Solved Windows -- Delayed write failed virus.. advice? (Broni please view)

When I tried to run boot_cleaner.exe the black screen came up, along with this pop-up.

"WARNING"

'ATA_PASS_THROUGH_DIRECT is not supported by your disk controller.
SCSI_PASS_THROUGH_DIRECT will be used for disk I/O.'
(Okay)

As soon as I hit okay, the program continued with it's business.
 
aswMBR.exe logs

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-10 23:49:14
-----------------------------
23:49:14.862 OS Version: Windows 6.0.6002 Service Pack 2
23:49:14.862 Number of processors: 4 586 0x202
23:49:14.877 ComputerName: USER-PC UserName: user
23:49:17.139 Initialize success
23:49:29.267 AVAST engine download error: 0
23:49:34.976 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
23:49:34.992 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
23:49:34.992 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005d
23:49:34.992 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
23:49:35.023 Disk 0 MBR read successfully
23:49:35.023 Disk 0 MBR scan
23:49:35.023 Disk 0 unknown MBR code
23:49:35.039 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 333874 MB offset 63
23:49:35.054 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9522 MB offset 683774595
23:49:35.085 Disk 0 scanning sectors +703277505
23:49:35.210 Disk 0 scanning C:\Windows\system32\drivers
23:50:05.739 Service scanning
23:50:07.175 Modules scanning
23:50:17.003 Disk 0 trace - called modules:
23:50:17.034 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:50:17.049 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a793f0]
23:50:17.065 3 CLASSPNP.SYS[8072d8b3] -> nt!IofCallDriver -> [0x84fb54b0]
23:50:17.065 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\0000005c[0x84fb5c90]
23:50:17.081 Scan finished successfully
23:51:19.184 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
23:51:19.200 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
 
boot_cleaner.exe log

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 306a70bb88e51c06c67244ab8a2237bf

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix.exe Log

ComboFix 12-01-12.04 - user 01/12/2012 18:28:58.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1861 [GMT -8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\WEATHE~2\bar\1.bin\gcbarsvc.exe
c:\progra~1\WEATHE~2\bar\1.bin\gcbrmon.exe
c:\program files\WeatherBlink
c:\program files\WeatherBlink\bar\1.bin\CHROME.MANIFEST
c:\program files\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar
c:\program files\WeatherBlink\bar\1.bin\gcauxstb.dll
c:\program files\WeatherBlink\bar\1.bin\gcbar.dll
c:\program files\WeatherBlink\bar\1.bin\gcbarsvc.exe
c:\program files\WeatherBlink\bar\1.bin\gcbrmon.exe
c:\program files\WeatherBlink\bar\1.bin\gcbrstub.dll
c:\program files\WeatherBlink\bar\1.bin\gcdatact.dll
c:\program files\WeatherBlink\bar\1.bin\gcdlghk.dll
c:\program files\WeatherBlink\bar\1.bin\gcdyn.dll
c:\program files\WeatherBlink\bar\1.bin\gcfeedmg.dll
c:\program files\WeatherBlink\bar\1.bin\gchighin.exe
c:\program files\WeatherBlink\bar\1.bin\gchtml.dll
c:\program files\WeatherBlink\bar\1.bin\gchtmlmu.dll
c:\program files\WeatherBlink\bar\1.bin\gchttpct.dll
c:\program files\WeatherBlink\bar\1.bin\gcieovr.dll
c:\program files\WeatherBlink\bar\1.bin\gcimpipe.exe
c:\program files\WeatherBlink\bar\1.bin\gcmedint.exe
c:\program files\WeatherBlink\bar\1.bin\gcmlbtn.dll
c:\program files\WeatherBlink\bar\1.bin\gcmsg.dll
c:\program files\WeatherBlink\bar\1.bin\gcPlugin.dll
c:\program files\WeatherBlink\bar\1.bin\gcradio.dll
c:\program files\WeatherBlink\bar\1.bin\gcregfft.dll
c:\program files\WeatherBlink\bar\1.bin\gcregiet.dll
c:\program files\WeatherBlink\bar\1.bin\gcscript.dll
c:\program files\WeatherBlink\bar\1.bin\gcskin.dll
c:\program files\WeatherBlink\bar\1.bin\gcskplay.exe
c:\program files\WeatherBlink\bar\1.bin\gcSrcAs.dll
c:\program files\WeatherBlink\bar\1.bin\gctpinst.dll
c:\program files\WeatherBlink\bar\1.bin\gcuabtn.dll
c:\program files\WeatherBlink\bar\1.bin\INSTALL.RDF
c:\program files\WeatherBlink\bar\1.bin\LOGO.BMP
c:\program files\WeatherBlink\bar\1.bin\NPgcStub.dll
c:\program files\WeatherBlink\bar\IE9Mesg\COMMON.T8S
c:\program files\WeatherBlink\bar\Message\COMMON.T8S
c:\program files\WeatherBlink\bar\Settings\s_pid.dat
c:\program files\WeatherBlinkEI
c:\programdata\~bI71YeaD0m31h3
c:\programdata\~bI71YeaD0m31h3r
c:\programdata\bI71YeaD0m31h3
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WeatherBlinkService
.
.
((((((((((((((((((((((((( Files Created from 2011-12-13 to 2012-01-13 )))))))))))))))))))))))))))))))
.
.
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-01-07 19:08 . 2012-01-07 19:08 -------- d-----w- c:\programdata\Malwarebytes
2012-01-07 19:08 . 2012-01-07 19:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-07 19:08 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-07 04:53 . 2012-01-07 04:53 -------- d-----w- c:\users\user\AppData\Roaming\IObit
2012-01-07 04:53 . 2011-08-20 00:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-01-07 04:53 . 2010-11-27 02:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-01-07 04:53 . 2012-01-07 04:53 -------- d-----w- c:\program files\IObit
2012-01-07 00:41 . 2012-01-10 23:17 -------- d-----w- c:\programdata\AVAST Software
2012-01-07 00:41 . 2012-01-07 00:41 -------- d-----w- c:\program files\AVAST Software
2012-01-06 04:00 . 2012-01-06 23:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-12-14 20:20 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 20:20 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 20:20 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 20:20 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 20:20 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 20:20 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 20:20 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 01:16 . 2009-07-24 23:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-21 01:16 . 2009-07-24 23:51 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-21 01:16 . 2009-07-24 23:51 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-21 01:16 . 2009-07-24 23:51 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-11 15:38 . 2011-08-29 18:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-10 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-10 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-10 88608]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-02-01 1398024]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"HughesNetTools_McciTrayApp"="c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-12 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-11-15 44168]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Download Manager.lnk - c:\program files\C&S Publishing\Download Manager\DownloadManager.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-07-08 22:25 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 22:13]
.
2012-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 22:13]
.
2012-01-01 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-04-17 19:10]
.
2011-07-14 c:\windows\Tasks\User_Feed_Synchronization-{5A1AD0B9-C638-4788-A68E-6DACE4AF03E2}.job
- c:\windows\system32\msfeedssync.exe [2011-07-08 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 67.142.165.10 67.142.165.11
DPF: {3EEC59CC-1F1E-42AC-9E9D-32BAC3D126D1} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-WeatherBlink Browser Plugin Loader - c:\progra~1\WEATHE~2\bar\1.bin\gcbrmon.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Trend Micro\Internet Security\TmProxy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\hp\kbd\kbd.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-01-12 19:12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-13 03:12
.
Pre-Run: 252,637,380,608 bytes free
Post-Run: 253,054,181,376 bytes free
.
- - End Of File - - 5CFFE3E251123F940E3BE68C36D7AD73
 
Combofix log looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Combofix log looks good.

Any current issues?
Click to expand...

Great!! And not that I can tell, everything is running smoothly. There are no weird pop-ups. All my icons are sticking around. I'm running the OTL right now!
 
OTL Log

OTL logfile created on: 1/12/2012 8:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.51% Memory free
6.19 Gb Paging File | 5.08 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.05 Gb Total Space | 235.74 Gb Free Space | 72.30% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 1.25 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 334.83 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.90% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/12 20:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/20 17:17:39 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/20 17:16:31 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/08/25 10:35:18 | 001,584,472 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/14 13:03:58 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/09/14 11:45:30 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/04/14 02:58:40 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/04/14 02:58:04 | 000,703,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/31 16:03:12 | 001,398,024 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/01/31 16:03:08 | 000,648,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2008/02/15 06:36:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/01/15 03:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/20 13:36:25 | 001,454,592 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
PRC - [2007/05/07 09:35:56 | 001,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 03:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 16:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2007/05/07 09:35:56 | 001,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/20 17:17:39 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 17:16:31 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/14 11:45:30 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/04/14 02:58:40 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/04/14 02:58:04 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2009/01/31 16:03:08 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/02/15 06:36:06 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 17:16:53 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/26 18:02:28 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/07/05 14:20:02 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/05 14:19:56 | 000,050,256 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/05 14:19:50 | 000,154,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/02/26 09:11:02 | 000,299,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr70.sys -- (rt70x86)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/02/15 06:37:50 | 000,234,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2008/02/15 06:37:50 | 000,141,840 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2008/02/15 06:37:50 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/10 10:57:00 | 008,237,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/12/07 07:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/11/17 11:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/15 13:36:07 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/10/15 13:36:07 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/10/12 07:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/12/12 08:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-419807706-895616609-190428675-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/02 13:45:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gcffxtbr@WeatherBlink.com: C:\Program Files\WeatherBlink\bar\1.bin
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/02 13:45:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/12 19:06:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HughesNetTools_McciTrayApp] C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Manager.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-419807706-895616609-190428675-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-419807706-895616609-190428675-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EEC59CC-1F1E-42AC-9E9D-32BAC3D126D1} http://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab (McciEventStatRetriever Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 67.142.165.10 67.142.165.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39FA1E33-520C-4EDD-9377-B6BBF16F7A49}: DhcpNameServer = 66.82.4.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FFC7F1D-16AC-4FA1-BA20-8EBE0B8FCC68}: DhcpNameServer = 67.142.165.10 67.142.165.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC73F33B-2631-48E4-A30D-B941FC2B0C7F}: DhcpNameServer = 66.82.4.8
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/17 10:59:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/12 20:50:19 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/12 19:12:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/12 19:06:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/12 18:26:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/12 18:26:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/12 18:26:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/12 18:26:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/12 18:26:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/12 18:26:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/12 18:24:15 | 004,381,975 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/10 23:49:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/10 19:30:03 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2012/01/07 11:08:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/01/07 11:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 11:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/07 11:08:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/07 11:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/06 20:53:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\IObit
[2012/01/06 20:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2012/01/06 20:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/01/06 16:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/06 16:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2012/01/05 20:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/12 20:47:43 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:47:43 | 000,004,912 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/12 20:47:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/12 20:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/12 20:47:34 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 20:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/12 19:36:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/12 19:11:47 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/12 19:11:47 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/12 19:06:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/12 17:40:30 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/10 23:51:19 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/10 21:58:38 | 000,044,607 | ---- | M] () -- C:\Users\user\Desktop\bootkit_remover.zip
[2012/01/10 21:56:02 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2012/01/10 19:17:56 | 411,204,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/10 17:00:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2012/01/10 16:50:10 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\x2cxlfql.exe
[2012/01/07 11:11:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/07 11:09:39 | 000,001,356 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012/01/06 20:53:26 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/01/06 16:42:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/01/05 21:41:33 | 000,020,480 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 21:07:41 | 000,002,034 | ---- | M] () -- C:\Users\user\Desktop\QuickBooks Pro 2009.lnk
[2012/01/05 20:00:54 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/01/01 15:28:32 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[2011/12/23 20:08:30 | 000,002,627 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Office Word 2007.lnk
[2011/12/20 17:16:53 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/12/20 17:16:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/12/20 17:16:33 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/12/15 09:50:22 | 000,327,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/12 18:26:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/12 18:26:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/12 18:26:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/12 18:26:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/12 18:26:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/10 23:52:48 | 000,044,607 | ---- | C] () -- C:\Users\user\Desktop\bootkit_remover.zip
[2012/01/10 23:51:19 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2012/01/10 19:12:41 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\x2cxlfql.exe
[2012/01/07 12:40:56 | 3219,525,632 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 12:36:23 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\HughesNetTools.lnk
[2012/01/07 12:36:23 | 000,001,978 | ---- | C] () -- C:\Users\Public\Desktop\QuickBooks Pro 2009.lnk
[2012/01/07 12:36:23 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/07 12:36:23 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Windows Media Center.lnk
[2012/01/07 12:36:23 | 000,001,178 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/01/07 12:36:23 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Delivery Manager.lnk
[2012/01/07 12:36:23 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\StreetSmart Pro Readme.lnk
[2012/01/07 12:36:23 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/01/07 12:36:23 | 000,000,874 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2012/01/07 12:36:23 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\StreetSmart Pro.lnk
[2012/01/07 12:36:22 | 000,000,945 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/07 12:36:22 | 000,000,940 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/07 12:36:22 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/01/07 12:36:22 | 000,000,240 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/07 11:11:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/06 20:53:27 | 000,025,944 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2012/01/06 20:53:27 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/01/06 20:53:26 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2012/01/05 21:07:41 | 000,002,034 | ---- | C] () -- C:\Users\user\Desktop\QuickBooks Pro 2009.lnk
[2011/11/26 10:29:10 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/02/02 13:45:05 | 000,023,111 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/02/02 13:34:40 | 000,077,350 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/10/20 12:44:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 12:44:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/27 05:42:13 | 000,170,160 | ---- | C] () -- C:\Windows\hpqins00.dat
[2008/11/19 11:29:09 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/10/08 12:27:04 | 000,008,364 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2008/09/26 15:40:55 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/26 14:33:16 | 000,179,964 | ---- | C] () -- C:\Windows\hpwins14.dat
[2008/09/26 13:24:55 | 000,012,998 | R--- | C] () -- C:\Windows\hpwscr14.dat
[2008/09/26 13:09:29 | 000,020,480 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/17 10:50:29 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/04/17 10:46:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008/04/17 10:43:41 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/04/17 10:43:41 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007/11/16 08:12:18 | 000,001,108 | R--- | C] () -- C:\Windows\hpwmdl14.dat
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,327,688 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/01/16 09:22:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\7Wonders
[2008/09/26 12:21:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\C&S Publishing
[2010/07/29 15:19:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/09 09:21:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\funkitron
[2012/01/06 20:53:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IObit
[2009/08/03 09:04:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Magic Academy
[2009/01/16 06:42:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2008/10/21 14:51:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Snapfish
[2008/10/08 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2011/01/15 08:31:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vu360
[2008/09/17 15:47:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2012/01/12 19:39:25 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/14 08:29:11 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5A1AD0B9-C638-4788-A68E-6DACE4AF03E2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/02 12:31:21 | 000,001,024 | ---- | M] () -- C:\.rnd
[2008/04/17 10:59:37 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/04/17 11:35:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/12 19:12:20 | 000,012,425 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/12 20:47:34 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2008/09/30 09:17:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/30 09:17:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/12 20:47:32 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys
[2012/01/07 11:01:14 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2012/01/05 20:52:14 | 000,073,502 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_05.01.2012_20.51.21_log.txt
[2012/01/06 21:32:27 | 000,075,554 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_06.01.2012_21.31.52_log.txt
[2012/01/07 11:01:57 | 000,076,180 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_07.01.2012_11.01.39_log.txt
[2009/07/27 06:46:12 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/18 06:08:24 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2011/12/20 17:16:46 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\LMIproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/14 08:09:06 | 000,000,286 | -HS- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/01/10 21:56:02 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\user\Desktop\boot_cleaner.exe
[2012/01/12 17:40:30 | 004,381,975 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/01/12 20:46:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2012/01/10 16:50:10 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\x2cxlfql.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/28 10:13:42 | 000,000,402 | -HS- | M] () -- C:\Users\user\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/02/02 13:46:05 | 000,003,608 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras Log

OTL Extras logfile created on: 1/12/2012 8:53:09 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.51% Memory free
6.19 Gb Paging File | 5.08 Gb Available in Paging File | 81.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.05 Gb Total Space | 235.74 Gb Free Space | 72.30% Space Free | Partition Type: NTFS
Drive D: | 9.30 Gb Total Space | 1.25 Gb Free Space | 13.49% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 334.83 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive K: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.90% Space Free | Partition Type: FAT32

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A026B4D-16F6-4E51-8624-2D5D8A623812}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03761757-2F54-4D54-9A87-978D8BDA7184}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{0D5E518D-1048-4AEB-8002-603F885FEE6E}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{0E5DD2E1-7CCF-43CE-A497-A39778AB8B69}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{12E35CE3-90DE-4A9B-ABE7-00345149BB37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{164B2A34-0E85-4BC2-959B-6CDB21BAAB94}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{18262D9D-F46F-4EE1-896C-A9A2A94F40F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{19DFA58F-95E7-47AF-93E1-C4C99EB9621D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{26364803-3699-45DA-8BD6-9D5183A08A01}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{38A4BDBC-DF89-4351-9593-A8B3D5F8E34B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{5448C97B-8726-49FF-8015-190BFF5D6312}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{67306F4B-913C-482E-9D05-F5B2AD491CF9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6ED0E111-EAA3-4A8F-94AD-CFAAD8A52777}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{6F735A13-9D4E-43F7-893A-E8CA17002265}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{71E11F8D-4474-4B58-89D2-BE974BBF667C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9B6ED9B9-3A70-4496-AB70-27C57F2C5B0D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{B35C38BA-9809-4BC1-9412-9443320CD6F4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{B6B56800-7FAA-47EB-8498-A99A156D5CB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{BA943F8C-FCF5-4288-8032-078BE94B1297}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{C2ECAA19-180E-4069-827D-C19781421FB8}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{C50BD16C-198D-41EE-AAC5-8B414A6E61FB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{C702689A-CE58-4F94-9099-F3DE0A8F0B52}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D06D9CA3-81E0-46A6-94E9-882D7A54CC41}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{D2592DC9-8BEF-4123-8128-10B07012B975}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E2E83B60-8493-4E1E-BD4E-98CF86818E61}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EFB1DF63-5D11-46E9-8E88-A485990BA2F5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F2717548-2885-41AB-B180-C90435338933}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{F4459E34-1580-4E0E-B92C-FA461EB49632}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"TCP Query User{326DCC6E-F52E-49A4-A7E1-E8ECBAA9075B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D147E0DE-DE88-4C97-894B-3833F42BBEE7}C:\program files\schwab\sspro\sspro.exe" = protocol=6 | dir=in | app=c:\program files\schwab\sspro\sspro.exe |
"UDP Query User{27717093-C8E9-4014-9982-E43B787CFB3A}C:\program files\schwab\sspro\sspro.exe" = protocol=17 | dir=in | app=c:\program files\schwab\sspro\sspro.exe |
"UDP Query User{5093FBF9-787C-4B8E-B690-52C6E5DF92ED}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{542AF338-79AB-4EB2-93B3-71643EB93CA4}" = Download Manager
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57573545-74EB-46D2-B362-AA05364E4ED8}" = LogMeIn
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{649F6650-9232-448A-912F-46C0D095D54C}" = Delivery Manager
"{664708B3-C730-11D5-ADE7-00B0D07D157A}" = StreetSmart Pro
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7DCF7BBA-39A9-4e27-9154-F57BCED90CBF}" = HP Officejet J6400 Series
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A621B45A-D138-4A95-BE10-7CABA05EF94E}" = Trend Micro Internet Security
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Formatta Filler 7.0" = Formatta Filler 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HughesNetTools" = HughesNetTools
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Shop for HP Supplies" = Shop for HP Supplies
"Smart Defrag 2_is1" = Smart Defrag 2
"STANDARDR" = Microsoft Office Standard 2007
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-419807706-895616609-190428675-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Document Downloader" = Document Downloader

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2012 1:05:49 AM | Computer Name = user-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/6/2012 1:05:49 AM | Computer Name = user-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 1/6/2012 1:06:17 AM | Computer Name = user-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009": An attempt
to LogOff without a logo

Error - 1/6/2012 1:06:45 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application qbw32.exe, version 19.0.4012.705, time stamp
0x4c8fcd8e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x00000000, process id 0xf9c, application start time
0x01cccc30d4f6c8f2.

Error - 1/6/2012 1:45:48 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 80c Start Time: 01cccc301bfadbc2 Termination Time: 4976

Error - 1/6/2012 2:19:51 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/6/2012 4:47:26 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/6/2012 11:34:08 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/7/2012 12:31:09 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/7/2012 1:38:43 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 9/1/2010 10:39:14 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 79
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/12/2012 10:28:19 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/12/2012 10:54:09 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/12/2012 11:01:33 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/12/2012 11:01:33 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/12/2012 11:02:44 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/12/2012 11:02:54 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/12/2012 11:05:51 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/12/2012 11:11:47 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/12/2012 11:27:00 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/13/2012 12:49:21 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Manager.lnk = File not found
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-419807706-895616609-190428675-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You're very welcome
smiley_says_hello.gif
 
Gah!!! I just messed up, I accidentally updated Java first. I have not ran the OTL scan yet! Can I still run the OTL scan? Or do I have to fix something now. Sorry >< I just shut the computer off -I'm not going to touch it until you reply.
 
Alright, I've ran through everything. Got online with infected computer to download the Online Security Scan and as soon as I clicked on the 'download' button -the computer froze. I'm not sure if it has a significant meaning or not. I'm going to force a shut down and reboot. This computer is known to freeze though.
 
You must log in or register to reply here.

Similar threads

M
Virus warning popup
Replies
1
Views
541
Mark Fuller
M
Bubbajim
Boeing Starliner crewed flight to ISS delayed yet again
Replies
11
Views
228
Endymio
Endymio
Daniel Sims
Nintendo Switch 2 has been delayed to Q1 2025, according to various reports
Replies
11
Views
235
erickmendes
erickmendes

Latest posts

Back