Nothing on my desktop but a blue screen
-
Nothing on my desktop but a blue screen
Had to do this on safemode here are the logs
Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.02.09.08
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: DAVID [administrator]
2/9/2012 8:06:17 PM
mbam-log-2012-02-09 (20-06-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200350
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |nOutSSdAWyv.exe (Rogue.FakeHDD) -> Data: C:\Documents and Settings\All Users\Application Data\nOutSSdAWyv.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Documents and Settings\All Users\Application Data\nOutSSdAWyv.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
C:\Documents and Settings\David\Local Settings\Temp\omeracxwsn.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-10 01:37:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD2500AAKS-00VYA0 rev.12.01B02
Running: cnikd1uo.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgldapod.sys
---- Kernel code sections - GMER 1.0.15 ----
? fyjkljy.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Current State 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log Type 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Collection Name System Overview
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Collection Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-731
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length?
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Comment This sample log provides an overview of system performance.
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Comment Indirect @C:\WINDOWS\System32\smlogcfg.dll,-735
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@RealTime DataSource 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Max Size -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Data Store Attributes 33
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Base Name System_Overview
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Base Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-744
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Sql Log Base Name SQL:!System Overview
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Serial Number 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Folder C:\PerfLogs
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Auto Format -1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\SysmonLog\L og Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@ExecuteOnly 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Current State 0
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log Type 0
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Collection Name System Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Collection Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-731
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Counter List \Processor(_Total)\% Processor Time?\Memory\Pages/sec?\PhysicalDisk(_Total)\Avg. Disk Queue Length?
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Comment This sample log provides an overview of system performance.
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Comment Indirect @C:\WINDOWS\System32\smlogcfg.dll,-735
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@RealTime DataSource 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Max Size -1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Data Store Attributes 33
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Base Name System_Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Base Name Indirect @C:\WINDOWS\System32\smlogcfg.dll,-744
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Sql Log Base Name SQL:!System Overview
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Serial Number 1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Folder C:\PerfLogs
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Auto Format -1
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@Log File Type 2
Reg HKLM\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\{50a3911f-b4a1-4dc3-9c95-7b799fe6ebb7}@ExecuteOnly 1
---- EOF - GMER 1.0.15 ----
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-11 06:45:06
-----------------------------
06:45:06.906 OS Version: Windows 5.1.2600 Service Pack 3
06:45:06.906 Number of processors: 2 586 0xF0D
06:45:06.906 ComputerName: DAVID UserName:
06:45:07.343 Initialize success
06:47:59.578 AVAST engine defs: 12021100
06:49:13.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
06:49:13.750 Disk 0 Vendor: WDC_WD2500AAKS-00VYA0 12.01B02 Size: 238475MB BusType: 3
06:49:13.781 Disk 0 MBR read successfully
06:49:13.781 Disk 0 MBR scan
06:49:13.812 Disk 0 unknown MBR code
06:49:13.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
06:49:13.843 Disk 0 scanning sectors +488392065
06:49:13.906 Disk 0 scanning C:\WINDOWS\system32\drivers
06:49:23.671 Service scanning
06:49:28.140 Modules scanning
06:49:32.937 Disk 0 trace - called modules:
06:49:32.984 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
06:49:33.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6e8ab8]
06:49:33.000 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8a6e5d98]
06:49:33.406 AVAST engine scan C:\WINDOWS
06:49:39.703 AVAST engine scan C:\WINDOWS\system32
06:52:11.078 AVAST engine scan C:\WINDOWS\system32\drivers
06:52:31.531 AVAST engine scan C:\Documents and Settings\Administrator
06:52:49.984 AVAST engine scan C:\Documents and Settings\All Users
06:54:14.703 Scan finished successfully
07:02:17.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
07:02:17.703 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/27/2010 8:29:25 PM
System Uptime: 2/10/2012 5:09:08 AM (0 hours ago)
.
Motherboard: ECS | | 945GCT-M
Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 1995/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 81.906 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: McAfee Core NDIS Intermediate Filter Miniport
Device ID: ROOT\MFE_NDISKMP\0000
Manufacturer: McAfee
Name: Realtek RTL8139/810x Family Fast Ethernet NIC - McAfee Core NDIS Intermediate Filter Miniport
PNP Device ID: ROOT\MFE_NDISKMP\0000
Service: mfendiskmp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: McAfee Core NDIS Intermediate Filter Miniport
Device ID: ROOT\MFE_NDISKMP\0001
Manufacturer: McAfee
Name: WAN Miniport (IP) - McAfee Core NDIS Intermediate Filter Miniport
PNP Device ID: ROOT\MFE_NDISKMP\0001
Service: mfendiskmp
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: McAfee Core NDIS Intermediate Filter Miniport
Device ID: ROOT\MFE_NDISKMP\0002
Manufacturer: McAfee
Name: VIA Rhine II Fast Ethernet Adapter - McAfee Core NDIS Intermediate Filter Miniport
PNP Device ID: ROOT\MFE_NDISKMP\0002
Service: mfendiskmp
.
==== System Restore Points ===================
.
RP349: 11/10/2011 1:28:54 PM - System Checkpoint
RP350: 11/10/2011 2:08:10 PM - Software Distribution Service 3.0
RP351: 11/11/2011 3:06:13 PM - Software Distribution Service 3.0
RP352: 11/12/2011 8:47:40 AM - Windows Defender Checkpoint
RP353: 11/12/2011 8:52:57 AM - Removed IObit Toolbar v4.7.
RP354: 11/12/2011 9:13:13 AM - Removed Costco Photo Organizer
RP355: 11/12/2011 9:15:37 AM - Removed Napster
RP356: 11/12/2011 9:25:43 AM - Removed WinZip 15.0
RP357: 11/16/2011 3:25:05 PM - Software Distribution Service 3.0
RP358: 11/17/2011 6:32:28 PM - System Checkpoint
RP359: 11/19/2011 2:00:50 PM - Software Distribution Service 3.0
RP360: 11/20/2011 2:36:58 PM - System Checkpoint
RP361: 11/22/2011 5:53:55 AM - System Checkpoint
RP362: 11/22/2011 1:53:45 PM - Software Distribution Service 3.0
RP363: 11/23/2011 1:15:56 PM - Software Distribution Service 3.0
RP364: 11/24/2011 3:12:55 PM - System Checkpoint
RP365: 11/25/2011 7:18:44 AM - Software Distribution Service 3.0
RP366: 11/26/2011 5:33:10 PM - System Checkpoint
RP367: 11/28/2011 6:31:07 AM - System Checkpoint
RP368: 11/30/2011 6:41:13 AM - Software Distribution Service 3.0
RP369: 12/2/2011 6:47:32 AM - Software Distribution Service 3.0
RP370: 12/3/2011 9:26:52 AM - System Checkpoint
RP371: 12/4/2011 9:37:39 AM - System Checkpoint
RP372: 12/5/2011 2:20:06 PM - System Checkpoint
RP373: 12/6/2011 6:38:31 AM - Software Distribution Service 3.0
RP374: 12/8/2011 6:30:40 AM - System Checkpoint
RP375: 12/8/2011 6:38:42 AM - Software Distribution Service 3.0
RP376: 12/9/2011 6:29:51 AM - Windows Defender Checkpoint
RP377: 12/9/2011 6:30:05 AM - Software Distribution Service 3.0
RP378: 12/10/2011 7:04:37 AM - System Checkpoint
RP379: 12/12/2011 8:01:30 PM - Windows Defender Checkpoint
RP380: 12/13/2011 6:08:12 AM - Software Distribution Service 3.0
RP381: 12/17/2011 8:46:50 PM - Software Distribution Service 3.0
RP382: 12/19/2011 7:32:59 PM - System Checkpoint
RP383: 12/20/2011 6:43:08 PM - Software Distribution Service 3.0
RP384: 12/22/2011 6
06 PM - System Checkpoint
RP385: 12/23/2011 6:55:27 PM - Software Distribution Service 3.0
RP386: 12/24/2011 9:42:09 AM - Windows Defender Checkpoint
RP387: 12/25/2011 12:34:51 PM - System Checkpoint
RP388: 12/27/2011 8:19:29 AM - Software Distribution Service 3.0
RP389: 12/28/2011 9:57:54 AM - System Checkpoint
RP390: 12/29/2011 9:43:59 AM - power boast
RP391: 12/29/2011 10:06:20 AM - Removed Data Lifeguard Tools
RP392: 12/29/2011 10:08:27 AM - Removed Napster
RP393: 12/29/2011 10:13:25 AM - Windows Defender Checkpoint
RP394: 12/30/2011 6:25:36 AM - Software Distribution Service 3.0
RP395: 1/4/2012 6:45:01 AM - System Checkpoint
RP396: 1/4/2012 2:13:28 PM - Software Distribution Service 3.0
RP397: 1/7/2012 6:49:19 AM - System Checkpoint
RP398: 1/7/2012 7:18:06 AM - Software Distribution Service 3.0
RP399: 1/8/2012 8:48:33 AM - Windows Defender Checkpoint
RP400: 1/10/2012 7:07:45 AM - Software Distribution Service 3.0
RP401: 1/10/2012 7:34:22 PM - Software Distribution Service 3.0
RP402: 1/10/2012 7:47:46 PM - Software Distribution Service 3.0
RP403: 1/12/2012 6:33:51 AM - System Checkpoint
RP404: 1/13/2012 7:41:32 PM - System Checkpoint
RP405: 1/13/2012 7:50:42 PM - Software Distribution Service 3.0
RP406: 1/14/2012 5:24:37 PM - Windows Defender Checkpoint
RP407: 1/16/2012 12:57:03 PM - Windows Defender Checkpoint
RP408: 1/18/2012 6:03:08 AM - System Checkpoint
RP409: 1/18/2012 6:34:43 AM - Windows Defender Checkpoint
RP410: 1/18/2012 1:14:48 PM - Software Distribution Service 3.0
RP411: 1/20/2012 7:03:48 AM - Software Distribution Service 3.0
RP412: 1/22/2012 10:53:43 AM - System Checkpoint
RP413: 1/24/2012 6:44:44 AM - Software Distribution Service 3.0
RP414: 1/25/2012 12:17:07 PM - System Checkpoint
RP415: 1/27/2012 6:30:36 AM - System Checkpoint
RP416: 1/27/2012 6:08:50 PM - Software Distribution Service 3.0
RP417: 1/29/2012 5:42:53 AM - System Checkpoint
RP418: 1/30/2012 6:07:43 AM - System Checkpoint
RP419: 1/30/2012 6:32:11 AM - Installed OneTouch(R) Software v2.3.3
RP420: 1/30/2012 6:33:38 AM - Installed Meter Drivers for OneTouch(R) Software
RP421: 1/30/2012 7:08:07 AM - Removed Napster
RP422: 1/31/2012 6:15:26 AM - Software Distribution Service 3.0
RP423: 1/31/2012 7:10:36 PM - Installed TurboTax 2011 wrapper
RP424: 2/1/2012 8:28:16 PM - Installed TurboTax 2011 wcaiper
RP425: 2/3/2012 6
15 AM - Software Distribution Service 3.0
RP426: 2/3/2012 6:55:35 AM - Windows Defender Checkpoint
RP427: 2/4/2012 5:08:20 PM - System Checkpoint
RP428: 2/6/2012 5:33:45 AM - System Checkpoint
RP429: 2/7/2012 5:33:54 AM - System Checkpoint
RP430: 2/7/2012 5:52:10 AM - Software Distribution Service 3.0
RP431: 2/8/2012 6:13:52 AM - Software Distribution Service 3.0
RP432: 2/9/2012 6:20:29 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
Avery Wizard 3.1
AVIConverter 5.1.0
BadCopy Pro
BearShare
Bonjour
BufferChm
Camedia Master 4.3
CameraDrivers
CameraUserGuides
Canon CanoScan Toolbox 4.1
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
ConsumerUpdate
Coupon Printer for Windows
Cypress USB Mass Storage Driver Installation
dcmsvc 1.0
DeviceDiscovery
DeviceManagementQFolder
Digital Locker Assistant
DVD Decrypter (Remove Only)
DVD Profiler Version 3.7.2
DVD Shrink 3.2
Easy CD & DVD Creator 6
EPSON Print CD
EPSON Printer Software
eSupportQFolder
Film Factory
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
HP Imaging Device Functions 9.0
HP Photosmart Cameras 9.0
HP Photosmart Essential 2.5
HP Product Assistant
HP Solution Center 9.0
HP Update
hpicamDrvQFolder
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
ICQ7.2
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) Integrated Performance Primitives RTI 4.0
Intel(R) Processor ID Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Lernout & Hauspie TruVoice American English TTS Engine
LG USB Drivers
LifeScan USB Device Driver vSL2.0 (Driver Removal)
Locked Programs
Malwarebytes Anti-Malware version 1.60.1.1000
Meter Drivers for OneTouch(R) Software
Meter Drivers for OneTouch(R) Software v1.10.0.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works 7.0
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MSXML 6.0 Parser (KB933579)
Napster
Norton Security Suite
OLYMPUS CAMEDIA Master 4.3
OneTouch Software
PanoStandAlone
Philips FunCam
Photosynth 2.0109.0415.1554
PL-2303 USB-to-Serial
Platform
PMC laser lens Cleaner V1.0
PSSWCORE
Quicken WillMaker Plus 2009
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Samsung DVC Media 5.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.5
SolutionCenter
Status
TrayApp
TurboTax 2008
TurboTax 2008 wcaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wcaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcaiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax Deluxe 2007
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB971029)
USB-IrDA Adapter
USB Mini Driver
USB Storage Adapter FX (SM1)
V CAST Music
V CAST Music Essentials Manager
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0331
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Backup Utility
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Yahoo! Detect
Yahoo! Messenger
Zoosk Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 9:23:46 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
2/9/2012 8:16:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 BHDrvx86 cdudf_xp Cinemsup eeCtrl Fips intelppm Lbd sdpiosys SRTSPX SymIRON SYMTDI uagp35 ViaIde videX32 xfilt
2/9/2012 8:15:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/9/2012 8:05:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32 BHDrvx86 cdudf_xp Cinemsup eeCtrl Fips intelppm Lbd sdpiosys SRTSPX SymIRON SYMTDI
2/9/2012 6:08:42 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 BHDrvx86 cdudf_xp Cinemsup eeCtrl Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd Rdbss sdpiosys SRTSPX SymIRON SYMTDI Tcpip
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The IP Traffic Filter Driver service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:42 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2012 6:08:36 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/9/2012 6:08:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/9/2012 6:08:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/8/2012 6:08:14 AM, error: RemoteAccess [20151] - The Control Protocol IPCP in the Point to Point Protocol module (unknown) returned an error while initializing. A device attached to the system is not functioning.
2/6/2012 2:25:51 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
2/4/2012 1:04:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Lbd sdpiosys
2/4/2012 1:04:11 PM, error: NetBT [4321] - The name "DAVID :20" could not be registered on the Interface with IP address 192.168.0.102. The machine with the IP address 192.168.0.105 did not allow the name to be claimed by this machine.
2/4/2012 1:04:11 PM, error: NetBT [4321] - The name "DAVID :0" could not be registered on the Interface with IP address 192.168.0.102. The machine with the IP address 192.168.0.105 did not allow the name to be claimed by this machine.
2/4/2012 1:04:08 PM, error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends on the following nonexistent service: MfeFire
2/4/2012 1:04:08 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/4/2012 1:04:04 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{46E376AD-7949-4F26-9C01-1C6CFAFF808C} because another computer on the network has the same name. The server could not start.
2/4/2012 1:04:03 PM, error: DCOM [10000] - Unable to start a DCOM Server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}. The error: "%193" Happened while starting this command: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -Embedding
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Administrator at 5:10:33 on 2012-02-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1732 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [PMC] c:\program files\pmc\pmccheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2H 1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
IE: {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\program files\icq7.2\ICQ.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} - hxxp://secure2.comned.com/signuptemplates/securelogin-devel.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} - hxxp://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{46E376AD-7949-4F26-9C01-1C6CFAFF808C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{97003079-8FDD-4DA0-8987-225D7A18CB0B} : DhcpNameServer = 68.87.76.178 68.87.78.130
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\3zmau0kn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\e xt\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillapl ugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\E xt
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d \symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\050200 0.00d\symefa.sys [2012-2-7 744568]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-5-5 11264]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\ 20120207.003\BHDrvx86.sys [2012-2-8 820344]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpi osys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00 d\ironx86.sys [2012-2-7 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-3 136176]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-3-29 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
S3 CQX;Susteen Virtual Serial Port Driver;c:\windows\system32\drivers\CQX.SYS [2007-8-25 38144]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-3 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-3 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\2 0120208.002\IDSXpx86.sys [2012-2-8 356280]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2008-5-11 20464]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs \20120209.003\NAVENG.SYS [2012-2-9 86136]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs \20120209.003\NAVEX15.SYS [2012-2-9 1576312]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [2007-5-27 18088]
S3 SNDFCAM;Philips FunCam;c:\windows\system32\drivers\sndfcam.sys [2007-5-27 219008]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-4-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-4-12 20096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30 319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
regfile=regedit.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-08 14:13:57 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{3883d4d9-b93d-4906-82c5-7ea3a6705c30}\mpengine.dll
2012-02-08 04:15:35 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtd i.sys
2012-02-08 04:15:35 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtd iv.sys
2012-02-08 04:15:34 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symef a.sys
2012-02-08 04:15:34 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp .sys
2012-02-08 04:15:34 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp x.sys
2012-02-08 04:15:34 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds .sys
2012-02-08 04:15:34 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symne ts.sys
2012-02-08 04:15:34 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx 86.sys
2012-02-08 04:15:12 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-02-07 20:58:10 -------- d-----w- C:\VAMPIRES_SUCK_FD
2012-02-05 03:46:58 -------- d-----w- c:\program files\DVD Profiler
2012-02-04 21:15:36 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-02-03 15:02:44 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2012-02-03 15:02:44 339968 ----a-w- c:\windows\system32\N067UFW.DLL
2012-01-30 21:58:06 -------- d-----w- c:\windows\MATS
2012-01-30 21:58:05 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-01-30 14:34:17 -------- d-----w- c:\program files\Silabs
2012-01-30 14:31:45 62736 ----a-w- c:\program files\common files\system\ole db\msdatl2.dll
2012-01-30 14:31:45 5392 ----a-w- c:\program files\common files\system\ole db\OLEDB32X.DLL
2012-01-30 14:31:41 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-01-25 15:04:07 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-25 15:04:07 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-25 15:04:07 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-25 15:04:07 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2012-01-27 0824 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 14:50:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-03 14:50:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-24 13:45:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 1444 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 1444 152064 ----a-w- c:\windows\system32\schannel.dll
2003-08-27 21:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 5:11:32.67 ===============
-
Welcome aboard 
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
================================================== =================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode (How to...)
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
-
That log is incomplete.
Please re-run Combofix one more time.
-
here is the combofix logComboFix 12-02-11.03 - Administrator 02/11/2012 17:48:57.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1618 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\invokesi.exe
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EIPl ug.dll
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\14EZSE TP.dll
c:\program files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EI Sb.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USNJSVC
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-11 23:09 . 2012-02-11 23:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2012-02-11 23:00 . 2012-02-11 23:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Template
2012-02-08 14:13 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{3883D4D9-B93D-4906-82C5-7EA3A6705C30}\mpengine.dll
2012-02-08 04:15 . 2012-02-08 14:06 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-02-07 20:58 . 2012-02-07 20:58 -------- d-----w- C:\VAMPIRES_SUCK_FD
2012-02-05 03:46 . 2012-02-05 03:46 -------- d-----w- c:\program files\DVD Profiler
2012-02-04 21:15 . 2011-03-31 03:04 44024 ----a-r- c:\windows\system32\drivers\SymIM.sys
2012-02-03 15:02 . 2003-09-18 01:35 339968 ----a-w- c:\windows\system32\N067UFW.DLL
2012-02-03 15:02 . 2002-09-12 09:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2012-01-30 21:58 . 2012-01-30 21:58 -------- d-----w- c:\windows\MATS
2012-01-30 21:58 . 2012-01-30 21:58 -------- d-----w- c:\program files\Microsoft Fix it Center
2012-01-30 14:34 . 2012-01-30 14:34 -------- d-----w- c:\program files\Silabs
2012-01-30 14:31 . 1999-01-18 08:00 5392 ----a-w- c:\program files\Common Files\System\Ole DB\OLEDB32X.DLL
2012-01-30 14:31 . 1999-01-12 08:00 62736 ----a-w- c:\program files\Common Files\System\Ole DB\msdatl2.dll
2012-01-30 14:31 . 1998-06-18 08:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-01-25 15:04 . 2012-01-25 15:04 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-25 15:04 . 2012-01-25 15:04 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-25 15:04 . 2012-01-25 15:04 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-25 15:04 . 2012-01-25 15:04 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-01-27 08:21 . 2009-10-03 21:00 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 04:19 . 2007-09-15 14:52 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-10 23:24 . 2008-05-11 17:17 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-03 14:50 . 2010-02-07 00:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-12-03 14:50 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-25 21:57 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-24 13:45 . 2011-05-18 13:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2003-03-31 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2003-03-31 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2003-03-31 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2003-03-31 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2003-08-27 21:19 . 2007-05-05 21:54 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
2012-01-25 15:04 . 2011-05-21 22:56 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-04-14 21:01 . 2010-12-04 16:28 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTrayp"="VTtrayp.exe" [2006-08-30 180224]
"VTTimer"="VTTimer.exe" [2006-08-03 53248]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"PMC"="c:\program files\PMC\pmccheck.exe" [1997-08-11 190464]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_S4I2H1.EXE" [2003-07-08 99840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-12-19 131072]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 69632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-03 296056]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 18:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 09:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D \symds.sys [2/7/2012 8:15 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\050200 0.00D\symefa.sys [2/7/2012 8:15 PM 744568]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20120207.003\BHDrvx86.sys [2/8/2012 5:56 PM 820344]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpi osys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00 D\ironx86.sys [2/7/2012 8:15 PM 136312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/3/2011 6:48 AM 136176]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/29/2008 2:30 PM 652360]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2/7/2012 8:15 PM 130008]
S3 CQX;Susteen Virtual Serial Port Driver;c:\windows\system32\drivers\CQX.SYS [8/25/2007 11:01 AM 38144]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 6:58 PM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/3/2011 6:48 AM 136176]
S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120208.002\IDSXpx86.sys [2/8/2012 6:26 PM 356280]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [5/11/2008 9:17 AM 20464]
S3 SDVC05;USB SDVC05;c:\windows\system32\drivers\SDVC05.sys [5/27/2007 9:10 AM 18088]
S3 SNDFCAM;Philips FunCam;c:\windows\system32\drivers\sndfcam.sys [5/27/2007 9:25 PM 219008]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [4/12/2006 11:01 AM 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [4/12/2006 8:24 AM 20096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 00:57]
.
2012-02-12 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]
.
2012-02-11 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 06:09]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 14:47]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 14:47]
.
2012-02-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3zmau0kn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-11 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-2052111302-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,d5,e1 ,7f,81,09,15,49,87,9f,ac,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,61,d5,e1 ,7f,81,09,15,49,87,9f,ac,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCP90.dll
c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.1_x-ww_6f74963e\MSVCR90.dll
.
Completion time: 2012-02-11 17:58:45
ComboFix-quarantined-files.txt 2012-02-12 01:58
.
Pre-Run: 168,048,713,728 bytes free
Post-Run: 168,031,145,984 bytes free
.
- - End Of File - - 2345CEB865507E67E389ABE6F7A16EC0
-
Looks good.
How is computer doing?
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
Last edited by broni; 14-02-2012 at 03:53 AM.
-
I was able to do this with a regular startup
I still have a blue screen with nothing on the desktop and very little stuff on the start window and internet explorer is still running with out add ons.
also nortoms found some trojans which were deleted by nortons security
Here are the OTL logs
OTL logfile created on: 2/12/2012 3:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.14% Memory free
4.83 Gb Paging File | 4.16 Gb Available in Paging File | 86.20% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3100 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.56 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: DAVID | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/02/12 15:43:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\David.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/03 06:50:59 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe
PRC - [2010/08/23 2040 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/08/02 22:53:02 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/10 19:40:04 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5 c561934e089\System.dll
MOD - [2012/01/10 19:40:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2012/01/10 19:40:02 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\ 2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/01/10 19:39:57 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0. 0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/01/10 19:39:57 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoti ng\2.0.0.0__b77a5c561934e089\System.Runtime.Remoti ng.dll
MOD - [2012/01/10 19:39:55 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServic es\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServ ices.dll
MOD - [2012/01/10 19:39:54 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0 .0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/10 19:39:53 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b 77a5c561934e089\System.Xml.dll
MOD - [2012/01/10 19:39:50 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess \2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.d ll
MOD - [2012/01/10 19:39:45 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\ 2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/10/12 17:47:45 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.ServiceProce#\a0e090647c856fe52e1f1e5d2a25b1ac \System.ServiceProcess.ni.dll
MOD - [2011/10/12 17:45:30 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Runtime.Remo#\7f18fb1e1acae58c6a572faf922bfa3a \System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 17:45:27 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907 \System.EnterpriseServices.ni.dll
MOD - [2011/10/12 17:45:26 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Transactions\344c1e000e4158cc37a5e9068e095d40\ System.Transactions.ni.dll
MOD - [2011/10/12 17:42:44 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e \System.ServiceProcess.ni.dll
MOD - [2011/10/12 17:34:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Sys tem\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/12 17:34:29 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\msc orlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni .dll
MOD - [2011/10/12 17:27:44 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Data\494945003f729a5d6ec21324dff8c7b9\System.D ata.ni.dll
MOD - [2011/10/12 17:27:31 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Xml\a401952384c24581989cdc85270f3d9d\System.Xm l.ni.dll
MOD - [2011/10/12 17:27:26 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc \System.Configuration.ni.dll
MOD - [2011/10/12 17:27:22 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21 \System.Windows.Forms.ni.dll
MOD - [2011/10/12 17:27:10 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Drawing\c04dcef499114715d2a222c01ea6b227\Syste m.Drawing.ni.dll
MOD - [2011/10/12 17:27:03 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem.Core\52598abacb89081ab248f435d9dabdf4\System.C ore.ni.dll
MOD - [2011/10/12 17:26:53 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2011/10/12 17:26:40 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni .dll
MOD - [2011/06/24 2136 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 2114 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/28 11:42:33 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Report er\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Repo rter.dll
MOD - [2011/01/28 11:42:33 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Window sFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Int uit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/01/28 11:42:31 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc. Esd.WinClient.Api.Net.dll
MOD - [2011/01/28 11:42:31 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateServicePlugin\3.1.31.0__540d 4816ead86321\Intuit.Spc.Esd.WinClient.Application. UpdateServicePlugin.dll
MOD - [2011/01/28 11:42:31 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateService\1.0.0.0__540d4816ead 86321\Intuit.Spc.Esd.WinClient.Application.UpdateS ervice.dll
MOD - [2011/01/28 11:42:31 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540 d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remotin g.UpdateServiceWorker.dll
MOD - [2011/01/28 11:42:31 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateService.PluginContract\1.0.0 .0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Appl ication.UpdateService.PluginContract.dll
MOD - [2011/01/28 11:42:30 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3 .1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/01/28 11:42:30 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.S pc.Esd.Client.BusinessLogic.dll
MOD - [2011/01/28 11:42:30 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc. Esd.Client.DataAccess.dll
MOD - [2011/01/28 11:42:30 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd. Client.Common.dll
MOD - [2010/02/07 07:13:34 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0. 61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2010/02/07 07:13:33 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Report er\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Repo rter.dll
MOD - [2010/02/07 07:13:33 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Window sFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Int uit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2010/02/07 07:13:32 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateServicePlugin\3.0.335.0__540 d4816ead86321\Intuit.Spc.Esd.WinClient.Application .UpdateServicePlugin.dll
MOD - [2010/02/07 07:13:32 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__54 0d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoti ng.UpdateServiceWorker.dll
MOD - [2010/02/07 07:13:31 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc .Esd.WinClient.Api.Net.dll
MOD - [2010/02/07 07:13:30 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2 .0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2010/02/07 07:13:30 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .BusinessLogic\3.0.335.0__540d4816ead86321\Intuit. Spc.Esd.Client.BusinessLogic.dll
MOD - [2010/02/07 07:13:30 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc .Esd.Client.DataAccess.dll
MOD - [2010/02/07 07:13:30 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd .Client.Common.dll
MOD - [2009/04/12 14:11:13 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Application.UpdateServicePlugin\2.1.72.22__540 d4816ead86321\Intuit.Spc.Esd.WinClient.Application .UpdateServicePlugin.dll
MOD - [2009/04/12 14:11:13 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__54 0d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoti ng.UpdateServiceWorker.dll
MOD - [2009/04/12 14:11:12 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinCli ent.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc .Esd.WinClient.Api.Net.dll
MOD - [2009/04/12 14:11:11 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2 .0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2009/04/12 14:11:11 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .BusinessLogic\2.1.72.22__540d4816ead86321\Intuit. Spc.Esd.Client.BusinessLogic.dll
MOD - [2009/04/12 14:11:11 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc .Esd.Client.DataAccess.dll
MOD - [2009/04/12 14:11:11 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client .Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd .Client.Common.dll
MOD - [2009/01/24 17:42:32 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Window sFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Int uit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2009/01/24 17:42:32 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Report er\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Repo rter.dll
MOD - [2009/01/24 17:38:45 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0. 56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MOD - [2009/01/24 17:38:44 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b4 4e1d426115821\log4net.dll
MOD - [2009/01/24 17:38:42 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundation s.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc .Foundations.Portability.dll
MOD - [2009/01/24 17:38:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundation s.Primary.ExceptionHandling\3.1.2.2__540d4816ead86 321\Intuit.Spc.Foundations.Primary.ExceptionHandli ng.dll
MOD - [2009/01/24 17:38:42 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundation s.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit .Spc.Foundations.Primary.Logging.dll
MOD - [2009/01/24 17:38:41 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundation s.Primary.Config\3.1.2.2__540d4816ead86321\Intuit. Spc.Foundations.Primary.Config.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Unknown | Stopped] -- -- (McMPFSvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2010/08/23 2040 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - [2012/02/03 18:58:09 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 18:58:09 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 15:33:22 | 000,356,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120208.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 18:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/03 18:10:13 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120209.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 18:10:13 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120209.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/06/11 08:01:18 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 17:37:49 | 000,369,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTD I.SYS -- (SYMTDI)
DRV - [2011/03/30 19:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2011/03/30 19:04:12 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2011/03/30 19:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP .SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSP X.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 18:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEF A.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS .SYS -- (SymDS)
DRV - [2010/11/15 17:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx 86.SYS -- (SymIRON)
DRV - [2009/03/25 05:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/29 08:33:27 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/12/21 00:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/16 02:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/16 02:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/05/18 23:44:52 | 003,965,056 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/04/12 11:01:42 | 000,038,016 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucam.sys -- (SUSTUCAM)
DRV - [2006/04/12 08:24:20 | 000,020,096 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sustucau.sys -- (SUSTUCAU)
DRV - [2006/02/22 19:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/22 19:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/03/08 20:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 20:05:30 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/16 13:12:36 | 000,219,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndfcam.sys -- (SNDFCAM)
DRV - [2004/03/16 01:05:06 | 000,018,088 | R--- | M] (HaSoInTech) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SDVC05.sys -- (SDVC05)
DRV - [2003/12/19 01:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/03/21 09:44:46 | 000,038,144 | ---- | M] (Susteen Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CQX.SYS -- (CQX)
DRV - [2003/01/13 10:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing
IE - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK
IE - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=642886&ilc=12"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.nba.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=642886&p="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch _14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EI SB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPl ugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\David\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/08 13:07:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012/02/12 15:39:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\E xt [2011/12/03 06:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/25 07:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 19:49:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\moveplayer@movenetworks.com: C:\Documents and Settings\David\Application Data\Move Networks [2010/11/16 20:31:47 | 000,000,000 | ---D | M]
[2010/10/31 15:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2010/08/07 14:44:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/09/28 05:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\ext ensions
[2009/07/02 18:44:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/06 12:01:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\ext ensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}chrome
[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\sea rchplugins\BearShareWebSearch.xml
[2012/01/10 19:33:48 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\sea rchplugins\icqplugin.xml
[2008/12/12 10:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\sea rchplugins\MySpace.xml
[2011/06/14 06:01:25 | 000,002,468 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\enyzbldm.default\sea rchplugins\safesearch.xml
[2011/12/09 06:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/25 07:04:08 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2012/01/25 07:04:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/12/07 06:36:12 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/25 07:04:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrial Parameter}{google:instantFieldTrialGroupParameter} sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\David\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\
O1 HOSTS File: ([2012/02/11 15:22:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H 1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMC] C:\Program Files\PMC\pmccheck.exe ()
O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004..\Run: [Spotify] "C:\Documents and Settings\David\Application Data\Spotify\Spotify.exe" /uri spotify:autostart File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDesktop = 1
O7 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1409082233-2052111302-725345543-1004\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10...I.cab55579.cab (MSN Games – Matchmaking)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10...t.cab55579.cab (MSN Games – Game Chat)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/bingame/zpagames...o.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} http://secure2.comned.com/signuptemp...ogin-devel.cab (SecureLogin class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductA...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramewor....cab102118.cab (MSN Games - Installer)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} Reg Error: Key error. (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/.../en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10...y.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} http://zone.msn.com/bingame/zpagames...A.cab55579.cab (CheckersZPA Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{46E376AD-7949-4F26-9C01-1C6CFAFF808C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{97003079-8FDD-4DA0-8987-225D7A18CB0B}: DhcpNameServer = 68.87.76.178 68.87.78.130
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/04 1720 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d3245d1d-2652-11e1-90db-0019210f9298}\Shell - "" = AutoRun
O33 - MountPoints2\{d3245d1d-2652-11e1-90db-0019210f9298}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3245d1d-2652-11e1-90db-0019210f9298}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/02/12 15:42:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\David.exe
[2012/02/12 15:42:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2012/02/11 17:58:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/11 17:47:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/11 15:13:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 15:02:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/09 17:59:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\Recent
[2012/02/07 12:58:10 | 000,000,000 | ---D | C] -- C:\VAMPIRES_SUCK_FD
[2012/02/04 19:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\DVD Profiler
[2012/02/04 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\DVD Profiler
[2012/02/04 19:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Profiler
[2012/02/04 19:46:58 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Profiler
[2012/02/04 19:33:02 | 011,281,712 | ---- | C] ( ) -- C:\Documents and Settings\David\My Documents\DVDProSetup.exe
[2012/02/04 13:15:36 | 000,044,024 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2012/02/03 14:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Canon
[2012/02/03 14:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\2012-02-03
[2012/02/03 07:02:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\lide20lide30n670un676un1240uvst7031a_xpe n
[2012/02/03 06:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Tific
[2012/02/03 06:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\Symantec
[2012/01/31 19:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2011
[2012/01/30 14:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\FixItCenter
[2012/01/30 13:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2012/01/30 13:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2012/01/30 06:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OneTouch Software
[2012/01/30 06:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2012/01/30 06:33:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\{95DD20F6-507D-4254-B0C6-D187C2769568}
[2012/01/30 06:32:14 | 000,954,368 | ---- | C] (Black Ice Software, Inc.) -- C:\WINDOWS\System32\Faxcpp32.dll
[2012/01/30 06:32:14 | 000,221,184 | ---- | C] (Black Ice Software, Inc.) -- C:\WINDOWS\System32\Tiff32.dll
[2012/01/30 06:32:14 | 000,118,784 | ---- | C] (Black Ice Software, Inc) -- C:\WINDOWS\System32\Faxmng32.dll
[2012/01/30 06:32:14 | 000,114,688 | ---- | C] (Black Ice Software, Inc.) -- C:\WINDOWS\System32\Tiff.ocx
[2012/01/30 06:32:13 | 000,237,568 | ---- | C] (Black Ice Software, Inc.) -- C:\WINDOWS\System32\Bitmani.dll
[2012/01/30 06:32:13 | 000,167,936 | ---- | C] (Black Ice Software, Inc.) -- C:\WINDOWS\System32\Cp.dll
[2012/01/30 06:32:13 | 000,147,456 | ---- | C] (Black Ice Software) -- C:\WINDOWS\System32\Fax.ocx
[2012/01/30 06:32:13 | 000,073,728 | ---- | C] (BlackIce) -- C:\WINDOWS\System32\CpOcx.ocx
[2012/01/30 06:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\LifeScan
[2012/01/25 06:24:42 | 018,468,272 | ---- | C] (IObit ) -- C:\Documents and Settings\David\My Documents\imf-setup.exe
[2012/01/25 06:20:18 | 003,587,688 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\David\My Documents\ccsetup315.exe
[2007/05/27 21:25:01 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\DCamRes.dll
[2007/05/27 21:25:01 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndfcam.dll
[2007/05/05 13:54:08 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
========== Files - Modified Within 30 Days ==========
[2012/02/12 15:43:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\David.exe
[2012/02/12 15:42:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2012/02/12 15:41:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/12 15:39:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 15:38:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 15:38:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/02/12 15:38:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/11 15:22:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/11 06:00:04 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/02/11 05:59:35 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/09 19:09:34 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 06:07:24 | 000,733,682 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\Cat.D B
[2012/02/06 14:32:20 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\David\My Documents\child support 01.wps
[2012/02/04 19:47:01 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\David\Desktop\DVD Profiler.lnk
[2012/02/04 19:33:15 | 011,281,712 | ---- | M] ( ) -- C:\Documents and Settings\David\My Documents\DVDProSetup.exe
[2012/02/04 18:50:49 | 023,612,512 | ---- | M] () -- C:\Documents and Settings\David\My Documents\My Video Collection.jrprint
[2012/02/04 13:14:31 | 000,407,552 | ---- | M] () -- C:\Documents and Settings\David\My Documents\windows system error.wps
[2012/02/02 13:51:07 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0502000.00D\isola te.ini
[2012/01/31 19:25:27 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/30 14:58:42 | 000,515,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 14:58:42 | 000,093,772 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/27 20:47:53 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Lexus Road Trip Log 02.xlr
[2012/01/27 20:41:59 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Lexus Road Trip Log 01.xlr
[2012/01/27 2033 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Lexus Road Trip Log 00.xlr
[2012/01/27 20:11:32 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\David\My Documents\Lancer Oil Change Log.xlr
[2012/01/26 13:32:07 | 000,281,088 | ---- | M] () -- C:\Documents and Settings\David\My Documents\child support 00.wps
[2012/01/25 06:24:43 | 018,468,272 | ---- | M] (IObit ) -- C:\Documents and Settings\David\My Documents\imf-setup.exe
[2012/01/25 06:20:28 | 003,587,688 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\David\My Documents\ccsetup315.exe
[2012/01/22 10:24:51 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\David\My Documents\kristine grades.wps
[2012/01/22 06:59:02 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\David\My Documents\sites to log in.wps
[2012/01/22 06:58:11 | 000,138,240 | ---- | M] () -- C:\Documents and Settings\David\My Documents\kristine phone suspended.wps
[2012/01/20 14:26:15 | 001,667,072 | ---- | M] () -- C:\Documents and Settings\David\My Documents\FTB 2004 thru 2010.wps
========== Files Created - No Company Name ==========
[2012/02/09 19:09:34 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 14:32:19 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\David\My Documents\child support 01.wps
[2012/02/04 19:47:01 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\David\Desktop\DVD Profiler.lnk
[2012/02/04 13:14:30 | 000,407,552 | ---- | C] () -- C:\Documents and Settings\David\My Documents\windows system error.wps
[2012/01/31 20:22:21 | 000,390,850 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-2052111302-725345543-1004-0.dat
[2012/01/31 20:22:21 | 000,274,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/31 19:11:36 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/30 14:00:21 | 000,000,580 | -H-- | C] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/01/30 14:00:20 | 000,000,616 | -H-- | C] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/01/30 06:32:42 | 000,052,736 | ---- | C] () -- C:\WINDOWS\System32\tiff.oca
[2012/01/30 06:32:42 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2012/01/30 06:32:42 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2012/01/30 06:32:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Image32.dll
[2012/01/30 06:32:14 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Png32.dll
[2012/01/30 06:32:14 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2012/01/30 06:32:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Tga32.dll
[2012/01/30 06:32:14 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Pcx32.dll
[2012/01/30 06:32:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\Twscan32.dll
[2012/01/26 13:32:07 | 000,281,088 | ---- | C] () -- C:\Documents and Settings\David\My Documents\child support 00.wps
[2012/01/22 10:24:51 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\David\My Documents\kristine grades.wps
[2012/01/22 06:58:11 | 000,138,240 | ---- | C] () -- C:\Documents and Settings\David\My Documents\kristine phone suspended.wps
[2012/01/20 14:26:14 | 001,667,072 | ---- | C] () -- C:\Documents and Settings\David\My Documents\FTB 2004 thru 2010.wps
[2011/10/26 12:30:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011/07/26 05:36:21 | 000,025,399 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2011/01/28 12:25:04 | 002,324,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/24 14:19:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/24 14:19:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/24 14:19:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/24 14:19:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/24 14:19:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/29 17:46:36 | 000,000,729 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/01/29 17:46:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/11/28 09:18:43 | 000,061,372 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/01 19:55:55 | 000,116,838 | ---- | C] () -- C:\WINDOWS\hpqins00.dat.temp
[2009/07/03 19:10:25 | 000,116,838 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2008/11/27 11:47:56 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/06/29 11:14:52 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLG13N.INI
[2008/04/16 17:39:09 | 000,130,417 | ---- | C] () -- C:\WINDOWS\hpiins06.dat.temp
[2008/04/16 17:39:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat.temp
[2008/03/29 14:55:32 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2008/03/11 18:18:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\fusioncache.dat
[2008/03/11 12:46:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/01/23 17:42:35 | 000,102,364 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2007/12/22 06:24:54 | 000,130,417 | ---- | C] () -- C:\WINDOWS\hpiins06.dat
[2007/12/22 06:24:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl06.dat
[2007/12/19 06:31:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/12/16 16:15:14 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
[2007/12/16 16:10:18 | 000,044,598 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/16 16:10:18 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/16 16:10:18 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/16 16:10:18 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/16 16:10:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/05 13:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2007/11/20 13:27:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\imageCache7.db
[2007/11/15 18:05:25 | 000,010,902 | ---- | C] () -- C:\WINDOWS\realpage.ini
[2007/10/02 17:12:31 | 000,000,521 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/28 13:15:26 | 000,384,000 | ---- | C] () -- C:\WINDOWS\unwash.exe
[2007/09/02 08:35:33 | 000,000,705 | ---- | C] () -- C:\WINDOWS\csback.exe.lnk
[2007/06/27 13:02:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/27 21:25:01 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\sndfcam.dll
[2007/05/27 21:25:01 | 000,219,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndfcam.sys
[2007/05/27 21:25:01 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndfcam.dll
[2007/05/27 21:25:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsndfcam.exe
[2007/05/27 21:25:01 | 000,015,523 | ---- | C] () -- C:\WINDOWS\sndfcam.ini
[2007/05/13 15:03:11 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/05/13 13:52:17 | 000,113,184 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\audioCache8_UNI.db
[2007/05/06 1138 | 000,001,415 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/06 1113 | 000,009,794 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/05 16:53:31 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\BurnData.bin
[2007/05/05 15:26:50 | 000,227,328 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/05 15:07:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2007/05/05 15:07:13 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2007/05/05 13:27:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/05/05 13:18:44 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2007/05/05 13:18:42 | 000,000,584 | R--- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2007/05/05 13:18:14 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/05/05 07:52:07 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2007/05/05 07:52:07 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2007/05/05 07:52:07 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2007/05/05 07:52:07 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2007/05/05 07:52:06 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2007/05/04 17:23:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/05/04 17:16:22 | 000,023,388 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/05/04 10:04:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/04 10:02:22 | 000,306,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/27 07:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005/02/28 11:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 03:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 03:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/30 08:37:50 | 000,000,092 | R--- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2003/12/19 01:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 00:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 00:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
[2003/03/31 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 04:00:00 | 000,515,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 04:00:00 | 000,093,772 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 04:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/13 1358 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/01 13:43:34 | 000,028,008 | ---- | C] () -- C:\WINDOWS\System32\SUSUSB.SYS
[2001/12/03 15:50:58 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\LTTLS13N.DLL
[2001/12/03 15:50:20 | 000,708,608 | R--- | C] () -- C:\WINDOWS\System32\LTCRY13N.DLL
[2000/07/07 05:49:30 | 000,069,120 | R--- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/04/12 15:28:12 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/04/12 15:24:10 | 000,338,944 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
========== LOP Check ==========
[2012/02/11 15:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2012/02/11 15:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Tific
[2010/10/31 15:33:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BearShare
[2010/12/04 07:33:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/11/28 09:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2011/11/12 09:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/06/11 06:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/06/04 18:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MP3 Remix
[2008/03/09 07:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/09 07:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/03/09 07:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2008/03/09 07:08:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/06/11 06:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2011/11/12 09:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/31 05:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 15:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 09:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/10/31 15:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{E44BF2E3-2CC0-45E3-9CBD-0BD2C4F69F55}
[2009/02/28 07:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Audacity
[2012/02/07 19:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Canon
[2010/02/17 06:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC38 1FDC604DC2AA255FEECEEBBBEE1E5.1
[2010/06/26 18:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847 B240591D2C99B.1
[2008/03/09 07:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Comcast
[2008/12/05 13:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Costco Photo Organizer
[2008/06/09 17:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Costco Photo Viewer US
[2010/09/16 18:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ElevatedDiagnostics
[2011/08/15 16:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Elluminate
[2010/02/13 12:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Human Computing
[2011/10/01 11:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ICQ
[2011/06/16 15:40:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\ID Vault
[2011/11/27 14:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\IObit
[2008/03/09 07:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Leadertech
[2008/03/09 07:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Opera
[2008/06/09 17:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Printer Info Cache
[2009/07/10 13:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Quicken WillMaker
[2011/04/12 05:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\SanDisk
[2008/03/09 07:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Smith Micro
[2008/03/09 07:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Template
[2012/02/03 06:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Tific
[2009/03/02 06:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\WinFF
[2011/06/15 17:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2009/10/09 05:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2012/02/12 15:38:58 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/02/11 06:00:04 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2012/02/12 15:41:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2007/05/04 1720 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/13 08:34:03 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2011/12/29 09:51:14 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2012/02/11 17:58:45 | 000,014,759 | ---- | M] () -- C:\ComboFix.txt
[2007/05/04 1720 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/05/04 1720 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/04 1720 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/27 20:44:54 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/28 08:49:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/12 15:38:48 | 3206,545,408 | -HS- | M] () -- C:\pagefile.sys
[2012/02/11 16:15:52 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/07/21 05:57:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/07/21 17:09:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/07/21 17:11:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/07/22 05:42:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/07/22 18:52:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/07/22 18:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/07/23 05:58:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/07/24 05:54:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/07/24 06:00:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/07/24 17:18:19 | 000,000,232 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/07/24 17:22:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/07/25 14:17:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/07/26 05:43:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/07/26 05:51:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/07/26 06:01:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/07/20 05:39:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/07/20 05:41:10 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/07/20 13:06:21 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/07/20 13:10:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/07/21 05:48:24 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/07/21 05:57:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/07/21 17:09:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/07/21 17:11:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/07/22 05:42:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/07/22 18:52:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/07/22 18:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/07/23 05:58:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/07/24 05:54:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/07/24 06:00:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/07/24 17:18:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/07/24 17:22:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/07/25 14:17:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/07/26 05:43:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/07/26 05:51:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/07/26 06:01:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/07/20 05:39:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/07/20 05:41:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/07/20 13:06:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/07/20 13:10:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/07/21 05:48:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2010/08/27 19:27:13 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2001/05/07 16:14:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\Film Factory.scr
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/08/27 12:05:43 | 004,726,784 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/08/27 1813 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2010/08/27 12:05:43 | 046,215,168 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/08/27 12:05:43 | 008,650,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
< %USERPROFILE%\Desktop\*.exe >
[2012/02/12 15:43:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\David.exe
[2012/02/12 15:42:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
< %PROGRAMFILES%\Common Files\*.* >
[2003/08/27 13:19:18 | 000,036,963 | R--- | M] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
< %systemroot%\*.src >
[2003/04/25 15:35:34 | 000,013,048 | ---- | M] () -- C:\WINDOWS\sndfcam.src
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
[2011/06/13 21:13:08 | 000,000,786 | ---- | M] () -- C:\WINDOWS\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
[2007/05/16 17:28:55 | 000,935,408 | ---- | M] () -- C:\Documents and Settings\David\My Documents\badcopy3.exe
[2012/01/25 06:20:28 | 003,587,688 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\David\My Documents\ccsetup315.exe
[2011/12/27 12:51:55 | 001,284,232 | ---- | M] (Coupons.com Incorporated) -- C:\Documents and Settings\David\My Documents\CouponPrinter.exe
[2012/02/04 19:33:15 | 011,281,712 | ---- | M] ( ) -- C:\Documents and Settings\David\My Documents\DVDProSetup.exe
[2010/08/27 20:38:42 | 000,447,792 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\FixitCenter_Run.exe
[2012/01/25 06:24:43 | 018,468,272 | ---- | M] (IObit ) -- C:\Documents and Settings\David\My Documents\imf-setup.exe
[2010/09/16 18:31:58 | 000,554,256 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\Mats_Run.dvd.exe
[2011/09/13 05:06:23 | 000,423,952 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\David\My Documents\msgr11us.exe
[2011/06/11 06:43:57 | 000,397,848 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\David\My Documents\Norton_Download_Manager.exe
[2011/01/15 07:58:52 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\David\My Documents\PowerPointViewer.exe
[2011/12/24 23:12:42 | 023,803,016 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\David\My Documents\SkypeSetupFull.exe
[2011/12/29 14:46:12 | 000,085,792 | ---- | M] (Spotify Ltd) -- C:\Documents and Settings\David\My Documents\spotify.exe
[2011/10/10 08:28:06 | 003,161,272 | ---- | M] () -- C:\Documents and Settings\David\My Documents\users_guide_25131A.exe
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2007/08/18 16:23:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\David\Favorites\Desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2009/07/17 09:55:36 | 000,300,848 | ---- | M] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
[2012/02/12 15:43:12 | 000,278,528 | -HS- | M] () -- C:\Documents and Settings\David\Cookies\index.dat
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< %SYSTEMROOT%\Installer\*.exe >
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/03/31 04:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 11:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 11:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 14:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2003/03/31 04:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/03/31 04:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/03/31 04:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 11:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 10:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
[1999/09/10 11:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\David\My Documents\My Video Collection.jrprint:�SummaryInformation
< End of report >
OTL Extras logfile created on: 2/12/2012 3:45:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.14% Memory free
4.83 Gb Paging File | 4.16 Gb Available in Paging File | 86.20% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3100 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 156.56 Gb Free Space | 67.23% Space Free | Partition Type: NTFS
Drive D: | 702.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: DAVID | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet
isabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enable d:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{03F1CC67-5BD8-4C36-8394-76311B2AE69A}" = ArcSoft PhotoStudio 5
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{158BC6C5-5950-4FDD-BE33-0294668923F2}" = Samsung DVC Media 5.1
"{1F4BF9EA-847E-44FB-A728-C456116E6CEF}" = InstantShareDevicesMFC
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.3
"{3249FD43-B24B-413F-B786-F8FEA32FA747}" = V CAST Music
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3979740D-41A2-56E4-9064-792DC3845554}" = Zoosk Messenger
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3EF8B5AA-7B82-4945-941D-A6BC24325F00}" = CameraUserGuides
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel(R) Integrated Performance Primitives RTI 4.0
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5AB26994-E210-46FC-B831-06328F3AA7A1}" = Philips FunCam
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C6999B2-1A35-4F2C-8DB7-3CB46B640CC9}" = ConsumerUpdate
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82FEBE5D-61EC-4365-A213-2B278780945E}" = OneTouch Software
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99999999-9999-9999-9999-999999999999}" = HP Photosmart Cameras 9.0
"{9A447261-D079-4165-933F-6B03D3FF356B}" = USB Mini Driver
"{9BD91669-25C9-43CD-9367-BF60591B837B}" = Camedia Master 4.3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}" = Meter Drivers for OneTouch(R) Software
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B28470A5-F73F-432C-8066-05BA652AA5D1}" = Meter Drivers for OneTouch(R) Software
"{B4116BBF-DE38-491e-80E7-CBB9B6F44F30}" = CameraDrivers
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}" = ArcSoft PhotoBase 3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"{DFDA16C4-E45D-4DAC-BAB9-FA0C4D4CD766}" = Photosynth 2.0109.0415.1554
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AVIConverter" = AVIConverter 5.1.0
"BadCopy Pro" = BadCopy Pro
"BearShare" = BearShare
"CCleaner" = CCleaner
"com.zoosk.Desktop.096E6A67431258A508A2446A847B240 591D2C99B.1" = Zoosk Messenger
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"dcmsvc_is1" = dcmsvc 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"Film Factory" = Film Factory
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{9A447261-D079-4165-933F-6B03D3FF356B}" = USB Mini Driver
"InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}" = Meter Drivers for OneTouch(R) Software v1.10.0.0
"InstallShield_{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"LFSVCOMM&10C4&85A7" = LifeScan USB Device Driver vSL2.0 (Driver Removal)
"LG USB Drivers" = LG USB Drivers
"Locked Programs" = Locked Programs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PMC cleaner" = PMC laser lens Cleaner V1.0
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"RealPlayer 15.0" = RealPlayer
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VCast Music Essentials Manager" = V CAST Music Essentials Manager
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0331
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YTdetect" = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1409082233-2052111302-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"DAL Scanner" = DAL Scanner
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/5/2012 12:00:59 AM | Computer Name = DAVID | Source = Application Hang | ID = 1001
Description = Fault bucket -1516118342.
Error - 2/5/2012 12:00:59 AM | Computer Name = DAVID | Source = Application Hang | ID = 1001
Description = Fault bucket -1516118342.
Error - 2/5/2012 12:00:59 AM | Computer Name = DAVID | Source = Application Hang | ID = 1001
Description = Fault bucket -1516118342.
Error - 2/5/2012 12:01:00 AM | Computer Name = DAVID | Source = Application Hang | ID = 1001
Description = Fault bucket -1516118342.
Error - 2/5/2012 12:01:10 AM | Computer Name = DAVID | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.1.2.45, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 2/9/2012 10:11:50 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 2/9/2012 10:12:25 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 2/9/2012 10:13:08 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved
Error - 2/9/2012 10:13:08 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
Error - 2/9/2012 10:13:09 PM | Computer Name = DAVID | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.
[ System Events ]
Error - 2/11/2012 11:48:51 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends on the following
nonexistent service: MfeFire
Error - 2/11/2012 11:49:01 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp Lbd sdpiosys
Error - 2/11/2012 11:54:17 PM | Computer Name = DAVID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/11/2012 11:55:21 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends on the following
nonexistent service: MfeFire
Error - 2/11/2012 11:55:21 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 BHDrvx86 cdudf_xp Cinemsup eeCtrl Fips intelppm Lbd sdpiosys SRTSPX SymIRON SYMTDI
Error - 2/12/2012 12:45:35 AM | Computer Name = DAVID | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/12/2012 7:39:03 PM | Computer Name = DAVID | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}.
The
error: "%193" Happened while starting this command: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
-Embedding
Error - 2/12/2012 7:39:12 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058
Error - 2/12/2012 7:39:12 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends on the following
nonexistent service: MfeFire
Error - 2/12/2012 7:39:19 PM | Computer Name = DAVID | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp Lbd sdpiosys
< End of report >
-
Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.
-
unhide helped my icons are back on my desktop but not on the start menu> I redid the unhide as per the intrctions in unhide but start menu still has no icons. PC is runnign good! OH and how do I do the add ons in internet explorer.
Thank yo so much
Newbie
