Solved Svchost.exe (Trojan.agent) Malwarebytes cannot remove/system crashing

I downloaded the Tool and got it transferred. It appeared to run correctly, albeit slowly. It asked me to reboot the computer 1x when it found something fairly close to the beginning of the process, and then the second time it ran all the way through, also finding various objects.

The program finished, but when I tried to copy the log as you requested, the screen froze on me. I was unable to get a log.

Would you like me to run it again and try to get another log? It took about 3 hrs to run the first time.
 
Well, that's encouraging.

I have rebooted into normal mode and the computer did NOT immediately crash as it has been doing for the past several days. I did get 1 error message which looked like it happened when the Kasp. Virus Tool attempted to start. The error message read "Autotool Installation Failed. Please try to reboot your computer. Error message is Failed to Rename kl1."

I have not done anything else on that computer yet. Not tried to access internet or similar. Still posting this message from my good computer.
 
Very well then...

Keep the computer off the net until I tell you to reconnect.
Download following tool on good computer and run it on bad computer from normal mode.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL (part 1)

OTL logfile created on: 4/16/2012 7:50:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mmcook\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.30% Memory free
7.98 Gb Paging File | 6.60 Gb Available in Paging File | 82.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 588.37 Gb Total Space | 443.66 Gb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive J: | 3.82 Gb Total Space | 3.67 Gb Free Space | 96.18% Space Free | Partition Type: FAT32

Computer Name: COOK-HOME | User Name: mmcook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 18:44:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/11 12:37:54 | 002,100,544 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
PRC - [2010/12/11 10:54:50 | 000,353,600 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
PRC - [2009/12/17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/07 20:35:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/13 01:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 01:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/26 11:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/11 10:54:50 | 000,975,872 | ---- | M] () -- C:\Windows\SysWOW64\libxml2_CW.dll
MOD - [2010/12/11 10:54:50 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\libexpat.dll
MOD - [2010/12/11 10:54:49 | 001,073,152 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxcurl_CW.dll
MOD - [2010/12/11 10:54:49 | 000,081,920 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxjson_CW.dll
MOD - [2010/06/05 08:23:21 | 002,916,352 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_core_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 001,236,992 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 000,716,800 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_adv_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 000,499,712 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_html_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_xml_vc_CW.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2009/09/14 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/07/11 18:36:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/11 12:37:54 | 002,100,544 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/07 20:35:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/12/04 13:52:52 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/12/04 13:52:52 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/12/04 13:52:50 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/11/24 18:32:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/28 11:46:22 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/12/04 13:52:54 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/12/04 13:52:54 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/04 13:52:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/08 20:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/07 17:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/14 12:13:10 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120327.008\EX64.SYS -- (NAVEX15)
DRV - [2011/12/14 12:13:10 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120327.008\ENG64.SYS -- (NAVENG)
DRV - [2009/12/04 13:52:54 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/12/04 13:52:54 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/12/04 13:52:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{097077B6-82C2-49A7-9CC6-F7F628500EFA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {32E253B0-7E13-47A1-B5C5-FC1AF4587271}
IE - HKLM\..\SearchScopes\{32E253B0-7E13-47A1-B5C5-FC1AF4587271}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 BD 8E 05 C5 84 2A 45 94 33 C5 4A 98 96 D2 AA [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 BD 8E 05 C5 84 2A 45 94 33 C5 4A 98 96 D2 AA [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 BD 8E 05 C5 84 2A 45 94 33 C5 4A 98 96 D2 AA [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 BD 8E 05 C5 84 2A 45 94 33 C5 4A 98 96 D2 AA [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 BD 8E 05 C5 84 2A 45 94 33 C5 4A 98 96 D2 AA [binary data]
IE - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 01:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmcook\AppData\Roaming\Mozilla\Extensions
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\extensions
[2012/04/11 01:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/11 01:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\MMCOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZW9J5YW.DEFAULT\EXTENSIONS\{CD48E0BD-6C04-4EEA-A2C2-1DF17D4966A3}
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/04/12 21:19:01 | 000,001,389 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 176.9.75.3 www.google-analytics.com.
O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net.
O1 - Hosts: 176.9.75.3 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Reg Error: Value error.) - {058EBD97-84C5-452A-9433-C54A9896D2Aa} - C:\Windows\SysWow64\wscui32.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\Andrew & Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Meeples\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\mmcook\AppData\Local\Temp\_uninst_.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D372490F-985F-4182-88C3-716C25E2FDFD}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/14 00:13:50 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
OTL (Part 2)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 19:49:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/04/15 23:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/04/15 13:38:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/04/15 13:32:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/14 13:51:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/14 13:40:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/14 00:53:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/14 00:53:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/14 00:29:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/14 00:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/14 00:24:32 | 004,461,135 | R--- | C] (Swearware) -- C:\Users\mmcook\Desktop\ComboFix.exe
[2012/04/13 20:26:12 | 000,000,000 | ---D | C] -- C:\Users\mmcook\transfer
[2012/04/13 18:26:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/12 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\mmcook\AppData\Roaming\Obfo
[2012/04/12 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\mmcook\AppData\Roaming\Maac
[2012/04/10 16:55:18 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe
[2012/04/09 19:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/09 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

========== Files - Modified Within 30 Days ==========

[2012/04/16 19:53:35 | 000,747,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/16 19:53:35 | 000,639,448 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/16 19:53:35 | 000,111,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/16 19:31:18 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 19:31:18 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 19:20:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/16 19:20:03 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/16 19:00:41 | 000,000,935 | ---- | M] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/04/16 18:44:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/04/15 22:26:40 | 130,630,744 | ---- | M] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_04_16_05_31.exe
[2012/04/15 15:43:06 | 000,337,137 | ---- | M] () -- C:\Users\mmcook\Desktop\FSS.exe
[2012/04/15 13:56:07 | 000,000,512 | ---- | M] () -- C:\Users\mmcook\Desktop\MBR.dat
[2012/04/15 13:27:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/04/14 00:15:22 | 004,461,135 | R--- | M] (Swearware) -- C:\Users\mmcook\Desktop\ComboFix.exe
[2012/04/13 18:09:11 | 432,568,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/13 18:06:35 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe
[2012/04/12 21:19:01 | 000,001,389 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/11 23:57:20 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/07 20:30:05 | 000,000,112 | ---- | M] () -- C:\ProgramData\O2oEGr.dat
[2012/04/07 06:53:18 | 001,285,556 | ---- | M] () -- C:\Users\mmcook\Documents\signed repair request.jpg
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/15 23:53:38 | 000,000,935 | ---- | C] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2012/04/15 23:52:45 | 130,630,744 | ---- | C] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_04_16_05_31.exe
[2012/04/15 16:08:06 | 000,337,137 | ---- | C] () -- C:\Users\mmcook\Desktop\FSS.exe
[2012/04/15 13:45:56 | 000,000,512 | ---- | C] () -- C:\Users\mmcook\Desktop\MBR.dat
[2012/04/14 00:53:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/14 00:53:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/14 00:53:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/14 00:53:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/14 00:53:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/11 23:57:20 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/07 20:12:24 | 000,000,112 | ---- | C] () -- C:\ProgramData\O2oEGr.dat
[2012/04/07 06:53:18 | 001,285,556 | ---- | C] () -- C:\Users\mmcook\Documents\signed repair request.jpg
[2011/12/18 14:08:49 | 000,012,478 | -HS- | C] () -- C:\Users\mmcook\AppData\Local\774335p0e210t008t785a0hmt7c3
[2011/12/18 14:08:49 | 000,012,478 | -HS- | C] () -- C:\ProgramData\774335p0e210t008t785a0hmt7c3
[2011/09/06 23:19:13 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/05 13:14:39 | 000,000,079 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/08/16 21:36:45 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2011/06/22 18:48:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/11 10:55:04 | 000,975,872 | ---- | C] () -- C:\Windows\SysWow64\libxml2_CW.dll
[2010/12/11 10:55:03 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2010/12/11 10:54:59 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxjson_CW.dll
[2010/12/11 10:54:58 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxcurl_CW.dll
[2010/11/02 21:11:49 | 000,000,000 | ---- | C] () -- C:\Users\mmcook\AppData\Roaming\wklnhst.dat
[2010/06/05 08:23:51 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_xrc_vc_CW.dll
[2010/06/05 08:23:51 | 000,499,712 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_html_vc_CW.dll
[2010/06/05 08:23:51 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_media_vc_CW.dll
[2010/06/05 08:23:50 | 002,916,352 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_core_vc_CW.dll
[2010/06/05 08:23:49 | 000,716,800 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_adv_vc_CW.dll
[2010/06/05 08:23:47 | 001,236,992 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_vc_CW.dll
[2010/06/05 08:23:47 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_xml_vc_CW.dll
[2010/06/05 08:23:46 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_net_vc_CW.dll

========== LOP Check ==========

[2012/04/11 01:52:11 | 000,000,000 | ---D | M] -- C:\Users\Andrew & Connor\AppData\Roaming\ICAClient
[2010/10/09 08:07:57 | 000,000,000 | ---D | M] -- C:\Users\Andrew & Connor\AppData\Roaming\SharePod
[2010/04/04 12:53:35 | 000,000,000 | ---D | M] -- C:\Users\Andrew & Connor\AppData\Roaming\SPORE
[2012/04/11 01:32:57 | 000,000,000 | ---D | M] -- C:\Users\Andrew & Connor\AppData\Roaming\Wizards of the Coast
[2012/04/11 01:35:22 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\.minecraft
[2012/01/03 17:31:53 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\DarksporeData
[2012/04/11 01:35:22 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\Epson
[2012/04/11 01:52:22 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\ICAClient
[2012/04/11 01:52:22 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\Magic Set Editor
[2012/04/11 01:35:28 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\SPORE
[2011/06/12 22:35:43 | 000,000,000 | ---D | M] -- C:\Users\Meeples\AppData\Roaming\Wizards of the Coast
[2012/04/11 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\.minecraft
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\DarksporeData
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Epson
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\ICAClient
[2011/09/05 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Leadertech
[2012/04/12 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Maac
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Magic Set Editor
[2012/04/14 01:02:19 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Obfo
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\PCDr
[2009/12/26 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\SPORE
[2010/11/02 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Template
[2010/08/08 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Wizards of the Coast
[2012/02/13 13:18:57 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/11 22:24:18 | 008,005,932 | ---- | M] () -- C:\BellSouthIW.re~
[2012/04/14 13:51:12 | 000,017,593 | ---- | M] () -- C:\ComboFix.txt
[2009/11/08 18:18:09 | 000,000,081 | ---- | M] () -- C:\CTX.DAT
[2009/11/24 20:20:32 | 000,003,927 | R--- | M] () -- C:\dell.sdr
[2010/11/14 11:21:42 | 000,000,342 | ---- | M] () -- C:\fileinfo.txt
[2011/08/14 20:25:31 | 000,008,224 | ---- | M] () -- C:\GDIPFONTCACHEV1.DAT
[2012/04/16 19:20:03 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/04/16 19:20:10 | 4283,617,280 | -HS- | M] () -- C:\pagefile.sys
[2011/06/24 13:48:34 | 000,000,000 | ---- | M] () -- C:\t10o.1
[2012/04/13 18:26:16 | 000,129,164 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_13.04.2012_18.23.29_log.txt
[2012/04/13 19:53:28 | 000,126,366 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_13.04.2012_19.51.42_log.txt
[2012/04/13 21:53:24 | 000,126,366 | ---- | M] () -- C:\TDSSKiller.2.7.28.0_13.04.2012_21.52.43_log.txt
[2009/07/12 08:14:36 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/04/12 20:02:41 | 000,001,686 | -HS- | M] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/11 20:01:17 | 000,000,119 | -HS- | M] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/12/14 20:43:00 | 000,000,221 | -HS- | M] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/15 13:27:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/04/14 00:15:22 | 004,461,135 | R--- | M] (Swearware) -- C:\Users\mmcook\Desktop\ComboFix.exe
[2012/04/15 15:43:06 | 000,337,137 | ---- | M] () -- C:\Users\mmcook\Desktop\FSS.exe
[2012/04/16 18:44:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/04/15 22:26:40 | 130,630,744 | ---- | M] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_04_16_05_31.exe
[2012/04/13 18:06:35 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/16 19:22:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/02/13 13:18:57 | 000,032,652 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/06/22 18:43:23 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/06/22 18:43:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/04/23 18:18:44 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/04/23 18:18:44 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/06/22 18:43:23 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2004/10/18 23:38:56 | 000,000,122 | ---- | M] () -- C:\Users\mmcook\Favorites\Desktop (1).ini
[2012/02/16 18:44:57 | 000,000,402 | -HS- | M] () -- C:\Users\mmcook\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/12/18 14:13:55 | 000,012,478 | -HS- | M] () -- C:\ProgramData\774335p0e210t008t785a0hmt7c3
[2011/08/16 21:36:45 | 000,000,258 | ---- | M] () -- C:\ProgramData\tmaster8.net

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
Extras

OTL Extras logfile created on: 4/16/2012 7:50:55 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mmcook\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.69 Gb Available Physical Memory | 67.30% Memory free
7.98 Gb Paging File | 6.60 Gb Available in Paging File | 82.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 588.37 Gb Total Space | 443.66 Gb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive J: | 3.82 Gb Total Space | 3.67 Gb Free Space | 96.18% Space Free | Partition Type: FAT32

Computer Name: COOK-HOME | User Name: mmcook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8180004F-8861-8051-87FE-C892A27A9AFB}" = ATI Catalyst Install Manager
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9915F060-19D4-11D4-A682-00105AA6FA07}" = D&D Character Generator Demo
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"EPSON WorkForce 840 Series" = EPSON WorkForce 840 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04F3038E-4120-44CC-B330-E05F737246A5}" = Roxio Update Manager
"{089EC7B5-6480-4478-ACF0-DEFD4047343C}" = Epson Event Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore™
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C124BC7E-1C94-44C7-A8CA-70D10644FB05}" = Intellex Player
"{C1A0A3F9-C302-4A18-A2E0-71C927D24652}" = Epson Easy Photo Print 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.4 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"ALTACPHOME_is1" = Net Nanny Parental Controls 6.0
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.2
"ATT-PRT22" = ATT-PRT22
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"EEPPPlugIn" = Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic Set Editor 2_is1" = Magic Set Editor 2.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.5
"Network MagicUninstall" = Network Magic
"Philips Retractable PC Controller" = Philips Retractable PC Controller
"Steam App 620" = Portal 2
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2341466117-3050677054-3231783024-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/30/2011 9:04:51 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 3/30/2011 9:04:51 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/2/2011 8:50:23 AM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/3/2011 6:57:32 PM | Computer Name = Cook-Home | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 4/4/2011 5:28:57 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 220: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/4/2011 5:28:57 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/4/2011 9:42:01 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/5/2011 6:36:37 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 488: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/5/2011 6:36:37 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 4/5/2011 7:20:39 PM | Computer Name = Cook-Home | Source = Bonjour Service | ID = 100
Description = 324: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 4/16/2012 7:20:00 PM | Computer Name = Cook-Home | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 4/16/2012 7:20:00 PM | Computer Name = Cook-Home | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.

Error - 4/16/2012 7:20:33 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Symantec
Management Client service to connect.

Error - 4/16/2012 7:20:33 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7000
Description = The Symantec Management Client service failed to start due to the
following error: %%1053

Error - 4/16/2012 7:22:19 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 4/16/2012 7:22:49 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 4/16/2012 7:22:53 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 4/16/2012 7:22:56 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7003
Description = The Internet Connection Sharing (ICS) service depends the following
service: BFE. This service might not be installed.

Error - 4/16/2012 7:23:20 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP

Error - 4/16/2012 7:23:49 PM | Computer Name = Cook-Home | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >
 
That looks fairly well.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (Reg Error: Value error.) - {058EBD97-84C5-452A-9433-C54A9896D2Aa} - C:\Windows\SysWow64\wscui32.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2341466117-3050677054-3231783024-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - Startup: C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\mmcook\AppData\Local\Temp\_uninst_.bat ()
[2012/04/12 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\mmcook\AppData\Roaming\Obfo
[2012/04/12 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\mmcook\AppData\Roaming\Maac
[2012/04/16 19:00:41 | 000,000,935 | ---- | M] () -- C:\Users\mmcook\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011/12/18 14:08:49 | 000,012,478 | -HS- | C] () -- C:\Users\mmcook\AppData\Local\774335p0e210t008t785a0hmt7c3
[2011/12/18 14:08:49 | 000,012,478 | -HS- | C] () -- C:\ProgramData\774335p0e210t008t785a0hmt7c3


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
I received an error message running the fix. It said "Cannot create file C:\Windows\System32\drivers\etc\Hosts" I had to click "OK"

Now it is saying "Resetting Hosts Files. DO NOT INTERRUPT..." But it appears it may be hung up.
 
Stop the process.

Start OTL as administrator (right click on OTL and click "Run as administrator").
Other steps are the same.
 
When I right-clicked Run as Administrator the following notepad message popped up:

Files\Folders moved on Reboot
File\Folder C:\users\mmcook\appdata\roaming\microsoft\windows\start menu\programs\startup\-uninst-lnk not found!
File move failed C:\users\mmcook\appdata\local\temp\fxsapidebuglogfile.txt scheduled to be moved on reboot
File move failed C:\windows\system32\drivers\etc\hosts scheduled to be moved on reboot
Registry entries deleted on reboot.

I then tried to Run as Administrator and got the same error message as before.
 
Should I do "Run Scan" or "Quick Scan?"

And don't enter anything into the custom settings this time?
 
OTL logfile created on: 4/16/2012 9:22:35 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\mmcook\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 68.97% Memory free
7.98 Gb Paging File | 6.71 Gb Available in Paging File | 84.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 588.37 Gb Total Space | 444.30 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
Drive J: | 3.82 Gb Total Space | 3.67 Gb Free Space | 96.18% Space Free | Partition Type: FAT32

Computer Name: COOK-HOME | User Name: mmcook | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/16 18:44:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/11 12:37:54 | 002,100,544 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
PRC - [2010/12/11 10:54:50 | 000,353,600 | ---- | M] (ContentWatch, Inc.) -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
PRC - [2009/12/17 19:50:18 | 000,976,832 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/12/07 20:35:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/09/13 01:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/13 01:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/26 11:19:04 | 000,210,208 | ---- | M] (Acresso Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/11 10:54:50 | 000,975,872 | ---- | M] () -- C:\Windows\SysWOW64\libxml2_CW.dll
MOD - [2010/12/11 10:54:50 | 000,151,552 | ---- | M] () -- C:\Windows\SysWOW64\libexpat.dll
MOD - [2010/12/11 10:54:49 | 001,073,152 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxcurl_CW.dll
MOD - [2010/12/11 10:54:49 | 000,081,920 | ---- | M] () -- C:\Windows\SysWOW64\wxcode_msw28u_wxjson_CW.dll
MOD - [2010/06/05 08:23:21 | 002,916,352 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_core_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 001,236,992 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 000,716,800 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_adv_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 000,499,712 | ---- | M] () -- C:\Windows\SysWOW64\wxmsw28u_html_vc_CW.dll
MOD - [2010/06/05 08:23:21 | 000,135,168 | ---- | M] () -- C:\Windows\SysWOW64\wxbase28u_xml_vc_CW.dll
MOD - [2009/07/13 18:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 18:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/09/14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2009/09/14 01:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/18 16:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2011/07/11 18:36:21 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/11 12:37:54 | 002,100,544 | ---- | M] (ContentWatch, Inc.) [Auto | Running] -- C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe -- (CwAltaService20)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/07 20:35:33 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/12/04 13:52:54 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/12/04 13:52:52 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/12/04 13:52:52 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2009/12/04 13:52:50 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/11/24 18:32:17 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/07 15:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/05/01 15:35:54 | 000,181,544 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/01/28 11:46:22 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009/12/04 13:52:54 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2009/12/04 13:52:54 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/04 13:52:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/08 20:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/07 15:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 15:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/07 17:15:40 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV - [2012/02/03 05:00:00 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/14 12:13:10 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120327.008\EX64.SYS -- (NAVEX15)
DRV - [2011/12/14 12:13:10 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120327.008\ENG64.SYS -- (NAVENG)
DRV - [2009/12/04 13:52:54 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2009/12/04 13:52:54 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2009/12/04 13:52:54 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{097077B6-82C2-49A7-9CC6-F7F628500EFA}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {32E253B0-7E13-47A1-B5C5-FC1AF4587271}
IE - HKLM\..\SearchScopes\{32E253B0-7E13-47A1-B5C5-FC1AF4587271}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 97 BD 8E 05 C5 84 2A 45 94 33 C5 4A 98 96 D2 AA [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files (x86)\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 01:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/06/22 18:51:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmcook\AppData\Roaming\Mozilla\Extensions
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mmcook\AppData\Roaming\Mozilla\Firefox\Profiles\0zw9j5yw.default\extensions
[2012/04/11 01:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/11 01:51:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\MMCOOK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZW9J5YW.DEFAULT\EXTENSIONS\{CD48E0BD-6C04-4EEA-A2C2-1DF17D4966A3}
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/04/12 21:19:01 | 000,001,389 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 176.9.75.3 www.google-analytics.com.
O1 - Hosts: 176.9.75.3 ad-emea.doubleclick.net.
O1 - Hosts: 176.9.75.3 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [cwcptray] C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe (ContentWatch, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\cwalsp64.dll (ContentWatch, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\cwalsp.dll (ContentWatch, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D372490F-985F-4182-88C3-716C25E2FDFD}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/14 00:13:50 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/16 20:29:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/16 19:49:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/04/15 23:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/04/15 13:38:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/04/15 13:32:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/14 13:51:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/14 13:40:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/14 00:53:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/14 00:53:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/14 00:29:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/14 00:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/14 00:24:32 | 004,461,135 | R--- | C] (Swearware) -- C:\Users\mmcook\Desktop\ComboFix.exe
[2012/04/13 20:26:12 | 000,000,000 | ---D | C] -- C:\Users\mmcook\transfer
[2012/04/13 18:26:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/10 16:55:18 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe
[2012/04/09 19:42:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/09 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

========== Files - Modified Within 30 Days ==========

[2012/04/16 21:22:17 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 21:22:17 | 000,014,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/16 21:13:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/16 21:13:28 | 3212,709,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/16 19:53:35 | 000,747,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/16 19:53:35 | 000,639,448 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/16 19:53:35 | 000,111,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/16 18:44:00 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\mmcook\Desktop\OTL.exe
[2012/04/15 22:26:40 | 130,630,744 | ---- | M] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_04_16_05_31.exe
[2012/04/15 15:43:06 | 000,337,137 | ---- | M] () -- C:\Users\mmcook\Desktop\FSS.exe
[2012/04/15 13:56:07 | 000,000,512 | ---- | M] () -- C:\Users\mmcook\Desktop\MBR.dat
[2012/04/15 13:27:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mmcook\Desktop\aswMBR.exe
[2012/04/14 00:15:22 | 004,461,135 | R--- | M] (Swearware) -- C:\Users\mmcook\Desktop\ComboFix.exe
[2012/04/13 18:09:11 | 432,568,631 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/13 18:06:35 | 002,071,600 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mmcook\Desktop\TDSSKiller.exe
[2012/04/12 21:19:01 | 000,001,389 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/11 23:57:20 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/07 20:30:05 | 000,000,112 | ---- | M] () -- C:\ProgramData\O2oEGr.dat
[2012/04/07 06:53:18 | 001,285,556 | ---- | M] () -- C:\Users\mmcook\Documents\signed repair request.jpg
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/15 23:52:45 | 130,630,744 | ---- | C] () -- C:\Users\mmcook\Desktop\setup_11.0.0.1245.x01_2012_04_16_05_31.exe
[2012/04/15 16:08:06 | 000,337,137 | ---- | C] () -- C:\Users\mmcook\Desktop\FSS.exe
[2012/04/15 13:45:56 | 000,000,512 | ---- | C] () -- C:\Users\mmcook\Desktop\MBR.dat
[2012/04/14 00:53:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/14 00:53:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/14 00:53:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/14 00:53:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/14 00:53:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/11 23:57:20 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/07 20:12:24 | 000,000,112 | ---- | C] () -- C:\ProgramData\O2oEGr.dat
[2012/04/07 06:53:18 | 001,285,556 | ---- | C] () -- C:\Users\mmcook\Documents\signed repair request.jpg
[2011/09/06 23:19:13 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/05 13:14:39 | 000,000,079 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/08/16 21:36:45 | 000,000,258 | ---- | C] () -- C:\ProgramData\tmaster8.net
[2011/06/22 18:48:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/11 10:55:04 | 000,975,872 | ---- | C] () -- C:\Windows\SysWow64\libxml2_CW.dll
[2010/12/11 10:55:03 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\libexpat.dll
[2010/12/11 10:54:59 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxjson_CW.dll
[2010/12/11 10:54:58 | 001,073,152 | ---- | C] () -- C:\Windows\SysWow64\wxcode_msw28u_wxcurl_CW.dll
[2010/11/02 21:11:49 | 000,000,000 | ---- | C] () -- C:\Users\mmcook\AppData\Roaming\wklnhst.dat
[2010/06/05 08:23:51 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_xrc_vc_CW.dll
[2010/06/05 08:23:51 | 000,499,712 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_html_vc_CW.dll
[2010/06/05 08:23:51 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_media_vc_CW.dll
[2010/06/05 08:23:50 | 002,916,352 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_core_vc_CW.dll
[2010/06/05 08:23:49 | 000,716,800 | ---- | C] () -- C:\Windows\SysWow64\wxmsw28u_adv_vc_CW.dll
[2010/06/05 08:23:47 | 001,236,992 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_vc_CW.dll
[2010/06/05 08:23:47 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_xml_vc_CW.dll
[2010/06/05 08:23:46 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\wxbase28u_net_vc_CW.dll

========== LOP Check ==========

[2012/04/11 01:36:39 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\.minecraft
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\DarksporeData
[2012/04/11 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Epson
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\ICAClient
[2011/09/05 13:38:21 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Leadertech
[2012/04/11 01:52:31 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Magic Set Editor
[2012/04/11 01:36:55 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\PCDr
[2009/12/26 21:07:02 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\SPORE
[2010/11/02 21:11:51 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Template
[2010/08/08 17:37:24 | 000,000,000 | ---D | M] -- C:\Users\mmcook\AppData\Roaming\Wizards of the Coast
[2012/02/13 13:18:57 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Internet working. Malwarebyes updated and did Quick Scan. 2 Objects detected and I clicked Remove Selected.

Everything was looking good, however, when I attempted to navigate to the Techspot page, and then to the forums, I was redirected to some kind of ad page. So something still isn't right. I got off the internet immediately and am back posting from my other computer again.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.16.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mmcook :: COOK-HOME [administrator]
4/16/2012 9:38:06 PM
mbam-log-2012-04-16 (21-38-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260558
Time elapsed: 1 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
MiniToolBox by Farbar Version: 18-01-2012
Ran by mmcook (administrator) on 16-04-2012 at 22:27:12
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================
::1 localhost
 
Good job :)

How is redirection now?

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
795
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back