sending this using the problem computer

I'm getting a message that I'm 'viewing pages over a secure connection - Any information I exchange with this site cannot be viewed by anyone else on the web', or, I'm 'leaving a secure connection and that any information I exchange may be viewed by others'
 
Good news :)

The above message is a standard IE warning. See here: http://forums.techguy.org/general-security/975873-solved-security-alert-when-starting.html

Any current issues?

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi Broni

Thanks for your continued support

No other apparent issues to report - although the computer appears to be running a little quicker

Here's the OTL log

OTL logfile created on: 16/09/2012 22:24:14 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 68.42% Memory free
6.71 Gb Paging File | 5.68 Gb Available in Paging File | 84.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.51 Gb Total Space | 183.73 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
Drive D: | 10.25 Gb Total Space | 1.08 Gb Free Space | 10.57% Space Free | Partition Type: NTFS
Drive K: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.84% Space Free | Partition Type: FAT

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/16 22:13:25 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2012/08/27 12:10:29 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 06:58:58 | 001,988,608 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2012/05/14 14:47:48 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe
PRC - [2012/03/02 22:34:26 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/21 18:15:40 | 000,033,792 | ---- | M] (EasyBits Software Corp.) -- C:\Windows\System32\ezntsvc.exe
PRC - [2008/07/03 12:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/06/24 19:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1219316984\ee\aolsoftware.exe
PRC - [2008/06/02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 19:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/01/19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007/04/18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 12:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 09:06:43 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 09:04:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 09:04:33 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 09:04:11 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 09:01:36 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 17:39:35 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\5ebaa15cccc356bc3afba0c8f56977f7\UIAutomationTypes.ni.dll
MOD - [2012/05/10 17:39:21 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 17:37:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 17:36:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 17:35:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 17:34:44 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 17:34:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 17:34:04 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 17:33:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 17:33:21 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/05 11:26:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/08/05 11:26:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/08/05 11:26:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/08/05 11:26:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/08/05 11:26:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/08/05 11:26:04 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/08/05 11:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/08/05 11:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/04/04 23:40:01 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll


========== Services (SafeList) ==========

SRV - [2012/08/27 12:10:30 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/28 00:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\ccSvcHst.exe -- (NCO)
SRV - [2012/03/02 22:34:26 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/06/17 09:42:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/08/21 18:15:40 | 000,033,792 | ---- | M] (EasyBits Software Corp.) [Auto | Running] -- C:\Windows\System32\ezntsvc.exe -- (ezntsvc)
SRV - [2008/06/02 19:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/09/09 09:11:09 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR310.SYS -- (SMR310)
DRV - [2012/07/05 06:58:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/07/05 06:57:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/11/30 00:44:14 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DC06030.002\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/05/31 17:52:57 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/10 20:57:00 | 008,237,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/03 17:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.voover.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.aol.co.uk/web?isinit=true&query=%s
IE - HKLM\..\SearchScopes\{4E53DBE1-A5F3-49FF-859C-5E4264B40F17}: "URL" = http://uk.kelkoopartners.net/ctl/do...e&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6DE46C00-CFF9-4A0D-A5DD-E673D0317C87}: "URL" = http://slirsredirect.search.aol.com...archTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\.DEFAULT\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-18\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 46 86 A5 D5 BF CA 01 [binary data]
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes,DefaultScope = {A531D99C-5A22-449b-83DA-872725C6D0ED}
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.aol.co.uk/web?isinit=true&query=%s
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=8BAF374B-748A-4EAB-8821-4AF7B70D7624
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{1DCA0845-D10E-4C2B-B949-1B4D1A1378AB}: "URL" = http://search.aol.co.uk/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&oe=utf-8&mssrc=ms_chr&mstb=adawaretb&q={searchTerms}
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{4E53DBE1-A5F3-49FF-859C-5E4264B40F17}: "URL" = http://uk.kelkoopartners.net/ctl/do...e&x=true&y=true&partner=hp&partnerId=96913936
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7GPEA_enGB302
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{6DE46C00-CFF9-4A0D-A5DD-E673D0317C87}: "URL" = http://slirsredirect.search.aol.com...archTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.com/web?q={searc...id=31155&camp_id=5106&tb_version=1.2.2000.2(B)
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\SearchScopes\{CAD45A71-C81A-4209-B4B6-FF9EF797E590}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
Second part of OTL log:



========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/12 23:50:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/02/28 14:54:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/08 21:57:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2012.6.3.2\coFFPlgn\ [2012/09/16 21:47:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/12 23:50:47 | 000,000,000 | ---D | M]

[2010/07/11 16:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2010/07/11 16:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/09/08 15:06:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/17 19:14:28 | 000,002,149 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml

========== Chrome ==========

CHR - homepage:
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Motive Extension = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.1.4_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/15 21:40:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2012.6.3.2\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Broadband Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1219316984\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Broadband Toolbar 5.0\resources\en-GB\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF935B54-EE05-4BDB-BF19-E742BFB044C4}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/04 23:47:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/15 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\log
[2012/09/15 21:54:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/15 21:40:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/15 21:19:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/15 21:19:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/15 21:19:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/15 21:19:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/15 21:18:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/15 09:51:56 | 000,000,000 | ---D | C] -- C:\FRST
[2012/09/13 20:51:00 | 000,132,744 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NST\7DC06030.002\ccSetx86.sys
[2012/09/13 20:50:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2012/09/13 20:50:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST
[2012/09/13 20:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Identity Safe
[2012/09/13 20:50:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NST\7DC06030.002
[2012/09/13 19:51:06 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/09/09 19:44:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\CrashDumps
[2012/09/09 17:11:18 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012/09/09 17:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/09 09:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SMR310
[2012/09/09 09:11:09 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR310.SYS
[2012/09/08 17:16:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/08 15:29:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard
[2012/09/08 15:29:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NBRTWizard\0501000.01A
[2012/09/08 15:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
[2012/09/08 15:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2012/09/08 14:52:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/09/07 22:04:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\N360_BACKUP
[2012/09/07 20:02:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\NPE
[2012/09/07 19:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/07 19:30:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Symantec
[2012/09/07 19:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/09/07 19:26:16 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/09/07 18:31:23 | 000,000,000 | ---D | C] -- C:\Users\Mark\Sources
[2012/09/07 18:09:30 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\NokiaAccount
[2012/09/07 17:43:02 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\NPS
[2012/08/23 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\MediaShow
[2012/08/23 10:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help
[2012/08/23 09:03:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Power2Go8
[2012/08/22 17:04:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\MediaServer
[2012/08/22 17:04:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/08/22 17:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012/08/22 17:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2012/08/22 16:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2012/08/22 16:54:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Cyberlink
[2012/08/22 16:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/08/22 16:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2009/04/10 16:47:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mark\AppData\Roaming\pcouffin.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/16 22:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/16 22:22:55 | 000,000,508 | ---- | M] () -- C:\Users\Mark\Desktop\OTL.exe - Shortcut.lnk
[2012/09/16 21:56:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/16 21:45:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/16 21:45:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 21:45:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 21:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/16 21:45:15 | 3488,915,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/16 19:36:13 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000UA.job
[2012/09/16 10:14:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/09/15 21:40:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/15 20:35:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-802167735-3406490535-3852651081-1000Core.job
[2012/09/15 19:28:17 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/09/15 19:28:17 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/09/13 19:54:27 | 271,553,641 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/13 19:36:20 | 000,000,873 | ---- | M] () -- C:\Users\Mark\Desktop\Norton Installation Files.lnk
[2012/09/13 18:50:01 | 000,070,656 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/09/12 10:22:20 | 000,033,046 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat
[2012/09/11 16:29:30 | 012,888,064 | ---- | M] () -- C:\Users\Mark\Documents\dan passport photo.wps
[2012/09/09 18:51:46 | 000,064,000 | ---- | M] () -- C:\Users\Mark\Documents\DDS log 1 and 2.wps
[2012/09/09 09:11:09 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR310.SYS
[2012/09/09 08:28:18 | 000,285,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/08 18:55:25 | 002,416,348 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/09/08 14:41:32 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012/09/07 18:29:50 | 000,001,537 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/09/07 18:29:44 | 000,001,537 | ---- | M] () -- C:\Users\Mark\Desktop\Windows Explorer.lnk
[2012/09/07 18:14:29 | 000,604,124 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/07 18:14:29 | 000,107,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/07 17:47:10 | 000,000,134 | ---- | M] () -- C:\Users\Mark\Desktop\Programs.lnk
[2012/09/01 21:39:28 | 000,038,400 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 12:39:38 | 001,483,597 | ---- | M] () -- C:\Users\Mark\Documents\scan0012.jpg
[2012/08/25 11:46:19 | 001,122,273 | ---- | M] () -- C:\Users\Mark\Documents\Centauro.jpg
[2012/08/23 10:26:46 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\BT Desktop Help.lnk
[2012/08/22 17:38:01 | 000,001,046 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberLink DVD Suite Deluxe.lnk
[2012/08/22 15:37:57 | 1238,864,448 | ---- | M] () -- C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
[2012/08/22 04:14:29 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NBRTWizard\0501000.01A\isolate.ini
[2012/08/21 11:51:55 | 011,912,192 | ---- | M] () -- C:\Users\Mark\Documents\New @ Condado.wps
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/16 22:22:55 | 000,000,508 | ---- | C] () -- C:\Users\Mark\Desktop\OTL.exe - Shortcut.lnk
[2012/09/15 21:19:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/15 21:19:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/15 21:19:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/15 21:19:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/15 21:19:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/15 20:42:41 | 3488,915,456 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/13 20:50:58 | 000,000,827 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DC06030.002\ccSetx86.inf
[2012/09/13 20:50:57 | 000,007,468 | R--- | C] () -- C:\Windows\System32\drivers\NST\7DC06030.002\ccsetx86.cat
[2012/09/13 20:50:57 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NST\7DC06030.002\isolate.ini
[2012/09/11 16:29:27 | 012,888,064 | ---- | C] () -- C:\Users\Mark\Documents\dan passport photo.wps
[2012/09/09 18:51:45 | 000,064,000 | ---- | C] () -- C:\Users\Mark\Documents\DDS log 1 and 2.wps
[2012/09/08 18:52:20 | 002,416,348 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/09/08 15:29:12 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NBRTWizard\0501000.01A\isolate.ini
[2012/09/08 14:52:28 | 000,000,873 | ---- | C] () -- C:\Users\Mark\Desktop\Norton Installation Files.lnk
[2012/09/08 14:41:32 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012/09/07 18:29:50 | 000,001,537 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/09/07 18:29:44 | 000,001,537 | ---- | C] () -- C:\Users\Mark\Desktop\Windows Explorer.lnk
[2012/09/07 17:47:10 | 000,000,134 | ---- | C] () -- C:\Users\Mark\Desktop\Programs.lnk
[2012/08/25 11:47:12 | 001,122,273 | ---- | C] () -- C:\Users\Mark\Documents\Centauro.jpg
[2012/08/23 10:26:46 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\BT Desktop Help.lnk
[2012/08/22 17:38:01 | 000,001,046 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\CyberLink DVD Suite Deluxe.lnk
[2012/08/22 15:23:29 | 1238,864,448 | ---- | C] () -- C:\Users\Mark\Documents\CyberLink_MES120105-04.exe
[2012/08/21 11:51:55 | 011,912,192 | ---- | C] () -- C:\Users\Mark\Documents\New @ Condado.wps
[2012/02/06 15:36:11 | 000,000,037 | ---- | C] () -- C:\Windows\Qtw.ini
[2012/01/16 13:01:48 | 003,304,960 | ---- | C] () -- C:\Users\Mark\Dancard6.wps
[2011/11/26 13:25:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/11/26 13:25:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/06/16 23:42:54 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{0F4A96EB-8BAE-4078-A0D4-DEF926CD6265}
[2011/06/15 23:52:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{3B110506-E16A-4CEB-9457-D618758456B5}
[2011/05/31 17:41:20 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/05/31 17:41:20 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/06/03 10:13:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 07:28:56 | 000,000,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2009/04/10 16:47:51 | 000,007,887 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.cat
[2009/04/10 16:47:51 | 000,001,144 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\pcouffin.inf
[2009/02/17 11:09:36 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/06 16:38:15 | 000,038,400 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/20 12:38:24 | 000,033,046 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2011/05/07 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\acccore
[2009/09/06 20:34:15 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Alawar
[2009/02/17 10:40:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2009/06/30 21:38:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/04/25 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eGames
[2010/04/09 10:13:04 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Farm Mania
[2010/09/17 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Friday's games
[2009/05/06 19:49:47 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Gamelab
[2012/09/08 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GetRightToGo
[2010/03/21 13:47:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Home Sweet Home Christmas
[2012/05/03 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LEGO Company
[2009/10/27 18:20:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia
[2009/09/09 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PC Suite
[2010/03/18 19:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PlayFirst
[2011/04/11 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Registry Mechanic
[2011/11/01 21:45:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Research In Motion
[2012/09/07 18:52:56 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Samsung
[2009/03/26 08:21:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SaveThePuppy
[2010/02/21 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SBTT
[2010/10/19 17:13:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Template
[2009/09/06 20:31:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TikGames
[2010/07/11 16:47:57 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TomTom
[2012/09/08 21:58:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\uTorrent
[2012/09/01 22:35:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vso
[2009/12/28 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Wild Tangent
[2011/03/29 18:29:31 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\WildTangent
[2008/11/19 22:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\WinBatch
[2012/09/16 20:18:41 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Mark\Documents\snow angel.MOV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mark\Documents\sliding on snow.MOV:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-802167735-3406490535-3852651081-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/09/15 09:51:56 | 000,000,000 | ---D | C] -- C:\FRST
[2011/04/11 19:10:56 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Registry Mechanic
@Alternate Data Stream - 64 bytes -> C:\Users\Mark\Documents\snow angel.MOV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Mark\Documents\sliding on snow.MOV:TOC.WMV
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

====================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hi Broni

Thanks

Here's the latest OTL log - OTL ran without stalling

I will run the Security Check next and will post the checkup.txt asap


All processes killed
========== OTL ==========
Service TfSysMon stopped successfully!
Service TfSysMon deleted successfully!
File system32\drivers\TfSysMon.sys not found.
Service TfNetMon stopped successfully!
Service TfNetMon deleted successfully!
File C:\Windows\system32\drivers\TfNetMon.sys not found.
Service TfFsMon stopped successfully!
Service TfFsMon deleted successfully!
File system32\drivers\TfFsMon.sys not found.
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-802167735-3406490535-3852651081-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Starting removal of ActiveX control {44990B00-3C9D-426D-81DF-AAB636FA4345}
C:\Windows\Downloaded Program Files\tgctlcm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990B00-3C9D-426D-81DF-AAB636FA4345}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder move failed. C:\FRST\Quarantine\{4a3e861e-894a-adb2-035b-695524750cd2}\{4a3e861e-894a-adb2-035b-695524750cd2} scheduled to be moved on reboot.
C:\FRST\Quarantine\{4a3e861e-894a-adb2-035b-695524750cd2}\U folder moved successfully.
C:\FRST\Quarantine\{4a3e861e-894a-adb2-035b-695524750cd2} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Mark\AppData\Roaming\Registry Mechanic folder moved successfully.
ADS C:\Users\Mark\Documents\snow angel.MOV:TOC.WMV deleted successfully.
ADS C:\Users\Mark\Documents\sliding on snow.MOV:TOC.WMV deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41085 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 1962363820 bytes
->Temporary Internet Files folder emptied: 259265986 bytes
->Java cache emptied: 15792062 bytes
->Google Chrome cache emptied: 300195929 bytes
->Apple Safari cache emptied: 1129472 bytes
->Flash cache emptied: 2142395 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57986 bytes
RecycleBin emptied: 2718517 bytes

Total Files Cleaned = 2,426.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mark
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 09172012_093723
Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine\{4a3e861e-894a-adb2-035b-695524750cd2}\{4a3e861e-894a-adb2-035b-695524750cd2} not found!
PendingFileRenameOperations files...
File C:\FRST\Quarantine\{4a3e861e-894a-adb2-035b-695524750cd2}\{4a3e861e-894a-adb2-035b-695524750cd2} not found!
Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

D
How to get Popcorn Time on Android box
Replies
3
Views
1K
Julio Franco
Julio Franco
S
Citigroup nearly credited client with $81 trillion instead of $280
Replies
9
Views
201
fb020997
fb020997
Shawn Knight
Out of this world: This watch is made from a million-year-old meteorite
Replies
8
Views
345
BobHome
B

Latest posts

Back