Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1st: "denied write access to the Host file..." HJT log


  • This topic is locked This topic is locked
43 replies to this topic

#1 MassagePS

MassagePS

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 29 January 2010 - 12:32 AM

1st time posting on this forum so forgive me if I am uninformed about certain things! (Great grandmother from Palm Springs)

I would just like someone to look over my HJT to make sure I don't have anything lurking around there. I haven't checked it for a very long time but I have been having massive flickering on every stroke (even while I type right now) After searching some, I read that flickering might be from recently MS downloads for ? (something?) I have had automatic downloads I do believe, so I might have downloaded something to do with drivers, card? Could it be that? I tried some time ago (before all this flickering) to change something about the resolution and messed it up, so was a tad fearful in doing anything in that area again by myself. For your instructions, could you be so kind and to direct me how to get back to this forum (or send me a link if at all possible)

When I did run the HJT log, I did get a screen that came up and said:

"For some reason your system denied write access to the Host file. If any hijacked domains are in this file, HJT may not be able to fix this. You will need to edit the file yourself."

I know you are all busy, and I don't want to add to your jobs, but would you please kindly look at my HJT log and see if there is anything in there that is not right? I want to thank you in advance for all the help I have seen posted here and the person who requests organ donation in lew of funds is probably one special individual. (Most people don't realize the dire importance of this..)

I have downloaded and run Malwarbytes, Sypbot (S&D) I do have AVG, CCleaner, on this Vista PC (and a firewall with the router?) I have also run erunt, and gmer (but that one asked me for a name and password (?) so couldn't go further) Thanking you in advance: Please let me know if there is anything I can do to help you. I am at your service.
AK in Palm Springs, CA.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:46 PM, on 1/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil9g.exe
C:\Program Files (x86)\HP\Photosmart Essential\HP_IZE.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8428 bytes

Many thanks; Please let me know at your convenience if there is anything else I should run and I will be patiently waiting and look ing in my email for your response, and once again, I am grateful.

PS: Great grandmother from Palm Springs here to add this to my origninal post:


When I first ran the Malwarebytes on the short scan, it was clear.

I ran a complete scan and it came up with "Malware.Trace" and "Trojan.Agent"


Merged posts. ~ OB

Edited by Orange Blossom, 03 February 2010 - 05:01 PM.

Once saved; always saved.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 AM

Posted 06 February 2010 - 07:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted logs, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  1. Click on the My Controls link at the top of the page to enter your control panel.
  2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 09 February 2010 - 04:48 AM

Hi garmanma,

Many thanks for your reply; it is 2am here in palms prings, ca so I won't be long. I ran one log (i thingk the dds) and am sending you that now. I am too tired to do the rest so if its al ight with you I will do the rest tomorrow and send them you way. I remember that there is something that went wrong with the EMR (or whatever that is!) It seemed I got a pop saying it could not run (64?) I will also need some help in some other things, but I will have to finish this tomorrow and I want to thank you very much for taking the time in reading my post and helping me. I am grateful for people like you.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Larry at 1:22:26.53 on Tue 02/09/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3964.2124 [GMT -8:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\hp\kbd\kbd.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\Explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft Works\WksWP.exe
C:\PROGRA~2\MICROS~1\WkDStore.exe
C:\PROGRA~2\MICROS~1\wkgdcach.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Larry\Desktop\dds2.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\syswow64\blank.htm
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files

(x86)\avg\avg8\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!

\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files (x86)

\keyscrambler\KeyScramblerIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9

\avgssie.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files (x86)\aol

toolbar\aoltb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~2

\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~2\common~1

\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)

\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)

\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)

\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)

\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files

(x86)\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!

\companion\installs\cpn\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google

toolbar\GoogleToolbar.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files (x86)\aol toolbar\aoltb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ccleaner] "c:\program files (x86)\ccleaner\CCleaner.exe" /AUTO
uRun: [Uniblue ProcessQuickLink 2] "c:\program files (x86)\uniblue\processquicklink 2

\ProcessQuickLink2.exe" /autostart
uRun: [AnyDVD] c:\program files (x86)\slysoft\anydvd\AnyDVDtray.exe
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files (x86)\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [<NO NAME>] OSK.exe
dRunOnce: [KeyScrambler] c:\program files (x86)\keyscrambler\getting_started.html
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files

(x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files

(x86)\mcafee security scan\1.0.150\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files

(x86)\java\jre1.6.0_01\bin\ssv.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files

(x86)\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2

\spybot~2\SDHelper.dll
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-

windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-

windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files (x86)\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9

\avgpp.dll
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)

\superantispyware\SASSEH.DLL
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files (x86)

\keyscrambler\x64\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9

\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program

files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB-X64: AOL Toolbar: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc64.dll,nvsvcStart
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health

check\HPHC_Scheduler.exe
AppInit_DLLs-X64: avgrssta.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-11-29

422920]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys

[2009-11-29 34248]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-11-29 470024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2009-11-29 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2009-11-29 285392]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search &

destroy\SDWinSec.exe [2009-1-2 1125208]
R3 CAXHWBS3;CAXHWBS3;c:\windows\system32\drivers\CAXHWBS3.sys [2008-5-6 286208]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-12-3 129384]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\sasdifsv.sys [2009-3-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN

v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-7-16 93184]
S3 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\symantec\defini~1

\symcdata\ipsdefs\20071204.002\IDSvia64.sys [2008-5-6 251952]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 Symantec Core LC;Symantec Core LC;c:\progra~2\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-5-6

1245064]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-02-08 09:18:35 0 d-----w- c:\users\larry\appdata\roaming\Usenet.nl
2010-02-08 09:18:18 0 d-----w- c:\program files (x86)\Usenet.nl
2010-02-06 16:28:29 0 d-----w- C:\ee948db245f17756b8f32085b1e09a
2010-02-06 16:16:37 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-02-06 16:15:15 0 d-----w- c:\program files (x86)\common files\Wise Installation

Wizard
2010-02-06 15:31:35 65536 --sha-w- c:\users\larry\ntuser.dat{9bed25fa-1330-11df-b261-

b6f5ed501b0b}.TM.blf
2010-02-06 15:31:35 524288 --sha-w- c:\users\larry\ntuser.dat{9bed25fa-1330-11df-b261-

b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
2010-02-06 15:31:35 524288 --sha-w- c:\users\larry\ntuser.dat{9bed25fa-1330-11df-b261-

b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
2010-02-06 14:18:05 0 d-----w- C:\c69f613032c2596802d69d920092d2
2010-02-06 14:16:59 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-02-06 14:16:59 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-02-06 14:16:59 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-02-06 14:16:59 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2010-02-06 14:16:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-02-06 14:16:47 189440 ----a-w- c:\windows\system32\t2embed.dll
2010-02-06 14:16:47 156672 ----a-w- c:\windows\syswow64\t2embed.dll
2010-02-06 14:16:46 96256 ----a-w- c:\windows\system32\fontsub.dll
2010-02-06 14:16:46 72704 ----a-w- c:\windows\syswow64\fontsub.dll
2010-02-06 13:02:01 0 d-----w- c:\program files (x86)\AddThis Toolbar
2010-02-05 06:22:42 0 d-----w- c:\windows\pss
2010-02-05 03:16:27 0 d-----w-

c:\users\larry\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-01-27 06:23:46 0 d-----w- c:\users\larry\appdata\roaming\WinBatch
2010-01-19 01:00:26 0 d-----w- c:\users\larry\appdata\roaming\G-Lock Software
2010-01-19 01:00:26 0 d-----w- c:\program files (x86)\G-Lock Software
2010-01-18 05:13:29 0 d-----w- c:\users\larry\appdata\roaming\Uniblue
2010-01-18 04:34:56 0 d-sh--w- c:\windows\syswow64\%APPDATA%
2010-01-14 08:55:13 0 d-----w- c:\programdata\McAfee
2010-01-12 08:55:12 0 d-----w- c:\programdata\McAfee Security Scan
2010-01-12 08:55:10 0 d-----w- c:\program files (x86)\McAfee Security Scan
2010-01-12 08:54:40 0 d-----w- c:\programdata\NOS
2010-01-12 07:22:06 0 d-----w- c:\program files (x86)\DivXCodec

==================== Find3M ====================

2010-02-09 05:47:07 22704 ----a-w- c:\users\larry\appdata\roaming\wklnhst.dat
2010-01-18 03:58:52 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-18 03:58:51 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-17 06:22:14 130923 ----a-w- c:\windows\hpoins18.dat
2010-01-05 20:20:14 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-02 07:08:29 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 07:03:21 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-01-02 06:38:04 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2010-01-02 06:36:10 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-01-02 06:33:34 5942784 ----a-w- c:\windows\syswow64\mshtml.dll
2010-01-02 06:33:32 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-01-02 06:33:32 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-01-02 06:32:51 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-01-02 06:32:33 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-01-02 06:32:33 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-01-02 06:32:32 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-01-02 06:32:32 11070464 ----a-w- c:\windows\syswow64\ieframe.dll
2010-01-02 06:32:26 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-01-02 05:25:39 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-02 04:57:00 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-01-02 04:56:50 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-01-02 04:56:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-11-29 09:38:44 12464 ----a-w- c:\windows\system32\avgrssta.dll
2008-10-26 22:31:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-08 10:52:11 245760 --sha-w-

c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-11 06:45:00 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 1:23:00.51 ===============

When I ran HJT pop up said for some reason your system denied write access to the host file; if hijacked domains are in this file, HJT may not be able to fix; you need to edit the file yourself.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:46 PM, on 1/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil9g.exe
C:\Program Files (x86)\HP\Photosmart Essential\HP_IZE.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 8428 bytes


Many thanks again; can't go further; they are doing maintenance now and can't continue.
Will contact you tomorrow; have a wonderful day!
Aleta busy.gif
Attachments

Once saved; always saved.


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:46 PM

Posted 10 February 2010 - 12:18 AM

Hello, MassagePS
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 10 February 2010 - 12:52 PM

Hi Tom,
I want to thank you for your kindness and for helping me. If I have done anything wrong or in the wrong order, please be patient and forgive me; I will try to do my best.

I'm sure something is going on asthere were many people complainting about mail I had sent them from an email screen name i havn't used in oveer a year!
I hope I did this right; at the end of this I am enclosing the copy of another windows I saw open that I did (disregard it if it's not important!) =) Aleta


OTL logfile created on: 2/10/2010 9:18:26 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 344.76 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.06 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
PRC - [2010/02/09 01:58:21 | 000,293,376 | R--- | M] () -- C:\Users\Larry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
PRC - [2009/12/31 08:27:27 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/11/29 01:38:28 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/02 23:00:34 | 000,279,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/27 16:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/03/23 14:07:24 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 11:29:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/02 08:50:28 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/20 06:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
PRC - [2007/06/20 06:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkDStore.exe
PRC - [2007/06/20 06:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/02/02 07:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 18:52:05 | 000,521,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 07:04:59 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/11 19:49:12 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/06 16:49:34 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/14 17:31:38 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/12/04 16:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/01/16 21:19:45 | 000,291,249 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10030 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O24 - Desktop BackupWallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell - "" = AutoRun
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell\AutoRun\command - "" = J:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Ntmssvc - C:\Windows\SysNative\ntmssvc.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/10 09:17:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:26:57 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\DDS
[2010/02/08 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Usenet.nl
[2010/02/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/02/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2010/02/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\RECIPES FOR SPA PRODUCTS
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- C:\ee948db245f17756b8f32085b1e09a
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- \ee948db245f17756b8f32085b1e09a
[2010/02/06 08:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/06 08:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- C:\c69f613032c2596802d69d920092d2
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- \c69f613032c2596802d69d920092d2
[2010/02/06 05:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddThis Toolbar
[2010/02/04 22:22:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/04 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\SSI
[2010/01/31 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Resume
[2010/01/28 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT logs
[2010/01/27 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

========== Files - Modified Within 14 Days ==========

[2010/02/10 09:19:27 | 006,291,456 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/10 08:42:51 | 055,395,969 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/02/09 01:22:18 | 000,524,288 | ---- | M] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 21:47:07 | 000,022,704 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/02/08 21:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 01:18:19 | 000,001,730 | ---- | M] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 22:47:16 | 000,695,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/07 22:47:16 | 000,597,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/07 22:47:16 | 000,102,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/07 22:41:32 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/07 22:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/07 22:40:29 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 22:37:16 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 22:37:16 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/07 22:37:13 | 001,821,017 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/02/07 10:21:50 | 000,018,944 | ---- | M] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:16:40 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:48 | 000,001,930 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:23:25 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:23:25 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2010/02/06 07:05:02 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/02/06 00:58:17 | 000,000,036 | ---- | M] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 22:21:52 | 000,026,112 | ---- | M] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/02/04 11:33:53 | 000,969,216 | ---- | M] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:03:14 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\question on ssi.wps

========== Files Created - No Company Name ==========

[2010/02/09 01:22:03 | 000,524,288 | ---- | C] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | C] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | C] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:16:40 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:31 | 000,001,930 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () --
[2010/02/06 06:17:04 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/06 06:17:03 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/06 06:17:02 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/06 06:17:02 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/06 06:17:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/06 06:17:01 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/06 06:17:01 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/06 06:17:01 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/06 06:17:00 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/02/06 06:17:00 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/06 06:17:00 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/06 06:17:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/02/06 06:17:00 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/02/06 06:17:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/06 06:16:59 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/06 06:16:59 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/02/06 06:16:59 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/02/06 06:16:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/02/06 06:16:59 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/06 06:16:47 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/06 06:16:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/06 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 18:06:55 | 000,000,125 | ---- | C] () -- \FINIS_IT.TXT
[2010/02/04 11:22:06 | 000,969,216 | ---- | C] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:02:03 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/31 19:19:51 | 000,026,112 | ---- | C] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2009/08/14 22:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/04/04 23:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 16:11:27 | 000,000,680 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/01/23 01:03:56 | 000,000,606 | ---- | C] () -- \updatedatfix.log
[2008/12/31 15:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 15:16:32 | 000,022,704 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 16:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/05/06 17:09:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/05/06 17:09:46 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/06 16:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 16:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/06 16:11:49 | 176,435,199 | -HS- | C] () --
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== LOP Check ==========

[2009/11/29 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG9
[2010/02/04 19:16:27 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/18 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/01/17 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2009/08/14 22:55:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2009/06/19 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/10 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2010/01/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/02/10 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/01/26 22:23:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/02/07 22:37:25 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job

========== Purity Check ==========



========== Custom Scans ==========


< 4.Under the Custom Scan box paste this in >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >____________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2008 6:47:54 AM
System Uptime: 2/8/2010 8:35:37 AM (17 hours ago)

Motherboard: FOXCONN | | Napa
Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 455 GiB total, 345.554 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.045 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP595: 1/20/2010 7:00:02 PM - Windows Backup
RP596: 1/22/2010 5:36:43 PM - Windows Backup
RP597: 1/22/2010 7:00:01 PM - Windows Backup
RP598: 1/23/2010 7:00:01 PM - Windows Backup
RP599: 1/24/2010 7:00:01 PM - Windows Backup
RP600: 1/25/2010 6:19:50 PM - Windows Backup
RP601: 1/25/2010 7:00:00 PM - Windows Backup
RP602: 1/26/2010 8:09:43 AM - Scheduled Checkpoint
RP603: 1/26/2010 9:24:20 AM - Avg8 Update
RP604: 1/26/2010 7:00:07 PM - Windows Backup
RP605: 1/26/2010 10:30:13 PM - Device Driver Package Install: NVIDIA Display adapters
RP606: 1/27/2010 7:00:01 PM - Windows Backup
RP607: 1/28/2010 12:21:23 AM - Installed Adobe Reader 9.3.
RP608: 1/28/2010 7:10:13 PM - Windows Backup
RP609: 1/31/2010 11:53:59 AM - Windows Backup
RP610: 1/31/2010 7:00:01 PM - Windows Backup
RP611: 2/1/2010 7:02:12 AM - Scheduled Checkpoint
RP612: 2/1/2010 7:02:36 PM - Windows Backup
RP613: 2/2/2010 7:02:31 PM - Windows Backup
RP614: 2/2/2010 7:57:45 PM - Windows Update
RP615: 2/3/2010 7:02:37 PM - Windows Backup
RP616: 2/4/2010 7:00:10 PM - Windows Backup
RP617: 2/4/2010 7:00:45 PM - Windows Update
RP618: 2/6/2010 6:17:11 AM - Windows Update
RP619: 2/6/2010 7:53:50 AM - Avg8 Update
RP620: 2/6/2010 7:57:50 AM - Windows Backup
RP621: 2/6/2010 8:15:37 AM - Installed SUPERAntiSpyware Free Edition
RP622: 2/6/2010 8:26:31 AM - Windows Update
RP623: 2/6/2010 2:58:23 PM - Windows Update
RP624: 2/6/2010 4:10:17 PM - Removed Adobe Reader 9.2.
RP625: 2/6/2010 4:21:32 PM - Removed Adobe Reader 9.2.
RP626: 2/6/2010 4:29:34 PM - Windows Backup
RP627: 2/6/2010 7:00:01 PM - Windows Backup
RP628: 2/6/2010 7:08:00 PM - Removed Adobe Reader 9.2.
RP629: 2/8/2010 6:04:19 AM - Scheduled Checkpoint

==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnyDVD
AOL Toolbar
AVG Free 9.0
BufferChm
C6100
c6100_Help
CCleaner
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
Defraggler (remove only)
Destinations
DeviceManagementQFolder
DivX 4.12 Codec
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fast Blog Finder 3
Fax
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential
HP Picasso Media Center Add-In
HP Print Diagnostic Utility
HP Product Assistant
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
HPTCSSetup
Java™ SE Runtime Environment 6 Update 1
KeyScrambler
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Power2Go
Python 2.5
Realtek High Definition Audio Driver
Scan
Security Task Manager 1.7h
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
TurboTax Deluxe 2007
Uniblue ProcessQuickLink 2
Uniblue ProcessScanner
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Usenet.nl
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
WinSnap
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/6/2010 8:18:02 AM, Error: Service Control Manager [7000] - The SASENUM service failed to

start due to the following error: This driver has been blocked from loading
2/6/2010 8:18:02 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)

\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this

system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASKUTIL service failed to

start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to

start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)

\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this

system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)

\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this

system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 7:41:12 AM, Error: Service Control Manager [7034] - The XAudioService service

terminated unexpectedly. It has done this 1 time(s).
2/6/2010 7:36:38 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed

Transaction Coordinator service hung on starting.
2/6/2010 7:31:41 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to

share printer hp officejet 6100 series with shared resource name hp officejet 6100 series. Error

2114. The printer cannot be used by others on the network.
2/6/2010 7:12:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/6/2010 7:09:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68

-F52A-11D8-B9A5-505054503030}
2/6/2010 7:04:28 AM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC ElbyCDIO kl1 NetBIOS

netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on

the Network Store Interface Service service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector

Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start

because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebClient service depends on

the WebDav Client Redirector Driver service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service

depends on the Ancilliary Function Driver for Winsock service which failed to start because of

the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and

Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start

because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service

depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of

the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service

depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of

the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Store Interface

Service service depends on the NSI proxy service service which failed to start because of the

following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness

service depends on the Network Store Interface Service service which failed to start because of

the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network List Service service

depends on the Network Location Awareness service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on

the Network Store Interface Service service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on

the NetIO Legacy TDI Support Driver service which failed to start because of the following

error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on

the Ancilliary Function Driver for Winsock service which failed to start because of the

following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Computer Browser service

depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
2/6/2010 7:04:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F

-AC08-4F1F-BEB7-5C22C517CE39}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service netprofm with arguments "" in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-

2166-11D1-B1D0-00805FC1270E}
2/6/2010 7:03:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335

-FE2A-4927-A040-7C35AD3180EF}
2/6/2010 7:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
2/6/2010 7:03:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
2/6/2010 7:03:37 AM, Error: EventLog [6008] - The previous system shutdown at 6:58:07 AM on

2/6/2010 was unexpected.
2/6/2010 5:43:26 PM, Error: Service Control Manager [7031] - The Windows Installer service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be

taken in 120000 milliseconds: Restart the service.
2/6/2010 2:54:40 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: SASDIFSV SASKUTIL
2/5/2010 4:16:08 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: SASKUTIL
2/5/2010 4:16:06 PM, Error: Service Control Manager [7001] - The Windows Audio service depends

on the Windows Audio Endpoint Builder service which failed to start because of the following

error: The service cannot be started, either because it is disabled or because it has no

enabled devices associated with it
==== End Of File =========================== see below
There was a window i had open about being asked to run a GMER or something like that and telling me i had to diable something (didn't know if you needed that information or not so I encluded it below, anyway!)

We need to see some information about what is happening in your machine. Please perform the following scan:
•Download DDS by sUBs from one of the following links. Save it to your desktop.
◦DDS.scr◦DDS.pif•Double click on the DDS icon, allow it to run.
•A small box will open, with an explaination about the tool. No input is needed, the scan is running.
•Notepad will open with the results.
•Follow the instructions that pop up for posting the results.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice;


OK Let me know if i need to download the DDS or GMER, etc for you; I will be awaiting your kind response and I want to say thank you again for helping me.
Aleta


Hi Tom,
I want to thank you for your kindness and for helping me. If I have done anything wrong or in the wrong order, please be patient and forgive me; I will try to do my best.

I'm sure something is going on asthere were many people complainting about mail I had sent them from an email screen name i havn't used in oveer a year!
I hope I did this right; at the end of this I am enclosing the copy of another windows I saw open that I did (disregard it if it's not important!) =) Aleta


OTL logfile created on: 2/10/2010 9:18:26 AM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 344.76 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.06 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
PRC - [2010/02/09 01:58:21 | 000,293,376 | R--- | M] () -- C:\Users\Larry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
PRC - [2009/12/31 08:27:27 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/11/29 01:38:28 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/02 23:00:34 | 000,279,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/27 16:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/03/23 14:07:24 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 11:29:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/02 08:50:28 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/20 06:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
PRC - [2007/06/20 06:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkDStore.exe
PRC - [2007/06/20 06:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/02/02 07:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 18:52:05 | 000,521,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 07:04:59 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/11 19:49:12 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/06 16:49:34 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/14 17:31:38 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/12/04 16:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/01/16 21:19:45 | 000,291,249 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10030 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O24 - Desktop BackupWallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell - "" = AutoRun
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell\AutoRun\command - "" = J:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Ntmssvc - C:\Windows\SysNative\ntmssvc.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/10 09:17:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:26:57 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\DDS
[2010/02/08 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Usenet.nl
[2010/02/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/02/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2010/02/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\RECIPES FOR SPA PRODUCTS
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- C:\ee948db245f17756b8f32085b1e09a
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- \ee948db245f17756b8f32085b1e09a
[2010/02/06 08:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/06 08:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- C:\c69f613032c2596802d69d920092d2
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- \c69f613032c2596802d69d920092d2
[2010/02/06 05:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddThis Toolbar
[2010/02/04 22:22:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/04 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\SSI
[2010/01/31 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Resume
[2010/01/28 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT logs
[2010/01/27 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

========== Files - Modified Within 14 Days ==========

[2010/02/10 09:19:27 | 006,291,456 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/10 08:42:51 | 055,395,969 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/02/09 01:22:18 | 000,524,288 | ---- | M] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 21:47:07 | 000,022,704 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/02/08 21:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 01:18:19 | 000,001,730 | ---- | M] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 22:47:16 | 000,695,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/07 22:47:16 | 000,597,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/07 22:47:16 | 000,102,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/07 22:41:32 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/07 22:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/07 22:40:29 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 22:37:16 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 22:37:16 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/07 22:37:13 | 001,821,017 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/02/07 10:21:50 | 000,018,944 | ---- | M] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:16:40 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:48 | 000,001,930 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:23:25 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:23:25 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2010/02/06 07:05:02 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/02/06 00:58:17 | 000,000,036 | ---- | M] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 22:21:52 | 000,026,112 | ---- | M] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/02/04 11:33:53 | 000,969,216 | ---- | M] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:03:14 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\question on ssi.wps

========== Files Created - No Company Name ==========

[2010/02/09 01:22:03 | 000,524,288 | ---- | C] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | C] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | C] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:16:40 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:31 | 000,001,930 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () --
[2010/02/06 06:17:04 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/06 06:17:03 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/06 06:17:02 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/06 06:17:02 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/06 06:17:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/06 06:17:01 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/06 06:17:01 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/06 06:17:01 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/06 06:17:00 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/02/06 06:17:00 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/06 06:17:00 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/06 06:17:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/02/06 06:17:00 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/02/06 06:17:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/06 06:16:59 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/06 06:16:59 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/02/06 06:16:59 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/02/06 06:16:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/02/06 06:16:59 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/06 06:16:47 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/06 06:16:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/06 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 18:06:55 | 000,000,125 | ---- | C] () -- \FINIS_IT.TXT
[2010/02/04 11:22:06 | 000,969,216 | ---- | C] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:02:03 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/31 19:19:51 | 000,026,112 | ---- | C] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2009/08/14 22:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/04/04 23:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 16:11:27 | 000,000,680 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/01/23 01:03:56 | 000,000,606 | ---- | C] () -- \updatedatfix.log
[2008/12/31 15:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 15:16:32 | 000,022,704 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 16:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/05/06 17:09:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/05/06 17:09:46 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/06 16:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 16:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/06 16:11:49 | 176,435,199 | -HS- | C] () --
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== LOP Check ==========

[2009/11/29 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG9
[2010/02/04 19:16:27 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/18 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/01/17 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2009/08/14 22:55:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2009/06/19 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/10 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2010/01/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/02/10 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/01/26 22:23:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/02/07 22:37:25 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job

========== Purity Check ==========



========== Custom Scans ==========


< 4.Under the Custom Scan box paste this in >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >____________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2008 6:47:54 AM
System Uptime: 2/8/2010 8:35:37 AM (17 hours ago)

Motherboard: FOXCONN | | Napa
Processor: Intel® Pentium® Dual CPU E2220 @ 2.40GHz | Socket 775 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 455 GiB total, 345.554 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.045 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP595: 1/20/2010 7:00:02 PM - Windows Backup
RP596: 1/22/2010 5:36:43 PM - Windows Backup
RP597: 1/22/2010 7:00:01 PM - Windows Backup
RP598: 1/23/2010 7:00:01 PM - Windows Backup
RP599: 1/24/2010 7:00:01 PM - Windows Backup
RP600: 1/25/2010 6:19:50 PM - Windows Backup
RP601: 1/25/2010 7:00:00 PM - Windows Backup
RP602: 1/26/2010 8:09:43 AM - Scheduled Checkpoint
RP603: 1/26/2010 9:24:20 AM - Avg8 Update
RP604: 1/26/2010 7:00:07 PM - Windows Backup
RP605: 1/26/2010 10:30:13 PM - Device Driver Package Install: NVIDIA Display adapters
RP606: 1/27/2010 7:00:01 PM - Windows Backup
RP607: 1/28/2010 12:21:23 AM - Installed Adobe Reader 9.3.
RP608: 1/28/2010 7:10:13 PM - Windows Backup
RP609: 1/31/2010 11:53:59 AM - Windows Backup
RP610: 1/31/2010 7:00:01 PM - Windows Backup
RP611: 2/1/2010 7:02:12 AM - Scheduled Checkpoint
RP612: 2/1/2010 7:02:36 PM - Windows Backup
RP613: 2/2/2010 7:02:31 PM - Windows Backup
RP614: 2/2/2010 7:57:45 PM - Windows Update
RP615: 2/3/2010 7:02:37 PM - Windows Backup
RP616: 2/4/2010 7:00:10 PM - Windows Backup
RP617: 2/4/2010 7:00:45 PM - Windows Update
RP618: 2/6/2010 6:17:11 AM - Windows Update
RP619: 2/6/2010 7:53:50 AM - Avg8 Update
RP620: 2/6/2010 7:57:50 AM - Windows Backup
RP621: 2/6/2010 8:15:37 AM - Installed SUPERAntiSpyware Free Edition
RP622: 2/6/2010 8:26:31 AM - Windows Update
RP623: 2/6/2010 2:58:23 PM - Windows Update
RP624: 2/6/2010 4:10:17 PM - Removed Adobe Reader 9.2.
RP625: 2/6/2010 4:21:32 PM - Removed Adobe Reader 9.2.
RP626: 2/6/2010 4:29:34 PM - Windows Backup
RP627: 2/6/2010 7:00:01 PM - Windows Backup
RP628: 2/6/2010 7:08:00 PM - Removed Adobe Reader 9.2.
RP629: 2/8/2010 6:04:19 AM - Scheduled Checkpoint

==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.2
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AnswerWorks 4.0 Runtime - English
AnyDVD
AOL Toolbar
AVG Free 9.0
BufferChm
C6100
c6100_Help
CCleaner
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
Defraggler (remove only)
Destinations
DeviceManagementQFolder
DivX 4.12 Codec
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
eSupportQFolder
Fast Blog Finder 3
Fax
Google Toolbar for Internet Explorer
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Photosmart Essential
HP Picasso Media Center Add-In
HP Print Diagnostic Utility
HP Product Assistant
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
HPTCSSetup
Java™ SE Runtime Environment 6 Update 1
KeyScrambler
LabelPrint
LightScribe System Software 1.12.37.1
LightScribeTemplateLabeler
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
Power2Go
Python 2.5
Realtek High Definition Audio Driver
Scan
Security Task Manager 1.7h
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
TurboTax Deluxe 2007
Uniblue ProcessQuickLink 2
Uniblue ProcessScanner
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Usenet.nl
Visual C++ 8.0 Runtime Setup Package (x64)
WebReg
Windows Installer Clean Up
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
WinSnap
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/6/2010 8:18:02 AM, Error: Service Control Manager [7000] - The SASENUM service failed to

start due to the following error: This driver has been blocked from loading
2/6/2010 8:18:02 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)

\SUPERAntiSpyware\SASENUM.SYS has been blocked from loading due to incompatibility with this

system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASKUTIL service failed to

start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to

start due to the following error: This driver has been blocked from loading
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)

\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this

system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 8:17:39 AM, Error: Application Popup [1060] - \??\C:\Program Files (x86)

\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this

system. Please contact your software vendor for a compatible version of the driver.
2/6/2010 7:41:12 AM, Error: Service Control Manager [7034] - The XAudioService service

terminated unexpectedly. It has done this 1 time(s).
2/6/2010 7:36:38 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed

Transaction Coordinator service hung on starting.
2/6/2010 7:31:41 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to

share printer hp officejet 6100 series with shared resource name hp officejet 6100 series. Error

2114. The printer cannot be used by others on the network.
2/6/2010 7:12:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/6/2010 7:09:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68

-F52A-11D8-B9A5-505054503030}
2/6/2010 7:04:28 AM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: AFD AvgLdx64 AvgMfx64 AvgTdiA DfsC ElbyCDIO kl1 NetBIOS

netbt nsiproxy PSched RasAcd rdbss SASKUTIL Smb spldr tdx Wanarpv6
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Workstation service depends on

the Network Store Interface Service service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector

Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start

because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The WebClient service depends on

the WebDav Client Redirector Driver service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service

depends on the Ancilliary Function Driver for Winsock service which failed to start because of

the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and

Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start

because of the following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service

depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of

the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service

depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of

the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Store Interface

Service service depends on the NSI proxy service service which failed to start because of the

following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network Location Awareness

service depends on the Network Store Interface Service service which failed to start because of

the following error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Network List Service service

depends on the Network Location Awareness service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The IP Helper service depends on

the Network Store Interface Service service which failed to start because of the following

error: The dependency service or group failed to start.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DNS Client service depends on

the NetIO Legacy TDI Support Driver service which failed to start because of the following

error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on

the Ancilliary Function Driver for Winsock service which failed to start because of the

following error: A device attached to the system is not functioning.
2/6/2010 7:04:28 AM, Error: Service Control Manager [7001] - The Computer Browser service

depends on the Server service which failed to start because of the following error: The

dependency service or group failed to start.
2/6/2010 7:04:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F

-AC08-4F1F-BEB7-5C22C517CE39}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service netprofm with arguments "" in order to run the server:

{A47979D2-C419-11D9-A5B4-001185AD2B89}
2/6/2010 7:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-

2166-11D1-B1D0-00805FC1270E}
2/6/2010 7:03:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068"

attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335

-FE2A-4927-A040-7C35AD3180EF}
2/6/2010 7:03:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
2/6/2010 7:03:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084"

attempting to start the service ShellHWDetection with arguments "" in order to run the server:

{DD522ACC-F821-461A-A407-50B198B896DC}
2/6/2010 7:03:37 AM, Error: EventLog [6008] - The previous system shutdown at 6:58:07 AM on

2/6/2010 was unexpected.
2/6/2010 5:43:26 PM, Error: Service Control Manager [7031] - The Windows Installer service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will be

taken in 120000 milliseconds: Restart the service.
2/6/2010 2:54:40 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: SASDIFSV SASKUTIL
2/5/2010 4:16:08 PM, Error: Service Control Manager [7026] - The following boot-start or

system-start driver(s) failed to load: SASKUTIL
2/5/2010 4:16:06 PM, Error: Service Control Manager [7001] - The Windows Audio service depends

on the Windows Audio Endpoint Builder service which failed to start because of the following

error: The service cannot be started, either because it is disabled or because it has no

enabled devices associated with it
==== End Of File =========================== see below
There was a window i had open about being asked to run a GMER or something like that and telling me i had to diable something (didn't know if you needed that information or not so I encluded it below, anyway!)

We need to see some information about what is happening in your machine. Please perform the following scan:
•Download DDS by sUBs from one of the following links. Save it to your desktop.
◦DDS.scr◦DDS.pif•Double click on the DDS icon, allow it to run.
•A small box will open, with an explaination about the tool. No input is needed, the scan is running.
•Notepad will open with the results.
•Follow the instructions that pop up for posting the results.
•Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice;


OK Let me know if i need to download the DDS or GMER, etc for you; I will be awaiting your kind response and I want to say thank you again for helping me.
Aleta

Once saved; always saved.


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:46 PM

Posted 10 February 2010 - 04:16 PM

Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :Commands
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.



regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 12 February 2010 - 05:21 AM

ok I ran that program like you said.

========== COMMANDS ==========
Error: Unable to interpret <[reset hosts]> in the current context!

OTL by OldTimer - Version 3.1.28.0 log created on 02122010_021845
_________________________________

will get the other to you tomorrow if i don't have time right now!

I want to thank you for your generous help.
A

Once saved; always saved.


#8 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 12 February 2010 - 12:09 PM

Hi, Hope I did ok on this. Let me know if this is ok.

I also read thing that adobe/reader (?) needs a security download & it's posted on your site.
There are STILL 8 windows secuirity to download since I rolled back and re-set my restore point.(but I saw a windows that said they were loaded and already downloaded (?)

=) Many thanks again!

OTL logfile created on: 2/12/2010 8:58:04 AM - Run 5
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 344.90 Gb Free Space | 75.86% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.04 Gb Free Space | 9.37% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Larry\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
PRC - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)


========== Modules (SafeList) ==========

MOD - C:\Users\Larry\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NtmsSvc) -- C:\Windows\SysNative\ntmssvc.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE ()
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LightScribeService) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (HP Health Check Service) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006/11/02 05:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys ()
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys ()
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys ()
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys ()
DRV:64bit: - (KeyScrambler) -- C:\Windows\SysNative\drivers\keyscrambler.sys ()
DRV:64bit: - (CAXHWBS3) -- C:\Windows\SysNative\DRIVERS\CAXHWBS3.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (HSF_DP) -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20071204.002\IDSviA64.sys (Symantec Corporation)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (mdmxsdk) -- C:\Windows\SysWOW64\mdmxsdk.dll (Conexant)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/29 17:58:52 | 000,000,000 | ---D | M]

[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/26 10:56:22 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/03/26 10:56:22 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/03/26 10:56:22 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/03/26 10:56:22 | 000,002,343 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/03/26 10:56:22 | 000,001,706 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/03/26 10:56:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/03/26 10:56:22 | 000,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/02/12 01:33:08 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysNative\ieframe.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O24 - Desktop BackupWallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell - "" = AutoRun
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell\AutoRun\command - "" = J:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/11 21:53:59 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Utilities and software
[2010/02/11 21:43:31 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT directions
[2010/02/11 19:11:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Lenders
[2010/02/11 17:39:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\CREDIT
[2010/02/10 22:05:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Blogger Backup
[2010/02/10 18:08:37 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\BLOGGING
[2010/02/10 16:14:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/10 16:14:22 | 000,000,000 | ---D | C] -- \_OTL
[2010/02/10 09:17:37 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:26:57 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\DDS
[2010/02/08 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Usenet.nl
[2010/02/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/02/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2010/02/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\RECIPES FOR SPA PRODUCTS
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- C:\ee948db245f17756b8f32085b1e09a
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- \ee948db245f17756b8f32085b1e09a
[2010/02/06 08:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/06 08:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- C:\c69f613032c2596802d69d920092d2
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- \c69f613032c2596802d69d920092d2
[2010/02/06 06:17:02 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/02/06 06:17:01 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/02/06 06:17:01 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/02/06 06:17:01 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/02/06 06:17:00 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/02/06 06:17:00 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/02/06 06:17:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/02/06 06:17:00 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/02/06 06:17:00 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/02/06 06:17:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/02/06 06:17:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/02/06 06:17:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/02/06 06:16:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/02/06 06:16:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/02/06 06:16:47 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/02/06 06:16:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/02/06 05:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddThis Toolbar
[2010/02/04 22:22:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/04 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\SSI
[2010/01/31 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Resume
[2010/01/28 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT logs
[2010/01/27 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/01/26 22:23:46 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/01/18 17:00:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/01/18 17:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G-Lock Software
[2010/01/18 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\FREE
[2010/01/17 21:13:29 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/01/17 20:34:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/01/16 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\INDIA
[2010/01/14 00:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

========== Files - Modified Within 30 Days ==========

[2010/02/12 08:57:59 | 006,291,456 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/02/12 08:47:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/12 03:30:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/12 03:30:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/12 01:36:27 | 000,695,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/12 01:36:27 | 000,597,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/12 01:36:27 | 000,102,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/12 01:33:45 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\hjt 3.wps
[2010/02/12 01:33:08 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/02/12 01:30:58 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/12 01:30:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/12 01:30:18 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/12 01:26:30 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/12 01:26:30 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/12 01:26:25 | 001,902,347 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/02/12 01:19:10 | 000,023,636 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/02/12 01:19:10 | 000,018,432 | ---- | M] () -- C:\Users\Larry\Documents\letter to experian.wps
[2010/02/11 22:10:03 | 000,501,337 | ---- | M] () -- C:\Users\Larry\Documents\freereportdone.zip
[2010/02/11 21:50:43 | 000,020,992 | ---- | M] () -- C:\Users\Larry\Documents\more hjt directions.wps
[2010/02/11 17:41:30 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/02/11 17:24:19 | 055,470,414 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 16:10:42 | 000,001,699 | ---- | M] () -- C:\Users\Larry\Desktop\Notepad.lnk
[2010/02/10 09:17:49 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:22:18 | 000,524,288 | ---- | M] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | M] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | M] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:16:40 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:48 | 000,001,930 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:23:25 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:23:25 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2010/02/06 07:05:02 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/02/06 00:58:17 | 000,000,036 | ---- | M] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 22:21:52 | 000,026,112 | ---- | M] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/02/04 11:33:53 | 000,969,216 | ---- | M] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:03:14 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/22 22:56:18 | 000,025,600 | ---- | M] () -- C:\Users\Larry\Documents\ABORTION.wps
[2010/01/22 17:26:37 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLarry.job
[2010/01/19 17:05:34 | 000,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010/01/19 00:04:05 | 002,052,608 | ---- | M] () -- C:\Users\Larry\Documents\India co.wps
[2010/01/18 17:00:29 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Fast Blog Finder.lnk
[2010/01/17 21:22:26 | 000,002,642 | ---- | M] () -- C:\Users\Larry\Documents\cc_20100117_212204.reg
[2010/01/16 22:22:14 | 000,130,923 | ---- | M] () -- C:\Windows\hpoins18.dat
[2010/01/16 16:00:41 | 000,034,304 | ---- | M] () -- C:\Users\Larry\Documents\india companies.xlr
[2010/01/16 14:16:56 | 000,000,179 | ---- | M] () -- C:\Windows\win.ini

========== Files Created - No Company Name ==========

[2010/02/12 01:33:44 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\hjt 3.wps
[2010/02/12 01:19:10 | 000,018,432 | ---- | C] () -- C:\Users\Larry\Documents\letter to experian.wps
[2010/02/11 22:10:00 | 000,501,337 | ---- | C] () -- C:\Users\Larry\Documents\freereportdone.zip
[2010/02/11 21:50:43 | 000,020,992 | ---- | C] () -- C:\Users\Larry\Documents\more hjt directions.wps
[2010/02/10 16:10:42 | 000,001,699 | ---- | C] () -- C:\Users\Larry\Desktop\Notepad.lnk
[2010/02/09 01:22:03 | 000,524,288 | ---- | C] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | C] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | C] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:16:40 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:31 | 000,001,930 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () --
[2010/02/06 06:17:04 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/06 06:17:03 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/06 06:17:02 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/06 06:17:02 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/06 06:17:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/06 06:17:01 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/06 06:17:01 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/06 06:17:01 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/06 06:17:00 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/02/06 06:17:00 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/06 06:17:00 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/06 06:17:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/02/06 06:17:00 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/02/06 06:17:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/06 06:16:59 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/06 06:16:59 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/02/06 06:16:59 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/02/06 06:16:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/02/06 06:16:59 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/06 06:16:47 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/06 06:16:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/06 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 18:06:55 | 000,000,125 | ---- | C] () -- \FINIS_IT.TXT
[2010/02/04 11:22:06 | 000,969,216 | ---- | C] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:02:03 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/31 19:19:51 | 000,026,112 | ---- | C] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/01/22 22:33:46 | 000,025,600 | ---- | C] () -- C:\Users\Larry\Documents\ABORTION.wps
[2010/01/19 00:04:04 | 002,052,608 | ---- | C] () -- C:\Users\Larry\Documents\India co.wps
[2010/01/18 17:00:29 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Fast Blog Finder.lnk
[2010/01/17 21:22:06 | 000,002,642 | ---- | C] () -- C:\Users\Larry\Documents\cc_20100117_212204.reg
[2010/01/16 16:00:41 | 000,034,304 | ---- | C] () -- C:\Users\Larry\Documents\india companies.xlr
[2009/08/14 22:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/04/04 23:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 16:11:27 | 000,000,680 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/01/23 01:03:56 | 000,000,606 | ---- | C] () -- \updatedatfix.log
[2008/12/31 15:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 15:16:32 | 000,023,636 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 16:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/05/06 17:09:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/05/06 17:09:46 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/06 16:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 16:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/06 16:11:49 | 176,435,199 | -HS- | C] () --
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

Once saved; always saved.


#9 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 12 February 2010 - 06:35 PM

I ran Malware bites and it came up with Rootkit.Agent

Under "Items" it said this:

C:\32788R22FWJF\Combo-Fix.sys "No action taken"


I am worried. I had to access my bank account and I am troubled about his.

Many thanks,

Aleta

I ran Malware bites and it came up with Rootkit.Agent

Under "Items" it said this:

C:\32788R22FWJF\Combo-Fix.sys "No action taken"


I am worried. I had to access my bank account and I am troubled about his.

Many thanks,

Aleta

Once saved; always saved.


#10 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 12 February 2010 - 06:40 PM

OK. Here is the log from Malwarebytes:

I am worried my bank account might be vunerable (?)
Thanks again for your help.
Aleta

Malwarebytes' Anti-Malware 1.42
Database version: 3335
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

2/12/2010 3:37:16 PM
mbam-log-2010-02-12 (15-37-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 269829
Time elapsed: 57 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\32788R22FWJFW\Combo-Fix.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Once saved; always saved.


#11 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 12 February 2010 - 06:42 PM

I've got to get started on this. It's been over 2 weeks and I am afraid
my PC has been comprimised.

I know you are busy, but ASAP if you can please.

Aleta

Once saved; always saved.


#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:46 PM

Posted 13 February 2010 - 02:40 PM

Hi,

There went something wrong with the OTL fix.

In the script, there is

[resethosts]

but you copied

[reset hosts]

Please do this complete step again and post back with the logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 14 February 2010 - 04:02 AM

I have to shuut down and give you the new logs.
aleta




OTL logfile created on: 2/10/2010 8:47:54 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\Larry\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.63 Gb Total Space | 344.75 Gb Free Space | 75.83% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.06 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LARRY-PC
Current User Name: Larry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 08:45:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
PRC - [2010/02/09 01:58:21 | 000,293,376 | R--- | M] () -- C:\Users\Larry\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
PRC - [2009/12/31 08:27:27 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/12/16 12:07:54 | 001,924,776 | ---- | M] () -- C:\Program Files (x86)\Usenet.nl\Usenet.nl.exe
PRC - [2009/11/29 01:38:28 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/02 23:00:34 | 000,279,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroBroker.exe
PRC - [2009/09/10 07:21:05 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/07/27 16:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/06/13 04:54:05 | 000,280,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser.exe
PRC - [2009/03/23 14:07:24 | 001,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/02/02 18:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe
PRC - [2009/01/02 18:48:38 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
PRC - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 11:29:55 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/02 08:50:28 | 000,655,640 | ---- | M] (Uniblue) -- C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
PRC - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/06/20 06:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WksWP.exe
PRC - [2007/06/20 06:04:52 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkDStore.exe
PRC - [2007/06/20 06:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/12/10 20:52:38 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/02/02 07:44:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 08:45:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
MOD - [2008/01/20 18:50:03 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 18:48:06 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/01/20 18:52:05 | 000,521,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\ntmssvc.dll -- (NtmsSvc)
SRV:64bit: - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 07:04:59 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2009/11/29 01:38:21 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/29 01:38:19 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/11 19:49:12 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/17 23:23:04 | 001,125,208 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/27 10:01:49 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/05/06 16:49:34 | 001,245,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/03/17 17:07:02 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/03/14 17:31:38 | 000,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/12/04 16:41:34 | 000,181,784 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Extensions
[2009/03/30 12:45:53 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\mozilla\Firefox\Profiles\e5uatadm.default\extensions
[2009/03/30 12:45:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/01/16 21:19:45 | 000,291,249 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10030 more lines...
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL ()
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Uniblue ProcessQuickLink 2] C:\Program Files (x86)\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe (Uniblue)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 7\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O24 - Desktop BackupWallPaper: C:\Users\Larry\Pictures\various pictures thru the years\various pictures thru the years216.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell - "" = AutoRun
O33 - MountPoints2\{06013ccd-a3ae-11dd-a474-001c25e73a10}\Shell\AutoRun\command - "" = J:\StormF1.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll ()
NetSvcs:64bit: Ntmssvc - C:\Windows\SysNative\ntmssvc.dll ()
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll ()
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof ()
SafeBootNet: TDI - Driver Group
SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/10 08:45:38 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/09 01:26:57 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\DDS
[2010/02/08 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\Usenet.nl
[2010/02/08 01:18:35 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/02/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Usenet.nl
[2010/02/06 17:29:26 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\RECIPES FOR SPA PRODUCTS
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- C:\ee948db245f17756b8f32085b1e09a
[2010/02/06 08:28:29 | 000,000,000 | ---D | C] -- \ee948db245f17756b8f32085b1e09a
[2010/02/06 08:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/02/06 08:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- C:\c69f613032c2596802d69d920092d2
[2010/02/06 06:18:05 | 000,000,000 | ---D | C] -- \c69f613032c2596802d69d920092d2
[2010/02/06 05:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AddThis Toolbar
[2010/02/04 22:22:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/02/04 19:16:27 | 000,000,000 | ---D | C] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/04 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\SSI
[2010/01/31 17:03:36 | 000,000,000 | ---D | C] -- C:\Users\Larry\Desktop\Resume
[2010/01/28 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Larry\Documents\HJT logs
[2010/01/27 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

========== Files - Modified Within 14 Days ==========

[2010/02/10 08:49:48 | 006,291,456 | -HS- | M] () -- C:\Users\Larry\ntuser.dat
[2010/02/10 08:45:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Larry\Desktop\OTL.exe
[2010/02/10 08:42:51 | 055,395,969 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/10 07:25:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job
[2010/02/09 01:22:18 | 000,524,288 | ---- | M] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 21:47:07 | 000,022,704 | ---- | M] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2010/02/08 21:25:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/08 01:18:19 | 000,001,730 | ---- | M] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 22:47:16 | 000,695,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/02/07 22:47:16 | 000,597,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/02/07 22:47:16 | 000,102,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/02/07 22:41:32 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010/02/07 22:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/07 22:40:29 | 4157,792,256 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/07 22:37:16 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/07 22:37:16 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/07 22:37:13 | 001,821,017 | -H-- | M] () -- C:\Users\Larry\AppData\Local\IconCache.db
[2010/02/07 10:21:50 | 000,018,944 | ---- | M] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:36:12 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 08:16:40 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:48 | 000,001,930 | ---- | M] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:23:25 | 000,524,288 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:23:25 | 000,065,536 | -HS- | M] () -- C:\Users\Larry\ntuser.dat{9a2aae62-288f-11de-8922-001c25e73a10}.TM.blf
[2010/02/06 07:05:02 | 000,000,732 | ---- | M] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2010/02/06 00:58:17 | 000,000,036 | ---- | M] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 22:21:52 | 000,026,112 | ---- | M] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2010/02/04 11:33:53 | 000,969,216 | ---- | M] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:03:14 | 000,016,896 | ---- | M] () -- C:\Users\Larry\Documents\question on ssi.wps

========== Files Created - No Company Name ==========

[2010/02/09 01:22:03 | 000,524,288 | ---- | C] () -- C:\Users\Larry\Desktop\dds2.scr
[2010/02/08 01:18:19 | 000,001,730 | ---- | C] () -- C:\Users\Larry\Desktop\Usenet.nl.lnk
[2010/02/07 10:21:50 | 000,018,944 | ---- | C] () -- C:\Users\Larry\Documents\request how to open a file.wps
[2010/02/06 08:16:40 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/06 08:12:31 | 000,001,930 | ---- | C] () -- C:\Users\Larry\Desktop\HijackThis.lnk
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000002.regtrans-ms
[2010/02/06 07:31:35 | 000,524,288 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TMContainer00000000000000000001.regtrans-ms
[2010/02/06 07:31:35 | 000,065,536 | -HS- | C] () -- C:\Users\Larry\ntuser.dat{9bed25fa-1330-11df-b261-b6f5ed501b0b}.TM.blf
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/06 07:31:09 | 4157,792,256 | -HS- | C] () --
[2010/02/06 06:17:04 | 009,238,016 | ---- | C] () -- C:\Windows\SysNative\mshtml.dll
[2010/02/06 06:17:03 | 012,462,592 | ---- | C] () -- C:\Windows\SysNative\ieframe.dll
[2010/02/06 06:17:02 | 002,334,208 | ---- | C] () -- C:\Windows\SysNative\iertutil.dll
[2010/02/06 06:17:02 | 001,483,776 | ---- | C] () -- C:\Windows\SysNative\urlmon.dll
[2010/02/06 06:17:01 | 001,147,904 | ---- | C] () -- C:\Windows\SysNative\wininet.dll
[2010/02/06 06:17:01 | 000,700,928 | ---- | C] () -- C:\Windows\SysNative\msfeeds.dll
[2010/02/06 06:17:01 | 000,459,776 | ---- | C] () -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/06 06:17:01 | 000,243,712 | ---- | C] () -- C:\Windows\SysNative\occache.dll
[2010/02/06 06:17:00 | 001,538,560 | ---- | C] () -- C:\Windows\SysNative\inetcpl.cpl
[2010/02/06 06:17:00 | 000,252,416 | ---- | C] () -- C:\Windows\SysNative\iepeers.dll
[2010/02/06 06:17:00 | 000,162,816 | ---- | C] () -- C:\Windows\SysNative\ieUnatt.exe
[2010/02/06 06:17:00 | 000,132,096 | ---- | C] () -- C:\Windows\SysNative\iesysprep.dll
[2010/02/06 06:17:00 | 000,071,680 | ---- | C] () -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/06 06:17:00 | 000,070,656 | ---- | C] () -- C:\Windows\SysNative\ie4uinit.exe
[2010/02/06 06:17:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\msfeedssync.exe
[2010/02/06 06:16:59 | 001,638,912 | ---- | C] () -- C:\Windows\SysNative\mshtml.tlb
[2010/02/06 06:16:59 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\ieui.dll
[2010/02/06 06:16:59 | 000,077,312 | ---- | C] () -- C:\Windows\SysNative\iesetup.dll
[2010/02/06 06:16:59 | 000,072,192 | ---- | C] () -- C:\Windows\SysNative\iernonce.dll
[2010/02/06 06:16:59 | 000,031,744 | ---- | C] () -- C:\Windows\SysNative\jsproxy.dll
[2010/02/06 06:16:47 | 000,189,440 | ---- | C] () -- C:\Windows\SysNative\t2embed.dll
[2010/02/06 06:16:46 | 000,096,256 | ---- | C] () -- C:\Windows\SysNative\fontsub.dll
[2010/02/06 00:58:17 | 000,000,036 | ---- | C] () -- C:\Users\Larry\AppData\Local\housecall.guid.cache
[2010/02/05 18:06:55 | 000,000,125 | ---- | C] () -- \FINIS_IT.TXT
[2010/02/04 11:22:06 | 000,969,216 | ---- | C] () -- C:\Users\Larry\Documents\job boards.wps
[2010/02/04 09:02:03 | 000,016,896 | ---- | C] () -- C:\Users\Larry\Documents\question on ssi.wps
[2010/01/31 19:19:51 | 000,026,112 | ---- | C] () -- C:\Users\Larry\Documents\Pep's RESUME.wps
[2009/08/14 22:55:44 | 000,020,795 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\UserTile.png
[2009/04/04 23:53:38 | 000,000,732 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps64.dat
[2009/04/03 16:11:27 | 000,000,680 | ---- | C] () -- C:\Users\Larry\AppData\Local\d3d9caps.dat
[2009/01/23 01:03:56 | 000,000,606 | ---- | C] () -- \updatedatfix.log
[2008/12/31 15:04:25 | 000,003,584 | ---- | C] () -- C:\Users\Larry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 15:16:32 | 000,022,704 | ---- | C] () -- C:\Users\Larry\AppData\Roaming\wklnhst.dat
[2008/10/30 16:21:36 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\Writer.ini
[2008/05/06 17:09:47 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/05/06 17:09:46 | 000,333,203 | RHS- | C] () -- \bootmgr
[2008/05/06 16:19:11 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008/05/06 16:19:11 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008/05/06 16:11:49 | 176,435,199 | -HS- | C] () --
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 18:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/12/01 22:37:14 | 000,904,704 | ---- | C] () -- \msdia80.dll

========== LOP Check ==========

[2009/11/29 01:47:30 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\AVG9
[2010/02/04 19:16:27 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/18 17:00:26 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\G-Lock Software
[2010/01/17 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Image Zone Express
[2009/08/14 22:55:44 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\PeerNetworking
[2009/06/19 14:32:47 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Printer Info Cache
[2008/11/10 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Template
[2010/01/17 21:13:29 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Uniblue
[2010/02/10 08:49:56 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\Usenet.nl
[2010/01/26 22:23:46 | 000,000,000 | ---D | M] -- C:\Users\Larry\AppData\Roaming\WinBatch
[2010/02/07 22:37:25 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/09 15:50:56 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{963B0813-A63E-42B4-AAB7-CE026E93E7FD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTORV.SYS >
[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 843 bytes -> C:\Users\Larry\Documents\We Need Review Writers a-s-a-p (Palm Springs).eml:OECustomProperty
@Alternate Data Stream - 708 bytes -> C:\Users\Larry\Documents\Can you help me__.eml:OECustomProperty
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


__________________________

Once saved; always saved.


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:46 PM

Posted 14 February 2010 - 07:07 AM

Hi,

did you still get the access denied for the host file?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 MassagePS

MassagePS
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs Great-Grandmother
  • Local time:05:46 AM

Posted 16 February 2010 - 07:23 PM

Dear Schrauber,

Here is the result.

========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.28.0 log created on 02162010_161104

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I will try to leave my window open in hopes that you see is soon and can respond.



Once saved; always saved.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users