Inactive Super Sneaky Virus

Status
Not open for further replies.
M

mariemagnolia

Posts: 14   +0
I have a supposed virus that hijacked Norton Internet Security and would not allow it to run. It has disabled the ability to update malwarebytes definitions. It would not let me update Avira. I could not download or install McAfee. This is my last hope. I have followed all the steps and am pasting log files.

Please let me know how to proceed.

Thank you!
mariemagnolia


=============================================
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

9/27/2010 11:37:43 PM
mbam-log-2010-09-27 (23-37-43).txt

Scan type: Quick scan
Objects scanned: 143678
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========================================================
 
DDS (Ver_10-03-17.01) - NTFSX64
Run by Office Depot at 23:30:30.16 on Mon 09/27/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.6133.4126 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Office Depot\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://qwest.live.com
uWindow Title = Windows Internet Explorer provided by Qwest
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0552.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPADVISOR] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\hp odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdateLBPShortCut] "c:\program files (x86)\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePDIRShortCut] "c:\program files (x86)\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files (x86)\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files (x86)\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QwestTouchPointAgent] "c:\program files (x86)\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [Qwest Personal Digital Vault] "c:\program files (x86)\qwest personal digital vault\QwestPersonalDigitalVault.exe" /m
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files (x86)\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files (x86)\picturemover\bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~4\office12\REFIEBAR.DLL
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [HP Remote Software] c:\program files\hewlett-packard\hp remote\HP REMOTE V1.0.5.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-2-23 52856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1107000.00c\symds64.sys [2010-7-6 433200]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1107000.00c\symefa64.sys [2010-7-6 221232]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100901.003\BHDrvx64.sys [2010-8-31 954928]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1107000.00c\cchpx64.sys [2010-7-6 615040]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100920.001\IDSviA64.sys [2010-9-20 463408]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1107000.00c\ironx64.sys [2010-7-6 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1107000.00c\symtdiv.sys [2010-7-6 451120]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\avira\antivir desktop\sched.exe [2010-9-27 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files (x86)\avira\antivir desktop\avguard.exe [2010-9-27 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-27 81072]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NIS;Norton Internet Security;"c:\program files (x86)\norton internet security\engine\17.7.0.12\ccsvchst.exe" /s "nis" /m "c:\program files (x86)\norton internet security\engine\17.7.0.12\dimaster.dll" /prefetch:1 --> c:\program files (x86)\norton internet security\engine\17.7.0.12\ccSvcHst.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-6 132656]
S3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\drivers\lvuvc64.sys [2010-5-10 6379288]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-11-8 93184]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-09-28 06:07:17 0 d-----w- c:\users\office~1\appdata\roaming\Avira
2010-09-28 05:56:02 81072 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-28 05:56:01 0 d-----w- c:\programdata\Avira
2010-09-28 05:56:01 0 d-----w- c:\program files (x86)\Avira
2010-09-28 05:51:26 0 d-----w- c:\program files\iPod
2010-09-28 05:51:25 0 d-----w- c:\program files\iTunes
2010-09-28 05:51:25 0 d-----w- c:\program files (x86)\iTunes
2010-09-28 05:46:04 0 d-----w- c:\program files\Bonjour
2010-09-28 05:46:04 0 d-----w- c:\program files (x86)\Bonjour
2010-09-28 05:42:13 0 d-----w- c:\programdata\McAfee
2010-09-28 04:46:54 0 d-----w- c:\users\office~1\appdata\roaming\Malwarebytes
2010-09-28 04:46:46 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-28 01:17:49 65536 --sha-w- c:\users\office depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TM.blf
2010-09-28 01:17:49 524288 --sha-w- c:\users\office depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000002.regtrans-ms
2010-09-28 01:17:49 524288 --sha-w- c:\users\office depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
2010-09-28 00:35:16 0 d-----w- c:\programdata\Malwarebytes
2010-09-28 00:35:16 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-22 21:22:39 0 d-----w- c:\programdata\Sun
2010-09-14 19:57:33 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-14 19:57:33 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 19:57:32 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 19:57:25 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 19:57:25 738816 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-14 19:57:25 622080 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 19:57:25 501760 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts

==================== Find3M ====================

2010-09-28 05:47:11 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-28 05:47:11 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-28 05:47:11 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-28 01:47:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-31 06:03:40 13526497 ----a-w- c:\users\office depot\Otter32Setup.exe
2010-07-28 01:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:55:50 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 01:55:50 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-28 01:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-28 01:44:10 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2009-04-22 11:05:10 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-06-18 20:42:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-28 20:58:09 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-03-28 20:58:09 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-04-22 11:07:08 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:30:40.81 ===============
=========================================================
GMER.log is an empty file
 
Avira AntiVir Personal - Free Antivirus Updater
Complete product update

Creation time: Mon Sep 27 23:33:00 2010


Operating system:
Windows Vista x64 (Service Pack 1) [6.0.6001] 64 bit

Product information:
Product version: 10.0.0.567
Updater: C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe 10.0.0.29
Update resource: C:\Program Files (x86)\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Library: C:\Program Files (x86)\Avira\AntiVir Desktop\update.dll 0.1.0.44
Plugin: C:\Program Files (x86)\Avira\AntiVir Desktop\updext.dll 10.0.0.8
GUI: C:\Program Files (x86)\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files (x86)\Avira\AntiVir Desktop\
Updater folder: C:\Program Files (x86)\Avira\AntiVir Desktop\
AppData folder: C:\ProgramData\Avira\AntiVir Desktop\

Proxy settings:
System settings used

23:33:01 [UPD] [INFO] Checking whether newer files are available.
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.188/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.188/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.179/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.186/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.186/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.186/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.183/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.184/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.189/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.189/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.189/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.185/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.185/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.185/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.181/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.187/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.187/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.187/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://62.146.66.182/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
23:33:01 [UPD] [INFO] Select update server 'http://perspeak.avira-update.com/update'.
23:33:01 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
23:33:01 [UPDLIB] [ERROR] Retry...
23:33:01 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
23:33:01 [UPDLIB] [ERROR] Retry...
23:33:01 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
23:33:01 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
23:33:01 [UPDLIB] [ERROR] No additional servers found, the update will be canceled.
23:33:01 [UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 537.


Summary:
********
0 Files downloaded
0 Files installed

Mon Sep 27 23:33:01 2010
The update failed!
 
Please download ComboFix by sUBs from HERE or HERE
  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!
 
Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.TXT
+++++++++++++++++++++++++++++++++++++++++++++
OTL logfile created on: 9/29/2010 11:34:34 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Office Depot\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 399.56 Gb Free Space | 68.59% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 1.93 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICEDEPOT-PC
Current User Name: Office Depot
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/29 23:31:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/04/09 23:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2009/04/09 23:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/19 10:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe


========== Modules (SafeList) ==========

MOD - [2010/09/29 23:31:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
MOD - [2008/01/20 19:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2008/01/20 19:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/08/26 07:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 14:27:14 | 001,020,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/08 19:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/01/08 12:02:16 | 001,213,728 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe -- (sprtlisten)
SRV - [2008/01/08 12:02:12 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2010/07/06 08:11:00 | 000,173,104 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/05 21:01:59 | 000,451,120 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2010/04/29 15:39:28 | 000,024,664 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/04/28 22:03:51 | 000,150,064 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/04/21 20:02:20 | 000,221,232 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2010/04/21 19:29:51 | 000,505,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1107000.00C\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/04/21 19:29:51 | 000,032,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SRTSPX64.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/02 13:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/25 17:22:52 | 000,615,040 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ccHPx64.sys -- (ccHP)
DRV:64bit: - [2010/02/16 14:24:00 | 000,081,072 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/14 20:50:05 | 000,433,200 | R--- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2009/10/07 01:49:27 | 006,379,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64) Logitech Webcam 120(UVC)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/26 04:46:34 | 010,276,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/02/02 11:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/01/20 09:49:30 | 001,254,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/01/20 07:49:48 | 000,195,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/12/04 05:48:52 | 000,407,064 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/05/20 19:33:36 | 000,028,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/01/20 19:49:47 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 19:47:28 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 19:46:52 | 000,013,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2007/05/01 04:00:00 | 000,052,856 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/01/18 16:10:22 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2006/09/18 14:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2010/08/31 15:57:03 | 000,954,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100901.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/07/06 09:13:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/07/06 09:13:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/16 18:54:14 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100920.001\IDSviA64.sys -- (IDSVia64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qwest.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2010/07/07 04:47:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\ [2010/09/27 19:16:15 | 000,000,000 | ---D | M]

[2009/10/24 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\mozilla\Extensions
[2009/10/24 13:53:44 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
continued...


O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Qwest Personal Digital Vault] C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe ()
O4 - HKLM..\Run: [QwestTouchPointAgent] C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe (Qwest Communications)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Office Depot\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{050b1c7a-71bf-11de-b384-00248cf8b4fe}\Shell - "" = AutoRun
O33 - MountPoints2\{050b1c7a-71bf-11de-b384-00248cf8b4fe}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{735a699b-ac5b-11de-a0ea-00248cf8b4fe}\Shell - "" = AutoRun
O33 - MountPoints2\{735a699b-ac5b-11de-a0ea-00248cf8b4fe}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/09/29 23:31:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
[2010/09/29 23:17:49 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Desktop\files_to_file
[2010/09/29 23:16:38 | 000,000,000 | R--D | C] -- C:\Users\Office Depot\Desktop\shortcuts
[2010/09/29 22:49:24 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/09/27 23:07:17 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Avira
[2010/09/27 22:56:02 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/09/27 22:56:02 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/09/27 22:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/27 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/09/27 22:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/27 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/27 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/09/27 22:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/09/27 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/27 22:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/09/27 22:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/09/27 21:46:54 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Roaming\Malwarebytes
[2010/09/27 21:46:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/27 17:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/27 17:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/22 14:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/22 14:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/07/30 23:03:40 | 013,526,497 | ---- | C] (Oregon Employment Department) -- C:\Users\Office Depot\Otter32Setup.exe
[2010/07/23 08:33:22 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Desktop\album 7-22-2010
[2010/07/17 15:19:21 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\CrashDumps
[2010/07/07 03:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/07/06 14:43:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1107000.00C
[2010/07/06 08:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/06 08:34:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/06 08:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/06 08:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/06 08:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/06 08:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/06 08:12:38 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Qwest
[2010/07/06 08:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest Personal Digital Vault
[2010/07/06 08:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/06 08:09:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2010/07/06 08:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2010/07/06 08:09:30 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\Documents\Symantec
[2010/07/06 07:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwest
[2010/07/06 07:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft
[2010/07/06 07:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Qwest
[2010/07/06 07:37:51 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/07/06 07:37:51 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\Xenocode
[2010/07/06 07:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/07/02 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\Office Depot\AppData\Local\2DBoy
[2010/07/02 16:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[1 C:\Users\Office Depot\Desktop\*.tmp files -> C:\Users\Office Depot\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/29 23:35:31 | 002,488,546 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010/09/29 23:34:43 | 002,621,440 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat
[2010/09/29 23:31:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Office Depot\Desktop\OTL.exe
[2010/09/29 23:29:12 | 000,707,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/29 23:29:12 | 000,607,168 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/29 23:29:12 | 000,104,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/29 23:22:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/29 23:22:51 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/29 23:22:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/29 23:22:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/29 23:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 23:22:08 | 000,065,536 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TM.blf
[2010/09/27 22:27:51 | 000,001,460 | ---- | M] () -- C:\Users\Office Depot\AppData\Local\d3d9caps64.dat
[2010/09/27 22:27:46 | 000,002,551 | ---- | M] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2010/09/27 18:47:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/09/27 18:42:52 | 000,442,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/09/27 18:41:54 | 000,524,288 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000002.regtrans-ms
[2010/09/27 18:41:17 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/09/27 17:45:21 | 000,524,288 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{41224832-4878-11df-ae4b-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/27 17:45:21 | 000,065,536 | -HS- | M] () -- C:\Users\Office Depot\ntuser.dat{41224832-4878-11df-ae4b-00248cf8b4fe}.TM.blf
[2010/08/31 14:38:51 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010/07/30 23:03:40 | 013,526,497 | ---- | M] (Oregon Employment Department) -- C:\Users\Office Depot\Otter32Setup.exe
[2010/07/30 22:33:45 | 000,035,328 | ---- | M] () -- C:\Users\Office Depot\Documents\THEMES 2010.doc
[2010/07/28 17:52:35 | 000,614,416 | -H-- | M] () -- C:\Users\Office Depot\Desktop\xOx0.dat
[2010/07/28 17:31:19 | 000,038,450 | ---- | M] () -- C:\Users\Office Depot\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/27 18:55:50 | 000,237,856 | ---- | M] () -- C:\Windows\SysNative\dnssdX.dll
[2010/07/27 18:55:50 | 000,119,584 | ---- | M] () -- C:\Windows\SysNative\dns-sd.exe
[2010/07/27 18:55:50 | 000,095,520 | ---- | M] () -- C:\Windows\SysNative\dnssd.dll
[2010/07/27 18:55:50 | 000,069,408 | ---- | M] () -- C:\Windows\SysNative\jdns_sd.dll
[2010/07/07 16:19:48 | 000,000,970 | ---- | M] () -- C:\Users\Office Depot\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/07/07 16:18:27 | 000,124,816 | ---- | M] () -- C:\Users\Office Depot\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/07 03:03:21 | 000,000,250 | ---- | M] () -- C:\Windows\win.ini
[2010/07/06 10:50:57 | 000,031,232 | ---- | M] () -- C:\Users\Office Depot\Spummer Lesson Picasso.doc
[2010/07/06 08:15:40 | 000,216,266 | ---- | M] () -- C:\Windows\WLIcon.ico
[2010/07/06 08:11:00 | 000,173,104 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/06 08:11:00 | 000,007,440 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/06 08:11:00 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/06 07:49:13 | 000,031,089 | ---- | M] () -- C:\Users\Office Depot\Documents\Qwest Configuration Details.mht
[1 C:\Users\Office Depot\Desktop\*.tmp files -> C:\Users\Office Depot\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 22:56:02 | 000,116,568 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/09/27 22:56:02 | 000,081,072 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/09/27 22:54:35 | 000,421,308 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistMSI0A62.txt
[2010/09/27 22:54:34 | 000,039,034 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistUI0A62.txt
[2010/09/27 22:51:53 | 000,002,426 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistMSI0851.txt
[2010/09/27 22:51:52 | 000,039,088 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistUI0851.txt
[2010/09/27 21:46:46 | 000,024,664 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2010/09/27 18:17:49 | 000,524,288 | -HS- | C] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000002.regtrans-ms
 
and again...

[2010/09/27 18:17:49 | 000,524,288 | -HS- | C] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TMContainer00000000000000000001.regtrans-ms
[2010/09/27 18:17:49 | 000,065,536 | -HS- | C] () -- C:\Users\Office Depot\ntuser.dat{2099d45c-ca9e-11df-94f5-00248cf8b4fe}.TM.blf
[2010/09/14 12:57:33 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 12:57:32 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/14 12:57:25 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/14 12:57:25 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/08/17 07:28:08 | 001,420,176 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2010/08/17 07:28:01 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\drivers\srv.sys
[2010/08/17 07:28:01 | 000,174,592 | ---- | C] () -- C:\Windows\SysNative\drivers\srv2.sys
[2010/08/17 07:27:58 | 002,749,952 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2010/08/17 07:27:56 | 000,050,688 | ---- | C] () -- C:\Windows\SysNative\rtutils.dll
[2010/08/17 07:27:48 | 004,690,832 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2010/08/17 07:27:33 | 009,250,816 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/08/17 07:27:32 | 012,473,344 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/08/17 07:27:31 | 002,335,744 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/08/17 07:27:29 | 001,487,360 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/08/17 07:27:28 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/08/17 07:27:27 | 000,706,048 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/08/17 07:27:27 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/08/17 07:27:26 | 001,062,912 | ---- | C] () -- C:\Windows\SysNative\mstime.dll
[2010/08/17 07:27:26 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/08/17 07:27:26 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/08/17 07:27:26 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/08/17 07:27:26 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/08/17 07:27:25 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/08/17 07:27:25 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/08/17 07:27:25 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/08/17 07:27:24 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/08/17 07:27:23 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/08/17 07:27:23 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/08/17 07:27:22 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/08/17 07:27:22 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/08/17 07:27:22 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/08/17 07:27:15 | 001,875,456 | ---- | C] () -- C:\Windows\SysNative\msxml3.dll
[2010/08/17 07:27:12 | 000,343,040 | ---- | C] () -- C:\Windows\SysNative\schannel.dll
[2010/08/03 01:51:35 | 012,898,304 | ---- | C] () -- C:\Windows\SysNative\shell32.dll
[2010/07/30 23:07:14 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\richtx32.oca
[2010/07/30 23:07:14 | 000,003,008 | ---- | C] () -- C:\Windows\SysWow64\RICHTX32.DEP
[2010/07/30 22:33:45 | 000,035,328 | ---- | C] () -- C:\Users\Office Depot\Documents\THEMES 2010.doc
[2010/07/28 17:52:35 | 000,614,416 | -H-- | C] () -- C:\Users\Office Depot\Desktop\xOx0.dat
[2010/07/28 17:31:19 | 000,038,450 | ---- | C] () -- C:\Users\Office Depot\AppData\Roaming\Comma Separated Values (DOS).ADR
[2010/07/27 18:55:50 | 000,237,856 | ---- | C] () -- C:\Windows\SysNative\dnssdX.dll
[2010/07/27 18:55:50 | 000,119,584 | ---- | C] () -- C:\Windows\SysNative\dns-sd.exe
[2010/07/27 18:55:50 | 000,095,520 | ---- | C] () -- C:\Windows\SysNative\dnssd.dll
[2010/07/27 18:55:50 | 000,069,408 | ---- | C] () -- C:\Windows\SysNative\jdns_sd.dll
[2010/07/07 03:29:04 | 002,488,546 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\Cat.DB
[2010/07/06 14:43:27 | 000,451,120 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symtdiv.sys
[2010/07/06 14:43:27 | 000,007,787 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv64.cat
[2010/07/06 14:43:27 | 000,007,368 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet64.cat
[2010/07/06 14:43:27 | 000,001,473 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnetv.inf
[2010/07/06 14:43:27 | 000,001,445 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symnet.inf
[2010/07/06 14:43:26 | 000,615,040 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.sys
[2010/07/06 14:43:26 | 000,505,392 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.sys
[2010/07/06 14:43:26 | 000,433,200 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.sys
[2010/07/06 14:43:26 | 000,221,232 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.sys
[2010/07/06 14:43:26 | 000,150,064 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\ironx64.sys
[2010/07/06 14:43:26 | 000,032,304 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.sys
[2010/07/06 14:43:26 | 000,007,829 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa64.cat
[2010/07/06 14:43:26 | 000,007,414 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.cat
[2010/07/06 14:43:26 | 000,007,410 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.cat
[2010/07/06 14:43:26 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds64.cat
[2010/07/06 14:43:26 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.cat
[2010/07/06 14:43:26 | 000,007,358 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.cat
[2010/07/06 14:43:26 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symefa.inf
[2010/07/06 14:43:26 | 000,002,793 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\symds.inf
[2010/07/06 14:43:26 | 000,001,838 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\cchpx64.inf
[2010/07/06 14:43:26 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtsp64.inf
[2010/07/06 14:43:26 | 000,001,421 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\srtspx64.inf
[2010/07/06 14:43:26 | 000,000,771 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\iron.inf
[2010/07/06 14:43:14 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1107000.00C\isolate.ini
[2010/07/06 10:50:57 | 000,031,232 | ---- | C] () -- C:\Users\Office Depot\Spummer Lesson Picasso.doc
[2010/07/06 09:09:37 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2010/07/06 08:15:40 | 000,216,266 | ---- | C] () -- C:\Windows\WLIcon.ico
[2010/07/06 08:11:18 | 000,173,104 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2010/07/06 08:11:18 | 000,007,440 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2010/07/06 08:11:18 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2010/07/06 07:49:11 | 000,031,089 | ---- | C] () -- C:\Users\Office Depot\Documents\Qwest Configuration Details.mht
[2010/05/27 20:35:06 | 000,418,574 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistMSI1545.txt
[2010/05/27 20:35:05 | 000,014,058 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\dd_vcredistUI1545.txt
[2009/11/16 14:03:47 | 000,023,040 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 19:30:33 | 000,708,868 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/09/29 08:41:42 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\glew32.dll
[2009/09/29 08:41:40 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2009/08/16 12:06:26 | 000,000,680 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\d3d9caps.dat
[2009/06/26 07:40:26 | 000,001,460 | ---- | C] () -- C:\Users\Office Depot\AppData\Local\d3d9caps64.dat
[2009/04/22 03:18:42 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009/04/22 03:18:42 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 19:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 19:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/05/10 17:17:23 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Leadertech
[2010/09/22 07:35:09 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\LimeWire
[2009/06/25 14:18:49 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\PictureMover
[2010/02/23 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Research In Motion
[2010/01/04 13:43:02 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\Wal-Mart
[2009/10/01 16:34:37 | 000,000,000 | ---D | M] -- C:\Users\Office Depot\AppData\Roaming\WildTangent
[2010/08/31 14:38:51 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2010/09/29 23:02:19 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 19:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 00:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2008/12/04 05:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\hp\drivers\Intel_Storage\IaStor.sys
[2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 00:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 19:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 19:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 19:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 19:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 00:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >

< >
< End of report >
 
Extras.txt

OTL Extras logfile created on: 9/29/2010 11:34:34 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Office Depot\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582.50 Gb Total Space | 399.56 Gb Free Space | 68.59% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 1.93 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICEDEPOT-PC
Current User Name: Office Depot
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D7FCE0-2735-4C8C-A369-808CB1B676D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C915835-00D0-470A-8F73-C6CC9790C2D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{589F0AEF-2705-47EC-808B-5C096C0A69C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012CB307-5B3B-4095-B61A-ECFC01D945DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{028F3170-85AE-460E-9A6D-AC767DE4CAAA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{097B01F1-823F-4744-84C6-2646518C9D2E}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{0FECAF15-0DFC-4305-8196-0E1583622759}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{118091C4-100A-4F02-AE1A-3932F340821C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1531A049-0C03-4084-95B5-B16425C20845}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{1BBFEFE7-155B-4CDC-87B8-C174B1B74B22}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2A14F0BB-E718-427B-B56F-AAAFEF7F94D1}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{30876046-9A88-428E-BA20-8A4E578243E1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{3238EBB1-B672-4D0F-BFBB-0A05C61A29A6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{353EC13F-6412-43B8-B5EF-6BEE787EB5BF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{47881660-D0EC-4C9F-8ED7-29774DD0BEDA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4DEA7931-A0B4-445D-B727-461DB7A32129}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{518BAD2B-0F37-4F12-93A9-6427E0CC96FD}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{58407F86-8854-4E1D-8EB7-8647CB3198B2}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{5B241404-4CC0-4540-B9C2-1FFD1D71B057}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{5B6AD335-DFDC-43CF-A202-33BC8518835A}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6B17FFBD-B862-467D-A3F9-1352B5D1F04C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{6BAE77F6-9DFA-4BE8-81BC-A6654D6C2F24}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6C140B73-1CE8-4B0C-9604-9D3E0EC53A03}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{85CE9EE4-FF14-49F1-BEA8-AED8C83B7DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{932B3BC8-EFF3-4F29-927E-68EAB0412088}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{95ADBBCC-9905-4B55-9D2F-E11FB82FEFD4}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{9D394F58-6082-45FB-B27A-B0F82FF2872D}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{A3BF6482-C24B-4857-BD0C-067574001130}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{A86DAFE9-E9D1-43CB-9031-470112DB8988}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{B875DFA2-9B43-4C3F-B2BD-627CEC8902DD}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{C5A0215D-653A-4DE9-8432-80F345487EDB}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"{D5B01E62-AE55-4652-9854-944C35B780CA}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{DD12BB24-940B-498E-8C64-738D65CCE883}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{DD8A2730-7929-4127-A657-8A09DF240D20}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E1B1A9A4-C235-49D0-A469-E15A1BFE9D6C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{F74EDA53-2C98-4D31-AD72-B9950313F492}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
"{2AFA5FC0-2166-11D6-B294-00B0D0B36B37}" = Otter32
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5A447CFB-B64E-4D3C-9744-2EA44EFB8F97}" = BlackBerry Device Software Updater
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{693EF7BC-C5CA-43E6-AFA8-1F3FB63A8D92}" = Qwest Windows Live Toolbar Buttons
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{746FB02B-1D03-43B7-917A-E1341AB69A00}" = Qwest Personal Digital Vault™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
 
extras continued...

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NIS" = Norton Internet Security
"pywin32-py2.6" = Python 2.6 pywin32-212
"SAM Animation" = SAM Animation 1.2
"ULTIMATER" = Microsoft Office Ultimate 2007
"WildTangent hp Master Uninstall" = HP Games
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinVDIG_is1" = WinVDIG 1.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4700

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

9/30/2010 10:13:17 AM
mbam-log-2010-09-30 (10-13-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 395878
Time elapsed: 1 hour(s), 24 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I have been running scans on this computer for 3 days now. I have tried 8 different programs and none of them has been able to find anything. Am I sunk?
 
Certainly coming up blank each time. Lets have a look at an online scan to see if it uncovers anything.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Kaspersky won't work

I cannot install Java. Kaspersky requires Java and that has been deleted from my system. Tried downloading and installing ,but error came up. Tried downloading Google chrome, but received an error as well. Tried installing from safe mode and also get an error. I know there is something on my machine stopping all these actions!!!

AHHH!H!H!H!H

Now what?
 
Can you try for a system restore? Go back a good 1 or 2 weeks before the problem started and then see if you can do the on-line scan.
 
still no luck.

I was able to download firefox and run Kaspersky. Empty report. Nothing found.
Then tried your restore idea. I was only able to restore to 9/21 and when I tried to load Kaspersky again in IE (which is having all the issues) I get the same error messages. I am trying to help a friend and she has over 250 GB of data on her drive that I have no idea what to do with. If you can think of anything else, that would be great, but I'm not sure what else to do.

Thank you so much for all your help and ideas so far.

mariemagnolia
 
Vista sucks :(. You do not happen to have the Vista installation CD?

====

Please download Rootkit Revealer
Unzip it to your desktop.
Open the RootkitRevealer folder and double-click RootkitRevealer.exe
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go to File > Save. Choose to save the log to your desktop.
Open rootkitrevealer.txt
on your desktop and copy the entire contents and paste them here
Please don't surf or do anything else during the scan with RootkitRevealer, or it may interfere with the results and show legitimate entries.

==============

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
401
Fastturtle
F
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back